Full Logo White No BG 2.png
Welcome to the CyberComply help centre!
Account configuration
Editing user details
Editing organisation details
Inviting additional users
Troubleshooting
Exporting a .HAR file
Exporting console logs
ISO 27001
Using CyberComply for ISO 27001 compliance
Guide to ISO/IEC 27001:2022 – Information Security Management
Statement of Applicability
Asset classes
Assets
Risk assessments
GDPR
Guide to the General Data Protection Regulation (GDPR)
Using CyberComply for GDPR compliance
Control sets
Which Information Security controls are available?
Settings
Adding tasks
Tasks
Editing risks
Adding a custom risk
Adding a risk from the library
Starting a risk assessment
Editing assets
Importing assets
Adding assets
Adding a custom classification
Adding a custom region
Adding custom threats and vulnerabilities
Uploading a logo
Adding a custom role
Legal and Security
Privacy policy
Home
Control sets
Which Information Se...
Which Information Security controls are available?

CyberComply continuously reviews and adds new Information Security controls to support organisations in enhancing their cyber security measures. The following are the key control sets currently available within CyberComply:

  1. CCC 2020 – The Cloud Cybersecurity Controls for Saudi Arabia enforce strict security requirements for Cloud service providers (CSPs) within the Kingdom, covering encryption, access controls, and incident response protocols. This is particularly relevant for critical sectors like finance, healthcare, and government.
  2. CES (2021) – The Cyber Essentials 2021 standard helps organisations protect against common cyber threats, focusing on controls such as firewalls, secure configurations, user access control, malware protection, and patch management. It is aimed at organisations handling sensitive data.
  3. CES (2022) – An updated version of Cyber Essentials, focusing on the same basic security controls but with more specific guidelines to safeguard against cyber threats in various industries.
  4. CES (2023) – The latest Cyber Essentials standard, emphasising enhanced basic security measures to protect against common threats, with a focus on organisations that handle sensitive personal data.
  5. CIS V8 – The Center for Internet Security Version 8 provides a globally recognised set of 18 critical security controls, aimed at reducing cyber risk and improving security posture across industries.
  6. CISCO CCF – Cisco’s Cloud Controls Framework outlines robust security requirements for Cloud services, particularly for sectors like finance, healthcare, and government.
  7. CISCO CCF - IRAP – The Cloud Controls Framework aligned with the Information Security Registered Assessors Program (IRAP) focuses on compliance and security for Cloud services in Australia, ensuring high data protection standards.
  8. CPRA – The California Privacy Rights Act enhances the California Consumer Privacy Act (CCPA) with stricter data protection requirements, ensuring enhanced consumer rights and privacy protections.
  9. CSA CCM V3 – The Cloud Security Alliance Cloud Controls Matrix Version 3 provides security and compliance guidance for Cloud environments, focusing on privacy, application security, and incident response.
  10. CSA CCM V4 – The latest version of CSA CCM includes new domains such as DevSecOps and Cloud Key Management to ensure comprehensive Cloud security governance.
  11. CSCC 2019 – The Critical Systems Cybersecurity Controls 2019 in Saudi Arabia mandate security measures for critical national infrastructure sectors like energy, finance, and telecommunications.
  12. ECC 2018 – The Essential Cybersecurity Controls 2018 in Saudi Arabia focus on governance, risk management, and technical controls for organisations to safeguard their information assets.
  13. HIPAA – The Health Insurance Portability and Accountability Act mandates the protection of health data and confidentiality of patient information within the US healthcare sector.
  14. ISO/IEC 20000 – This standard for IT service management focuses on maintaining and improving service quality across industries by implementing robust service management systems.
  15. ISO/IEC 22301 – A business continuity management standard that helps organisations prepare for and recover from disruptive incidents, ensuring operational resilience.
  16. ISO/IEC 27001:2013/27701:2019 – PRIVACY – A combined standard focusing on information security and privacy management to protect sensitive data and ensure compliance across various sectors.
  17. ISO/IEC 27001:2013 – An internationally recognised standard for information security management systems (ISMS), guiding organisations in managing sensitive data securely.
  18. ISO/IEC 27002:2022 – A comprehensive standard for establishing, implementing, and improving ISMS to protect information security across all industries.
  19. ISO/IEC 27017 – A Cloud security guideline standard, providing best practices to safeguard Cloud environments and ensuring secure management of Cloud services.
  20. ISO/IEC 27018 – Focuses on the protection of personal data in the Cloud, ensuring that Cloud providers maintain privacy standards for handling personally identifiable information (PII).
  21. ISO/IEC 27032:2012 – A cyber security standard offering guidelines to improve information security management for cyberspace protection, especially relevant in industries dealing with sensitive data.
  22. ISO/IEC 27701:2019 – Extends ISO/IEC 27001 with a focus on privacy information management, helping organisations comply with privacy regulations and manage PII securely.
  23. NCSC – Provides best practices and guidelines for improving cyber security in the UK, focusing on risk management, incident response, and data protection.
  24. NHS DSP - CATEGORY 3 – Focuses on data security for the UK healthcare sector, ensuring patient data confidentiality, integrity, and availability.
  25. NIS CAF – A cyber security standard for protecting critical infrastructure sectors within the EU and the EEA, ensuring resilience against cyber threats and ensuring service continuity.
  26. NIST 800-53 – A comprehensive security and privacy control framework for federal information systems in the US, widely adopted by private sector organisations to strengthen their security posture.
  27. NIST CSF – The NIST Cybersecurity Framework offers guidelines for identifying, protecting, detecting, responding, and recovering from cyber security threats, with a broad international adoption.
  28. NIST SP 800-171 – Protects controlled unclassified information (CUI) in non-federal systems with 110 security controls across various sectors, particularly defence and federal contracting industries.
  29. PCI DSS V3.2 – A global security standard for organisations handling payment card information, ensuring protection against fraud and data breaches.
  30. PCI DSS V4.0 – The latest version of the PCI DSS framework, strengthening security measures for organisations handling payment card data and preventing data breaches.
  31. SOC 2 TSC – A globally recognised standard focusing on managing customer data with five key principles: security, availability, processing integrity, confidentiality, and privacy, applicable in sectors like technology and finance.

These controls are available in CyberComply’s library to assist in addressing a variety of compliance and security requirements across different industries and sectors.

Did this answer you question?