Knowledge Center

Standards & framework document library

Every major security and compliance standard in one place — with links to the official source documents and CyberSigma’s practical guides, checkers and calculators. Curated by CERT-In empanelled, PCI QSA auditors.

In-depth framework guides

Full explainers for each standard — what it is, who needs it, key requirements, how to comply and FAQs.

Security frameworks

NIST Cybersecurity Framework (CSF 2.0)
NIST · Global

A voluntary, outcome-based framework for managing and reducing cybersecurity risk.

Read the guide →
NIST SP 800-53
NIST · Global

A comprehensive catalog of security and privacy controls for information systems.

Read the guide →
COBIT
ISACA · Global

A governance and management framework for enterprise information and technology.

Read the guide →
CIS Controls
Center for Internet Security · Global

A prioritised set of 18 safeguards that stop the most common attacks.

Read the guide →
MITRE ATT&CK
MITRE · Global

A knowledge base of real-world adversary tactics and techniques.

Read the guide →
SANS / CWE Top 25
MITRE / SANS · Global

The most dangerous and common software weaknesses developers must avoid.

Read the guide →
OWASP Top 10
OWASP · Global

The standard awareness document for the most critical web application risks.

Read the guide →
SABSA (Security Architecture)
The SABSA Institute · Global

A business-driven framework and methodology for enterprise security architecture.

Read the guide →

Certifications & attestations

Data privacy laws

India regulatory

DPDP Act, 2023 (India)
MeitY, Government of India · India

India’s data-protection law governing the personal data of data principals.

Read the guide →
RBI Cyber Security Framework for Banks
Reserve Bank of India · India

Baseline cyber security and resilience controls mandated by RBI for banks.

Read the guide →
RBI Digital Payment Security Controls
Reserve Bank of India · India

RBI’s master direction on securing internet, mobile and card digital payment channels.

Read the guide →
RBI IT Governance, Risk, Controls & Assurance
Reserve Bank of India · India

RBI’s master direction on IT governance, risk, controls and IS assurance practices.

Read the guide →
RBI Payment Aggregators & Payment Gateways (PA-PG)
Reserve Bank of India · India

Authorisation and security requirements for payment aggregators and payment gateways.

Read the guide →
RBI Prepaid Payment Instruments (PPI)
Reserve Bank of India · India

Rules for issuing and operating prepaid payment instruments (wallets, cards).

Read the guide →
RBI System Audit Report (SAR) & Data Localisation
Reserve Bank of India · India

Annual system audit and payment-data localisation assurance for payment system operators.

Read the guide →
NPCI UPI / TPAP Security Audit
NPCI · India

Security audit requirements for UPI Third-Party Application Providers and PSP banks.

Read the guide →
Bharat Bill Payment System (BBPS) Audit
NPCI Bharat BillPay (NBBL) · India

System audit requirements for BBPS operating units in the bill-payment ecosystem.

Read the guide →
SEBI CSCRF
SEBI · India

SEBI’s Cyber Security and Cyber Resilience Framework for regulated entities.

Read the guide →
IRDAI Information & Cyber Security
IRDAI · India

Information and cyber security guidelines for insurers and intermediaries.

Read the guide →
UIDAI / Aadhaar (AUA-KUA)
UIDAI · India

Security and audit requirements for entities in the Aadhaar authentication ecosystem.

Read the guide →
CERT-In Directions (Cyber Incident Reporting)
CERT-In, MeitY · India

CERT-In’s directions on incident reporting, log retention and security practices.

Read the guide →
Payments & cardsInformation securityData privacyIndia regulatoryTesting & assurance

Payments & cards

PCI DSS

PCI Security Standards Council

The Payment Card Industry Data Security Standard (currently v4.0.1) — the global standard for organisations that store, process or transmit cardholder data.

Official documents
CyberSigma resources

PCI PIN & P2PE

PCI Security Standards Council

Requirements for the secure management of PINs and the encryption of account data from point of interaction to decryption.

Official documents
CyberSigma resources

SWIFT CSP / CSCF

SWIFT

The Customer Security Programme and its Customer Security Controls Framework — mandatory and advisory controls for institutions on the SWIFT network.

Official documents
CyberSigma resources

Information security

ISO/IEC 27001 & 27002

ISO / IEC

ISO/IEC 27001:2022 specifies the requirements for an Information Security Management System (ISMS); ISO/IEC 27002:2022 provides the Annex A control guidance.

Official documents
CyberSigma resources

SOC 1 / SOC 2 / SOC 3

AICPA

System and Organization Controls reports based on the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy).

Official documents
CyberSigma resources

NIST CSF & SP 800-53

NIST

The NIST Cybersecurity Framework (CSF 2.0) and Special Publication 800-53 control catalog — widely used voluntary frameworks for managing cyber risk.

Official documents
CyberSigma resources

Data privacy

DPDP Act, 2023 (India)

MeitY, Government of India

India’s Digital Personal Data Protection Act, 2023 and its draft Rules — obligations for data fiduciaries handling the personal data of Indian data principals.

Official documents
CyberSigma resources

GDPR (EU)

European Union

The EU General Data Protection Regulation — the benchmark privacy regulation for processing the personal data of individuals in the EU/EEA.

Official documents
CyberSigma resources

HIPAA (US)

US Dept. of Health & Human Services

The Health Insurance Portability and Accountability Act — Security, Privacy and Breach Notification Rules for protected health information (PHI).

Official documents
CyberSigma resources

India regulatory

RBI Cyber Security Framework

Reserve Bank of India

RBI Master Directions and circulars on cyber security for banks, NBFCs, payment system operators and co-operative banks, plus data-localisation requirements.

Official documents
CyberSigma resources

SEBI CSCRF

Securities and Exchange Board of India

SEBI’s Cyber Security and Cyber Resilience Framework for regulated entities in the securities market.

Official documents
CyberSigma resources

IRDAI Cyber Security

Insurance Regulatory & Development Authority

IRDAI’s information and cyber security guidelines for insurers and insurance intermediaries.

Official documents
CyberSigma resources

UIDAI / Aadhaar (AUA-KUA)

UIDAI

Security and audit requirements for Authentication User Agencies and KYC User Agencies operating within the Aadhaar ecosystem.

Official documents
CyberSigma resources

CERT-In Directions

CERT-In, MeitY

CERT-In’s directions on cyber-incident reporting, log retention and security practices — and the empanelment framework CyberSigma is authorised under.

Official documents
CyberSigma resources

Testing & assurance

VAPT & OWASP

OWASP / CERT-In

Vulnerability Assessment & Penetration Testing aligned to OWASP (Top 10, Testing Guide, ASVS, MASVS) and CERT-In requirements — across web, API, mobile, cloud, thick-client, network, LLM and IoT.

Official documents
CyberSigma resources

Third-party risk & assurance

Various

Vendor/third-party risk management, IT general controls (ITGC), security architecture review and firewall/configuration assurance.

Official documents
CyberSigma resources

Official document links point to the issuing bodies; CyberSigma is not affiliated with them. Need help applying a standard?

Talk to a senior auditor →