Cybersecurity Public Resources and References

Federal agencies, standards bodies, state-level authorities, and specialized reference networks collectively form the primary infrastructure for cybersecurity knowledge in the United States. This page catalogs authoritative public resources — government portals, foundational technical standards, educational databases, and the specialized member sites within this network — organized by source type and subject domain. Understanding where to locate primary texts, regulatory frameworks, and domain-specific guidance is essential for practitioners, researchers, policy analysts, and organizations building defensible security programs. The cybersecurity landscape overview provides broader context on how these resources fit within the national security infrastructure.

Primary texts and databases

The National Institute of Standards and Technology (NIST) maintains the most comprehensive public library of cybersecurity frameworks and technical standards available to U.S. practitioners. The NIST Cybersecurity Framework (CSF), currently at version 2.0, organizes security practices into five core functions — Identify, Protect, Detect, Respond, and Recover — and is downloadable without cost from csrc.nist.gov. NIST Special Publication 800-53, Revision 5, catalogs over 1,000 security and privacy controls applicable to federal information systems and is widely adopted in private-sector compliance programs.

The MITRE ATT&CK® knowledge base, hosted at attack.mitre.org, documents more than 400 adversary techniques observed in real-world intrusions, organized by tactic category. ATT&CK is a primary reference for threat modeling and red-team scoping across enterprise, cloud, mobile, and industrial control system environments. For definitions and vocabulary used across these frameworks, the cybersecurity terminology and definitions reference page on this site standardizes key terms drawn from NIST, CNSS, and ISO sources.

The Common Vulnerabilities and Exposures (CVE) program, operated by MITRE under contract with CISA, had cataloged over 240,000 vulnerability records as of 2024 (cve.mitre.org). The National Vulnerability Database (NVD), maintained by NIST at nvd.nist.gov, enriches CVE records with CVSS severity scores, remediation metadata, and CPE applicability data.

Encryption Authority covers cryptographic standards, key management protocols, and the regulatory requirements governing data-at-rest and data-in-transit protection — making it an essential companion to NIST's cryptographic publications including FIPS 140-3. Application Security Authority documents secure development lifecycle practices, OWASP Top 10 references, and static/dynamic analysis frameworks used across software development organizations.

Agency portals

The Cybersecurity and Infrastructure Security Agency (CISA) operates the primary federal portal for cybersecurity alerts, advisories, and public guidance at cisa.gov. CISA publishes binding operational directives (BODs) applicable to federal civilian executive branch agencies, joint cybersecurity advisories co-authored with FBI and NSA, and free scanning services including the Cyber Hygiene Vulnerability Scanning program. The regulatory context for cybersecurity page provides a structured breakdown of how CISA authority interacts with sector-specific regulators.

The Federal Trade Commission (FTC) enforces data security requirements under Section 5 of the FTC Act and administers the Safeguards Rule under the Gramm-Leach-Bliley Act, with penalty authority reaching $51,744 per violation day as set by the 2023 FTC penalty schedule (ftc.gov/enforcement). The Department of Health and Human Services Office for Civil Rights (HHS OCR) enforces HIPAA Security Rule requirements and publishes breach settlement documentation at hhs.gov/ocr.

State-level regulatory bodies have become increasingly significant since 2018. California's enforcement apparatus under the California Consumer Privacy Act (CCPA) and its amendment CPRA is administered by the California Privacy Protection Agency. California Security Authority provides reference-grade coverage of California's specific compliance obligations, breach notification timelines, and enforcement actions. New York Security Authority covers the New York SHIELD Act and DFS Cybersecurity Regulation (23 NYCRR 500), which imposes specific technical controls on covered financial entities. Texas Security Authority addresses the Texas Identity Theft Enforcement and Protection Act and sector-specific guidance from the Texas Department of Information Resources. Florida Security Authority documents Florida's Digital Bill of Rights and the state's breach notification requirements under Florida Statute §501.171.

Cyber Compliance Authority maps the intersection of federal and state regulatory requirements, providing structured analysis of how frameworks like SOC 2, ISO 27001, and NIST CSF align with statutory obligations. Cyber Audit Authority focuses on audit methodology, evidence collection standards, and the specific control testing procedures used in third-party assessments.

Public education sources

The SANS Institute publishes the Internet Storm Center daily threat briefings at isc.sans.edu, aggregating honeypot data from over 500,000 IP addresses globally. SANS also offers free whitepapers and reading room documents covering penetration testing, incident response, and forensic analysis.

Cybersafety Authority provides accessible public education on phishing recognition, password hygiene, and social engineering threats aimed at general audiences and organizational security awareness programs. Home Cyber Authority addresses residential and small-office threat environments, including router hardening, Wi-Fi security configurations, and home network segmentation. National Online Safety Authority covers safe browsing practices, parental controls, and platform-specific privacy settings relevant to household users.

National Identity Theft Authority documents identity fraud mechanics, credit freeze procedures under the Fair Credit Reporting Act, and FTC recovery resources. Identity Protection Authority provides deeper coverage of authentication mechanisms, credential monitoring services, and breach response steps for individuals whose data has been exposed. Mobile Security Authority addresses iOS and Android security hardening, MDM policy frameworks, and mobile threat defense platform comparisons.

For conceptual grounding in how defensive architectures operate, the how cybersecurity works conceptual overview page on this site explains the layered defense model, attack surface concepts, and the role of detection versus prevention controls.

Federal resources

The Office of Management and Budget (OMB) issues memoranda that establish federal cybersecurity policy baselines, including M-22-09, which mandated zero trust architecture adoption across federal agencies with a 2024 implementation target. OMB memoranda are indexed at whitehouse.gov/omb/information-for-agencies/memoranda.

The FBI's Internet Crime Complaint Center (IC3) publishes an annual Internet Crime Report documenting complaint volumes and financial losses; the 2023 report recorded $12.5 billion in reported losses from cybercrime (ic3.gov). IC3 accepts public complaints and serves as the primary federal intake mechanism for cybercrime reporting.

Ransomware Authority provides structured coverage of ransomware mechanics, CISA StopRansomware guidance, and incident response sequencing aligned with FBI and CISA joint advisories. Network Security Authority covers perimeter defense architectures, firewall policy frameworks, and network segmentation standards drawn from NIST SP 800-125B and CIS Controls v8. Endpoint Security Authority documents EDR platform criteria, Windows and Linux hardening baselines, and CIS Benchmark application across enterprise device fleets.

Cloud Security Authority addresses CSP shared responsibility models, cloud control frameworks including CSA CCM v4, and FedRAMP authorization requirements applicable to cloud service providers serving federal agencies. Cloud Defense Authority focuses on runtime threat detection, cloud-native SIEM integration, and misconfiguration management across AWS, Azure, and GCP environments. Cloud Backup Authority covers backup architecture standards, retention policy requirements under HIPAA and SOX, and recovery time objective benchmarks.

AI Cyber Authority documents NIST AI RMF 1.0 provisions, adversarial machine learning threat categories, and emerging federal guidance from the October 2023 Executive Order on Safe, Secure, and Trustworthy AI. Penetration Testing Authority provides methodology references spanning PTES, OWASP Testing Guide v4.2, and scoping documentation frameworks used in authorized security assessments.

Data Security Authority covers data classification standards, access control models, and the technical controls required under sector-specific statutes including HIPAA, GLBA, and FERPA. Information Security Authority provides policy framework coverage across ISO/IEC 27001:2022, NIST SP 800-53, and COBIT 2019, with control mapping across frameworks. Digital Security Authority addresses PKI infrastructure, certificate lifecycle management, and digital signature standards governed by NIST FIPS 186-

📜 7 regulatory citations referenced  ·  ✅ Citations verified Feb 25, 2026  ·  View update log

Explore This Site

Services & Options Types of Cybersecurity Regulations & Safety Regulatory Context for Cybersecurity
Topics (52)
Tools & Calculators Password Strength Calculator