• Archer Exchange Offering List

      Looking for a specific Archer Exchange offering? The tables below provide a list of all available Archer Exchange offerings. Please note that videos, implementation guides and implementation packages require&#...
    Susan Read-Miller
    last modified by Gloria Higley
  • RSA Archer Question Library Content

      The RSA Archer Question Library is a central repository for  assessment-based content that might be used to drive questionnaire generation or facilitate compliance assessments. Out-of-the-box the RSA Arch...
    Susan Read-Miller
    last modified by Gloria Higley
  • Shared Assessments Standard Information Gathering Template (SIG) Question Library Content

    The Shared Assessments Program has been setting the standard in third party risk management since 2005, when the Big Four and six global banks collaborated to form Shared Assessments to address the inefficiencies surr...
    Corey Carpenter
    last modified by Gloria Higley
  • National Institute of Standards and Technology Guidelines Authoritative Source Content

    The National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, sta...
    Susan Read-Miller
    last modified by Gloria Higley
  • HITRUST CSF™ Authoritative Source Content

    The foundation of all HITRUST® programs and services is the HITRUST CSF™, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance ...
    Christine Tran
    last modified by Gloria Higley
  • Fair Credit Reporting Act (FCRA) Authoritative Source Content

    The Federal Trade Commission (FTC) is a bipartisan U.S. federal agency with a unique dual mission to protect consumers and promote competition. The FTC develops policy and research tools through hearings, wo...
    Gloria Higley
    last modified by Gloria Higley
  • Criminal Justice Information Services Security Policy Authoritative Source Content

    The Criminal Justice Information Services (CJIS) Security Policy, updated in August, 2020, provides appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Poli...
    Susan Read-Miller
    last modified by Gloria Higley
  • Cloud Security Alliance Cloud Controls Matrix Authoritative Source Content

    The Cloud Security Alliance Controls Matrix (CM) v3.0.1 is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overal...
    Susan Read-Miller
    last modified by Gloria Higley
  • Centers for Medicare and Medicaid Services Authoritative Source Content

    The Centers for Medicare & Medicaid Services, CMS, is part of the Department of Health and Human Services (HHS). Four sources are available for the Centers of Medicare and Medicaid Services:    ...
    Susan Read-Miller
    last modified by Gloria Higley
  • California Consumer Privacy Act Authoritative Source Content

    We have two different Authoritative Sources related to the California Consumer Privacy Act (CCPA).The first is the actual law and the second is the regulation that provides guidance for how to comply with the law...
    Susan Read-Miller
    last modified by Gloria Higley
  • Australian Prudential Standard CPS 234 and Prudential Practice Guide CPG 234 on Information Security Authoritative Source Content

    Prudential Standard CPS 234 on Information Security aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an inform...
    Susan Read-Miller
    last modified by Gloria Higley
  • U.S. Securities and Exchange Commission (SEC) Authoritative Source Content

    The U.S. Securities and Exchange Commission (SEC) is an independent, federal government agency responsible for protecting investors, maintaining fair and orderly functioning of securities markets, and facilitating cap...
    Christine Tran
    last modified by Gloria Higley
  • Australian Government Information Security Manual (ISM) Authoritative Source Content

    The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and inf...
    Corey Carpenter
    last modified by Gloria Higley
  • Center for Internet Security (CIS) - Critical Security Controls Authoritative Source Content

    The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly...
    Gloria Higley
    last modified by Gloria Higley
  • Financial Services Sector Coordinating Council (FSSCC) Cybersecurity Profile Authoritative Source Content

    Established in 2002 by the financial sector, the Financial Services Sector Coordinating Council (FSSCC) works collaboratively with key government agencies to protect the nation’s critical infrastructure from cyb...
    Gloria Higley
    last modified by Gloria Higley
  • North American Electric Reliability Corporation (NERC) Standards Authoritative Source Content

    The North American Electric Reliability Corporation is a nonprofit corporation which was formed by the electric utility industry to promote the reliability and adequacy of bulk power transmission in the electric utili...
    Susan Read-Miller
    last modified by Gloria Higley
  • Secure Controls Framework (SCF) Authoritative Source Content

    The Secure Controls Framework organization is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on both Governance, Risk and Compliance (GRC) and the cybersecurity side of privac...
    Gloria Higley
    last modified by Gloria Higley
  • U.S. State Breach Notification Laws Authoritative Source Content

    This authoritative source comprises the breach notification laws for the 50 U.S. States and territories.  Data Breach Laws are available as authoritative source content for the following laws: AK 45.48:  Al...
    Susan Read-Miller
    last modified by Gloria Higley
  • American Institute of CPAs (AICPA) Privacy Maturity Model Authoritative Source Content

    The American Institute of CPAs (AICPA) provides the world’s largest member association representing the accounting profession. The organization includes 431,000+ members in 130 countries and territories, re...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content

    The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (Do...
    Gloria Higley
    last modified by Susan Read-Miller