Helpful Compliance Resources

2011 CWE/SANS Top 25 Most Dangerous Software
The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

Health Insurance Portability and Accountability Act (HIPAA)

International Standard – ISO 27001

The ISO 27000 family of standards helps organizations keep information assets secure.

This family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

NIST Special Publication 800-53 Revision 4 – Security Privacy Controls for Federal Information Systems and Organizations

NIST Special Publication 800-53, Revision 4, represents the most comprehensive update to the security controls catalog since its inception in 2005. The publication was developed by NIST, the Department of Defense, the Intelligence Community, and the Committee on National Security Systems as part of the Joint Task Force, an interagency partnership formed in 2009. This update was motivated principally by the expanding threat space—characterized by the increasing sophistication of cyber attacks and the operations tempo of adversaries

OWASP TOP 10 2013

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

Payment Card Industry Data Security Standard version 3.0
The PCI Security Standards Council is an open global forum  that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS)requirements.

Web Application Security Consortium: Threat Classification

The WASC Threat Classification is a cooperative effort to clarify and organize thethreats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language and definitions for web security related issues.

Sarbanes-Oxley Act of 2002

DISA STIG Web Security