How many data security standards are there?
There is no single fixed number of data security standards globally because standards vary by industry, geography and regulatory domain. The term “data security standard” is often used interchangeably to describe a data security framework. While there are many cybersecurity frameworks, the different cybersecurity frameworks most commonly used are:
- NIST Cybersecurity Framework (NIST CSF);
- ISO 27001/27002;
- NIST SP 800-53 (low, moderate or high baselines);
- NIST 800-171; or
- Secure Controls Framework (SCF) (or a similar metaframework).
The concept of there being a "best data security framework” is misguided, since the most appropriate framework to align with is entirely dependent upon the organization’s business model. Choosing a data security framework should be based on the organization’s industry, available resources and compliance objectives.
The applicable laws, regulations and contractual obligations that an organization must comply with will most often point to one of these commonly used cybersecurity frameworks as a starting point.