API Evangelist area

Cybersecurity Standards

10 resources 325 related providers

Cybersecurity Standards on the APIs.io network is a curated area collecting 10 resources — specifications, tools, and documentation — for this subject.

24 providers on the network work in this area, including Regulatory Templates, Svix, Heidi Health, Google Cloud Assured Workloads, Vanta, FormAssembly, and 18 more — each links out to that provider’s APIs, schemas, and governance artifacts.

Related areas: Defense in Depth, Basel Compliance, Convention Over Configuration, and Data Privacy Standards. Browse every area at areas.apis.io.

About this area

Cybersecurity Standards captures the public, machine-readable, and reference frameworks that establish best practices for protecting information systems, networks, software, and data from cyber threats. The landscape is anchored by U.S. National Institute of Standards and Technology (NIST) publications such as the Cybersecurity Framework (CSF) 2.0, SP 800-53 controls, SP 800-171 controls for controlled unclassified information, the Risk Management Framework (RMF), and the Secure Software Development Framework (SSDF SP 800-218); the international ISO/IEC 27001 / 27002 information security management standard family; the Center for Internet Security (CIS) Critical Security Controls and Benchmarks; the OWASP Top 10 and ASVS for application security; PCI DSS for payment data; HITRUST CSF for healthcare; SOC 2 trust services criteria; and FedRAMP / StateRAMP for cloud authorization. This index aggregates authoritative URLs, machine-readable artifacts (e.g., OSCAL), and cross-references for organizations building or auditing cybersecurity programs.

Curated resources (10)

NIST Cybersecurity Framework (CSF) 2.0

The NIST Cybersecurity Framework 2.0 is a voluntary risk-based framework organizing cybersecurity activities into six core functions (Govern, Identify, Protect, Detect, Respond, Recover) with categories and subcategor...

NIST SP 800-53 Security and Privacy Controls

NIST Special Publication 800-53 Revision 5 catalogs security and privacy controls for information systems and organizations. Used as the basis of FedRAMP authorizations and Risk Management Framework implementations. A...

NIST SP 800-171 Protecting CUI

NIST SP 800-171 specifies requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems. Forms the basis of CMMC (Cybersecurity Maturity Model Certification) for the U.S. defense industr...

NIST SP 800-218 Secure Software Development Framework (SSDF)

NIST SP 800-218 defines the Secure Software Development Framework (SSDF), a set of high-level secure-development practices referenced by U.S. Executive Order 14028 and procurement attestations.

ISO/IEC 27001 Information Security Management

ISO/IEC 27001 is the international standard for information security management systems (ISMS). The 2022 revision aligns Annex A controls with the ISO/IEC 27002:2022 catalog. Certification is performed by accredited b...

CIS Critical Security Controls and Benchmarks

The Center for Internet Security publishes the Critical Security Controls (currently v8.1) and a library of CIS Benchmarks providing prescriptive secure configuration guidance for OSes, cloud platforms, and applications.

OWASP Top 10 and ASVS

OWASP publishes the Top 10 web application risks, the API Security Top 10, and the Application Security Verification Standard (ASVS) used as a baseline for application security reviews.

PCI DSS Payment Card Industry Data Security Standard

PCI DSS, maintained by the PCI Security Standards Council, defines requirements for organizations that store, process, or transmit cardholder data. Version 4.0.1 is the current edition.

SOC 2 Trust Services Criteria

SOC 2 (System and Organization Controls 2) reports are issued by AICPA-licensed auditors against the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Widely adopted by ...

FedRAMP Federal Cloud Authorization

The Federal Risk and Authorization Management Program provides a standardized approach for U.S. federal agencies to authorize cloud services, anchored on NIST SP 800-53 baselines.

Related providers (325)

Top 24 of 325 network providers tagged for this area — search the full set on apis.io.

Provider Description APIs Rating
Regulatory Templates Pre-built templates, frameworks, and policy libraries for meeting regulatory compliance requirements across industries and jurisdictions including GDPR, HIPAA, SOC 2, ISO 27001,... 4 minimal
Svix Svix is an enterprise webhooks-as-a-service platform on the sending side of the webhook market. It provides a single API for delivering reliable, secure, low-latency webhooks at... 4 strong
Heidi Health Heidi Health is a Melbourne, Australia-founded AI care partner for clinicians, founded in 2019 by Dr. Tom Kelly (CEO), Waleed Mussa (CFO), and Yu Liu (CTO). The product began as... 11 developing
Google Cloud Assured Workloads Google Cloud Assured Workloads enables organizations to create and manage compliance-controlled environments on Google Cloud. It provides guardrails for regulatory compliance fr... 1 developing
Vanta Vanta is a trust management platform that automates security compliance for frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR. The Vanta API enables organizations ... 2 developing
FormAssembly FormAssembly is an enterprise form and data collection platform with a REST API for managing forms, exporting submission data, handling Salesforce integrations, and building com... 1 developing
Drata Drata is a continuous security and compliance automation platform supporting SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more, with policies, evidence, and trust center. Drata e... 4 minimal
Certn Certn is a Canadian background screening platform headquartered in Victoria, British Columbia, providing fast, FCRA / SOC 2 Type II / ISO 27001 compliant background checks for e... 4 minimal
Secureframe Secureframe automates security and privacy compliance for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST, and more. The Secureframe Public API exposes controls, frameworks, eviden... 1 minimal
Sprinto Sprinto is a security and compliance automation platform supporting SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, and more. Sprinto offers an API for building custom compliance and ri... 1 minimal
Tugboat Logic Tugboat Logic is a security assurance and compliance automation platform acquired by OneTrust in 2021. It supports SOC 2, ISO 27001, HIPAA, GDPR, and NIST. As of 2024, the produ... 1 minimal
Tufin Tufin provides security policy orchestration solutions for managing network security policies across hybrid cloud environments, including firewalls, SDN, and cloud security cont... 5 developing
Inkit Inkit is a Secure Document Generation (SDG) platform that enables organizations to generate, sign, store, and distribute documents in total privacy. The platform provides a REST... 1 developing
Google Cloud Security Command Center Google Cloud Security Command Center (SCC) is a security and risk management platform for Google Cloud that helps organizations identify misconfigurations, vulnerabilities, and ... 1 developing
Ariba SAP Ariba provides cloud-based procurement and supply chain collaboration solutions. These APIs enable integration with Ariba's procurement, sourcing, contract management, and s... 80 developing
Cybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is the United States federal civilian cybersecurity agency, part of the Department of Homeland Security. CISA reduces... 3 thin
Coalition Coalition is a San Francisco–headquartered cyber insurance and active risk management provider founded in 2017 by Joshua Motta (CEO) and John Hering. Coalition pairs commercial ... 2 thin
SimCorp Dimension Investment management software solution providing APIs for portfolio management, accounting, risk management, and investment operations. SimCorp Dimension is part of the SimCorp... 6 thin
Regulatory The regulatory domain encompasses compliance requirements, regulatory reporting, and governance frameworks that organizations must adhere to across industries. APIs in this spac... 4 thin
Daytona Daytona provides secure, elastic sandbox infrastructure for running AI-generated code, with sub-90ms sandbox creation, multi-language runtimes, and full filesystem, process, Git... 1 thin
Synthflow Synthflow is an enterprise-ready no-code Voice AI platform for automating phone conversations at scale. The product combines a visual agent designer with in-house telephony, sub... 1 thin
National Institute of Standards and Technology NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our q... 1 thin
APIGovernance.Dev APIGovernance.Dev is an AI-powered API governance platform that enforces API best practices through automated reviews trained on 10,000 public APIs. It provides the API Governan... 1 thin
Amazon Audit Manager AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. 1 thin

Related areas

Defense in Depth (4 shared) Basel Compliance (2 shared) Convention Over Configuration (1 shared) Data Privacy Standards (1 shared) Data Quality Standards (1 shared) Disclosure Requirements (1 shared)

Tags: CIS Controls, Compliance, CSF, Cybersecurity, FedRAMP, Frameworks, HIPAA, HITRUST, Information Security, ISO 27001, ISO 27002, NIST, NIST 800-171, NIST 800-218, NIST 800-53, OSCAL, OWASP, PCI DSS, Risk Management, SOC 2, SSDF, Standards. Sourced from the api-evangelist/cybersecurity-standards topic repo.