Cybersecurity Standards
Cybersecurity Standards on the APIs.io network is a curated area collecting 10 resources — specifications, tools, and documentation — for this subject.
24 providers on the network work in this area, including Regulatory Templates, Svix, Heidi Health, Google Cloud Assured Workloads, Vanta, FormAssembly, and 18 more — each links out to that provider’s APIs, schemas, and governance artifacts.
Related areas: Defense in Depth, Basel Compliance, Convention Over Configuration, and Data Privacy Standards. Browse every area at areas.apis.io.
About this area
Cybersecurity Standards captures the public, machine-readable, and reference frameworks that establish best practices for protecting information systems, networks, software, and data from cyber threats. The landscape is anchored by U.S. National Institute of Standards and Technology (NIST) publications such as the Cybersecurity Framework (CSF) 2.0, SP 800-53 controls, SP 800-171 controls for controlled unclassified information, the Risk Management Framework (RMF), and the Secure Software Development Framework (SSDF SP 800-218); the international ISO/IEC 27001 / 27002 information security management standard family; the Center for Internet Security (CIS) Critical Security Controls and Benchmarks; the OWASP Top 10 and ASVS for application security; PCI DSS for payment data; HITRUST CSF for healthcare; SOC 2 trust services criteria; and FedRAMP / StateRAMP for cloud authorization. This index aggregates authoritative URLs, machine-readable artifacts (e.g., OSCAL), and cross-references for organizations building or auditing cybersecurity programs.
Curated resources (10)
NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework 2.0 is a voluntary risk-based framework organizing cybersecurity activities into six core functions (Govern, Identify, Protect, Detect, Respond, Recover) with categories and subcategor...
NIST SP 800-53 Security and Privacy Controls
NIST Special Publication 800-53 Revision 5 catalogs security and privacy controls for information systems and organizations. Used as the basis of FedRAMP authorizations and Risk Management Framework implementations. A...
NIST SP 800-171 Protecting CUI
NIST SP 800-171 specifies requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems. Forms the basis of CMMC (Cybersecurity Maturity Model Certification) for the U.S. defense industr...
NIST SP 800-218 Secure Software Development Framework (SSDF)
NIST SP 800-218 defines the Secure Software Development Framework (SSDF), a set of high-level secure-development practices referenced by U.S. Executive Order 14028 and procurement attestations.
ISO/IEC 27001 Information Security Management
ISO/IEC 27001 is the international standard for information security management systems (ISMS). The 2022 revision aligns Annex A controls with the ISO/IEC 27002:2022 catalog. Certification is performed by accredited b...
CIS Critical Security Controls and Benchmarks
The Center for Internet Security publishes the Critical Security Controls (currently v8.1) and a library of CIS Benchmarks providing prescriptive secure configuration guidance for OSes, cloud platforms, and applications.
OWASP Top 10 and ASVS
OWASP publishes the Top 10 web application risks, the API Security Top 10, and the Application Security Verification Standard (ASVS) used as a baseline for application security reviews.
PCI DSS Payment Card Industry Data Security Standard
PCI DSS, maintained by the PCI Security Standards Council, defines requirements for organizations that store, process, or transmit cardholder data. Version 4.0.1 is the current edition.
SOC 2 Trust Services Criteria
SOC 2 (System and Organization Controls 2) reports are issued by AICPA-licensed auditors against the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Widely adopted by ...
FedRAMP Federal Cloud Authorization
The Federal Risk and Authorization Management Program provides a standardized approach for U.S. federal agencies to authorize cloud services, anchored on NIST SP 800-53 baselines.
Related providers (325)
Top 24 of 325 network providers tagged for this area — search the full set on apis.io.
| Provider | Description | APIs | Rating |
|---|---|---|---|
| Regulatory Templates | Pre-built templates, frameworks, and policy libraries for meeting regulatory compliance requirements across industries and jurisdictions including GDPR, HIPAA, SOC 2, ISO 27001,... | 4 | minimal |
| Svix | Svix is an enterprise webhooks-as-a-service platform on the sending side of the webhook market. It provides a single API for delivering reliable, secure, low-latency webhooks at... | 4 | strong |
| Heidi Health | Heidi Health is a Melbourne, Australia-founded AI care partner for clinicians, founded in 2019 by Dr. Tom Kelly (CEO), Waleed Mussa (CFO), and Yu Liu (CTO). The product began as... | 11 | developing |
| Google Cloud Assured Workloads | Google Cloud Assured Workloads enables organizations to create and manage compliance-controlled environments on Google Cloud. It provides guardrails for regulatory compliance fr... | 1 | developing |
| Vanta | Vanta is a trust management platform that automates security compliance for frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR. The Vanta API enables organizations ... | 2 | developing |
| FormAssembly | FormAssembly is an enterprise form and data collection platform with a REST API for managing forms, exporting submission data, handling Salesforce integrations, and building com... | 1 | developing |
| Drata | Drata is a continuous security and compliance automation platform supporting SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more, with policies, evidence, and trust center. Drata e... | 4 | minimal |
| Certn | Certn is a Canadian background screening platform headquartered in Victoria, British Columbia, providing fast, FCRA / SOC 2 Type II / ISO 27001 compliant background checks for e... | 4 | minimal |
| Secureframe | Secureframe automates security and privacy compliance for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST, and more. The Secureframe Public API exposes controls, frameworks, eviden... | 1 | minimal |
| Sprinto | Sprinto is a security and compliance automation platform supporting SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, and more. Sprinto offers an API for building custom compliance and ri... | 1 | minimal |
| Tugboat Logic | Tugboat Logic is a security assurance and compliance automation platform acquired by OneTrust in 2021. It supports SOC 2, ISO 27001, HIPAA, GDPR, and NIST. As of 2024, the produ... | 1 | minimal |
| Tufin | Tufin provides security policy orchestration solutions for managing network security policies across hybrid cloud environments, including firewalls, SDN, and cloud security cont... | 5 | developing |
| Inkit | Inkit is a Secure Document Generation (SDG) platform that enables organizations to generate, sign, store, and distribute documents in total privacy. The platform provides a REST... | 1 | developing |
| Google Cloud Security Command Center | Google Cloud Security Command Center (SCC) is a security and risk management platform for Google Cloud that helps organizations identify misconfigurations, vulnerabilities, and ... | 1 | developing |
| Ariba | SAP Ariba provides cloud-based procurement and supply chain collaboration solutions. These APIs enable integration with Ariba's procurement, sourcing, contract management, and s... | 80 | developing |
| Cybersecurity and Infrastructure Security Agency | The Cybersecurity and Infrastructure Security Agency (CISA) is the United States federal civilian cybersecurity agency, part of the Department of Homeland Security. CISA reduces... | 3 | thin |
| Coalition | Coalition is a San Francisco–headquartered cyber insurance and active risk management provider founded in 2017 by Joshua Motta (CEO) and John Hering. Coalition pairs commercial ... | 2 | thin |
| SimCorp Dimension | Investment management software solution providing APIs for portfolio management, accounting, risk management, and investment operations. SimCorp Dimension is part of the SimCorp... | 6 | thin |
| Regulatory | The regulatory domain encompasses compliance requirements, regulatory reporting, and governance frameworks that organizations must adhere to across industries. APIs in this spac... | 4 | thin |
| Daytona | Daytona provides secure, elastic sandbox infrastructure for running AI-generated code, with sub-90ms sandbox creation, multi-language runtimes, and full filesystem, process, Git... | 1 | thin |
| Synthflow | Synthflow is an enterprise-ready no-code Voice AI platform for automating phone conversations at scale. The product combines a visual agent designer with in-house telephony, sub... | 1 | thin |
| National Institute of Standards and Technology | NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our q... | 1 | thin |
| APIGovernance.Dev | APIGovernance.Dev is an AI-powered API governance platform that enforces API best practices through automated reviews trained on 10,000 public APIs. It provides the API Governan... | 1 | thin |
| Amazon Audit Manager | AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. | 1 | thin |
Related areas
Tags: CIS Controls, Compliance, CSF, Cybersecurity, FedRAMP, Frameworks, HIPAA, HITRUST, Information Security, ISO 27001, ISO 27002, NIST, NIST 800-171, NIST 800-218, NIST 800-53, OSCAL, OWASP, PCI DSS, Risk Management, SOC 2, SSDF, Standards.
Sourced from the api-evangelist/cybersecurity-standards topic repo.