The following documents are referenced in the Cybersecurity Fundamentals and In-Depth training classes.

A URL is provided for those with restrictions.  Some of these, for example, the ISO documents, must be purchased.

Last updated 05/22/2023.

 Executive Order 13636 – Improving Critical Infrastructure Cybersecurity

Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure 

CIS Controls Version 7.1 


HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

ISO/IEC 27005:2011 guidelines for information security risk management. *Purchase Required* 

International Organization for Standardization (ISO) 31000:2018 “Risk Management Guidelines” *Purchase Required* 

ISA 62443-2-1:2009 & ISA 62443-3-3:2013 *Purchase Required* 

NIST Special Publication 800-53 Revision 4 

NIST Special Publication 800-53 Revision 5 

COBIT 5 *Purchase Required* 

NISTIR 8183 Revision 1 Cybersecurity Framework Version 1.1 Manufacturing Profile

NIST SP 800-171 (CUI) for Federal Systems 

NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements 

NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

Mapping between the Cybersecurity Framework (CSF) Subcategories and the Controlled Unclassified Information (CUI) Requirements in NIST Special Publication (SP) 800-171

NIST Special Publication 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations


Baldrige Cybersecurity Excellence Builder Self-Assessment

Secure-Controls-Framework-SCFv2023.2-to-CSF-V1.1 Informative Reference Details

C2M2-v2.1-to-CSF-Framework-v1.1 Informative Reference Details

Energy Sector Cybersecurity Framework Implementation Guidance

Notional Supply Chain Risk Management Practices for Federal Information Systems

Approaches for Federal Agencies to Use the Cybersecurity Framework

An Introduction to Privacy Engineering and Risk Management in Federal Systems