Archer Exchange Offering List Looking for a specific Archer Exchange offering? The tables below provide a list of all available Archer Exchange offerings. Please note that videos, implementation guides and implementation packages require... RSA Archer Question Library Content The RSA Archer Question Library is a central repository for assessment-based content that might be used to drive questionnaire generation or facilitate compliance assessments. Out-of-the-box the RSA Arch... Shared Assessments Standard Information Gathering Template (SIG) Question Library Content The Shared Assessments Program has been setting the standard in third party risk management since 2005, when the Big Four and six global banks collaborated to form Shared Assessments to address the inefficiencies surr... National Institute of Standards and Technology Guidelines Authoritative Source Content The National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, sta... HITRUST CSF™ Authoritative Source Content The foundation of all HITRUST® programs and services is the HITRUST CSF™, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance ... Fair Credit Reporting Act (FCRA) Authoritative Source Content The Federal Trade Commission (FTC) is a bipartisan U.S. federal agency with a unique dual mission to protect consumers and promote competition. The FTC develops policy and research tools through hearings, wo... Criminal Justice Information Services Security Policy Authoritative Source Content The Criminal Justice Information Services (CJIS) Security Policy, updated in August, 2020, provides appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Poli... Cloud Security Alliance Cloud Controls Matrix Authoritative Source Content The Cloud Security Alliance Controls Matrix (CM) v3.0.1 is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overal... Centers for Medicare and Medicaid Services Authoritative Source Content The Centers for Medicare & Medicaid Services, CMS, is part of the Department of Health and Human Services (HHS). Four sources are available for the Centers of Medicare and Medicaid Services: ... California Consumer Privacy Act Authoritative Source Content We have two different Authoritative Sources related to the California Consumer Privacy Act (CCPA).The first is the actual law and the second is the regulation that provides guidance for how to comply with the law... Australian Prudential Standard CPS 234 and Prudential Practice Guide CPG 234 on Information Security Authoritative Source Content Prudential Standard CPS 234 on Information Security aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an inform... U.S. Securities and Exchange Commission (SEC) Authoritative Source Content The U.S. Securities and Exchange Commission (SEC) is an independent, federal government agency responsible for protecting investors, maintaining fair and orderly functioning of securities markets, and facilitating cap... Australian Government Information Security Manual (ISM) Authoritative Source Content The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and inf... Center for Internet Security (CIS) - Critical Security Controls Authoritative Source Content The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly... Financial Services Sector Coordinating Council (FSSCC) Cybersecurity Profile Authoritative Source Content Established in 2002 by the financial sector, the Financial Services Sector Coordinating Council (FSSCC) works collaboratively with key government agencies to protect the nation’s critical infrastructure from cyb... North American Electric Reliability Corporation (NERC) Standards Authoritative Source Content The North American Electric Reliability Corporation is a nonprofit corporation which was formed by the electric utility industry to promote the reliability and adequacy of bulk power transmission in the electric utili... Secure Controls Framework (SCF) Authoritative Source Content The Secure Controls Framework organization is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on both Governance, Risk and Compliance (GRC) and the cybersecurity side of privac... U.S. State Breach Notification Laws Authoritative Source Content This authoritative source comprises the breach notification laws for the 50 U.S. States and territories. Data Breach Laws are available as authoritative source content for the following laws: AK 45.48: Al... American Institute of CPAs (AICPA) Privacy Maturity Model Authoritative Source Content The American Institute of CPAs (AICPA) provides the world’s largest member association representing the accounting profession. The organization includes 431,000+ members in 130 countries and territories, re... Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (Do...