Vault restructure

2026-04-23 11:51:51 +02:00 · 2026-04-23 11:51:51 +02:00 · ff77508bd1
commit ff77508bd1
parent d45797d121
1433 changed files with 415450 additions and 1201 deletions
--- a/Corpus/Standards/other/BIO
+++ b/Corpus/Standards/other/BIO
@ -0,0 +1,6 @@
+# Baseline Informatiebeveiliging Overheid
+
+De BIO is gebaseerd op de NEN-ISO/IEC 27002:2017 en vanuit de BIO wordt verwezen naar de NEN-ISO/IEC 27001:2017. Beide standaarden staan ook op de lijst verplichte standaarden. In de BIO hebben specifieke overheidsmaatregelen de tekstkleur groen.
+
+[Baseline Informatiebeveiliging Overheid versie 1.04](https://www.informatiebeveiligingsdienst.nl/project/baseline-informatiebeveiliging-overheid/)
+[Nieuwe release BIO Thema-uitwerkingen (5.1)](https://bio-overheid.nl/nieuws/uitgelicht-content/?article=Nieuwe%20release%20BIO%20Thema-uitwerkingen:%20verbeterde%20teksten,%20toegankelijkheid%20en%20uitbreidingen%20(5.1)
--- a/Corpus/Standards/other/C2M2
+++ b/Corpus/Standards/other/C2M2
@ -0,0 +1,12 @@
+Cybersecurity Capability Maturity Model (C2M2) was developed for the US Energy sector, sponsored by the United States Department of Energy (DOE).
+
+It looks equally at both information technology (IT) and operations technology (OT).
+
+Documentation, tools, practices and self-evaluation tools can be found through [energy.gov](https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2) and on [doe.gov](https://c2m2.doe.gov).
+
+
+![](C2M2%20Version%202.1%20June%202022.pdf)
+
+Related:
+- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md)
+- [IEC 62443 Cybersecurity for operational technology in automation and control systems](IEC%2062443%20Cybersecurity%20for%20operational%20technology%20in%20automation%20and%20control%20systems.md)
--- a/Corpus/Standards/other/C2M2
+++ b/Corpus/Standards/other/C2M2
--- a/Corpus/Standards/other/CIS_Controls_V7_Poster.pdf
+++ b/Corpus/Standards/other/CIS_Controls_V7_Poster.pdf
--- a/Corpus/Standards/other/CMMI
+++ b/Corpus/Standards/other/CMMI
@ -0,0 +1,16 @@
+## Process Maturity: CMMI
+Capability Maturity Model Integration (CMMI) is a process improvement program. 
+
+CMMI is administered by the CMMI Institute a subsidiary of [ISACA](https://en.wikipedia.org/wiki/ISACA "ISACA").
+
+There are 5 maturity levels:
+1. Initial – processes are unpredictable, poorly controlled and reactive
+2. Managed – Processes are characterized for projects and often reactive.
+3. Defined – Processes are characterized for the organization and proactive (projects tailor their processes from organization's standards)
+4. Quantatively Managed – Processes are measured and controlled
+5. Optimizing – Focus on process improvement.
+
+
+[](Characteristics_of_Capability_Maturity_Model.png)
+
+Source: [Wikipedia](https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration), retrieved December 13, 2021 
--- a/Corpus/Standards/other/CSA
+++ b/Corpus/Standards/other/CSA
@ -0,0 +1,3 @@
+The Cloud Controls Matrix is a set of controls designed to be used by both cloud service consumers as well as providers. The CCM includes both technical and administrative controls that can be used to provide security for cloud technology adoption or implementations.
+
+[Cloud Controls Matrix v3.0.1](https://csf.tools/reference/cloud-controls-matrix/version-3-0-1/)
--- a/Corpus/Standards/other/CSF
+++ b/Corpus/Standards/other/CSF
@ -0,0 +1,7 @@
+This site contains a number of helpful tools that will make the NIST Cybersecurity Framework (CSF) and NIST Privacy Framework (PF) more understandable and accessible. Some of those tools are outlined below.
+
+[Welcome to CSF Tools](https://csf.tools)
+
+Related:
+- [NIST Privacy Framework (PF)](../NIST/NIST%20Privacy%20Framework%20(PF).md)
+- [NIST CSF 2.0](../NIST/NIST%20CSF%202.0.md)
--- a/Corpus/Standards/other/Characteristics_of_Capability_Maturity_Model.png
+++ b/Corpus/Standards/other/Characteristics_of_Capability_Maturity_Model.png
--- a/Corpus/Standards/other/CyFun
+++ b/Corpus/Standards/other/CyFun
@ -0,0 +1,77 @@
+# CyFun certification in Belgium
+
+In Belgium, an organization can get certified for the CyberFundamentals-raamwerk (CyFun®) from the Centre for Cybersecurity Belgium (CCB).
+## Certification Process for CyFun®
+
+- **Framework and Authority**: The CyFun® framework is developed and maintained by the CCB, which is designated as Belgium’s National Cybersecurity Certification Authority (NCCA)[^5].
+- **Certification Levels**: The CyFun® framework is structured around several assurance levels (Small, Basic, Important, Essential) that correspond to the organization’s size and risk profile[^1][^5].
+- **Conformity Assessment**: Certification is achieved through a conformity assessment performed by an external, independent, and accredited Conformity Assessment Body (CAB). These CABs must be accredited by BELAC, the Belgian national accreditation body, and authorized by the CCB[^4][^5].
+- **Certification Steps**:
+	- Self-evaluation using the CyFun® self-assessment tool.
+	- Internal implementation and documentation of required measures.
+	- External audit and verification by an accredited CAB.
+	- If compliant, the organization receives an official CyFun® label or certificate[^1][^4][^5].
+- **Legal and Regulatory Context**: Certification for CyFun® is recognized as a way to demonstrate compliance with the NIS2 directive in Belgium. For some organizations, this certification may be voluntary, while for others (especially those in critical sectors), it may be required by law[^1][^5][^6].
+- **Recognition and Assurance**: The certification scheme is validated by BELAC, ensuring that the process is credible and recognized nationally. The CyFun® certificate provides evidence of an organization’s cybersecurity posture to customers, suppliers, regulators, and insurers[^4][^5].
+
+
+**Summary Table**
+
+| Step            | Description                                                 |
+| :-------------- | :---------------------------------------------------------- |
+| Self-assessment | Organization evaluates itself against CyFun® requirements   |
+| Implementation  | Measures are implemented and documented                     |
+| External audit  | Accredited CAB performs independent verification            |
+| Certification   | Organization receives CyFun® certificate/label if compliant |
+
+**In summary:** Organizations in Belgium can obtain official certification for the CyFun® framework through an accredited audit process, providing recognized proof of their cybersecurity measures and compliance with Belgian and EU regulations[^1][^4][^5][^6].
+
+## ISO 27001 certification as proof of compliance
+
+ISO 27001 certification is accepted as proof of compliance with the CyberFundamentals-raamwerk (CyFun®) in Belgium, but with important nuances:
+
+- **Equivalence for NIS2 Compliance**: Organizations falling under the 'Essential' assurance level of the NIS2 directive can choose either ISO 27001 certification or CyFun® certification to demonstrate compliance[^3][^5]. Both are recognized paths for meeting regulatory requirements in Belgium.
+- **Certification Process**: For CyFun®, organizations undergo a specific process involving self-assessment, implementation, and external verification by an authorized Conformity Assessment Body (CAB) accredited by the CCB[^3][^4]. For ISO 27001, certification must also be performed by an accredited CAB with the appropriate scope and statement of applicability[^5].
+- **Scope Alignment Required**: If your organization already holds ISO 27001 certification, you can use it to "fast-track" CyFun® certification by aligning the scope of your ISO 27001 Information Security Management System (ISMS) with CyFun® requirements[^1]. However, this may require mapping your existing controls and documentation to the additional or specific requirements of CyFun®.
+- **Additional Guidance**: While ISO 27001 and CyFun® share many foundational elements, CyFun® includes extra guidance, requirements, and assessment methodologies beyond ISO 27001[^1][^2]. Therefore, holding ISO 27001 certification does not automatically grant CyFun® certification, but it is a strong basis and may significantly reduce the effort required for CyFun® compliance.
+- **Official Recognition**: Both ISO 27001 and CyFun® certifications are officially recognized by Belgian authorities for demonstrating NIS2 compliance, provided the certification is issued by an authorized CAB[^5].
+
+**In summary:** ISO 27001 certification is accepted as proof of CyFun® compliance for regulatory purposes in Belgium, especially for organizations subject to NIS2. However, you may need to ensure your ISO 27001 scope and controls fully cover CyFun® requirements, and certification must be performed by an appropriately accredited CAB[^1][^3][^5].
+  
+---
+
+[^1]: https://codific.com/what-is-cyfun-and-how-to-implement-it/
+[^2]: https://assets.kpmg.com/content/dam/kpmg/be/pdf/2024/NIS2-EVENT-15-05-2024-05-15.pdf
+[^3]: https://qfor.org/nl/cyfun-cyberfundamentals-framework/
+[^4]: https://www.beltug.be/nis2-where-to-begin-the-cyfun-basic-key-measures-are-a-good-starting-point/
+[^5]: https://higherlogicdownload.s3.amazonaws.com/ISACA/1466d1d1-d2d8-471d-a649-d456b914f0c6/UploadedImages/NIS2_CyFun_ISACA_BELGIUM20240904.pdf
+[^6]: https://www.axsguard.com/en_US/blog/our-company-8/new-milestone-axs-guard-achieves-iso-27001-certification-283
+[^7]: http://atwork.safeonweb.be/cyberfundamentals-frequently-asked-questions-faq
+[^8]: http://ccb.belgium.be/ncca
+[^9]: https://atwork.safeonweb.be/sites/default/files/2023-12/CAS CyFun Version 20 November 2023.pdf
+[^10]: https://nl.linkedin.com/pulse/het-cyberfundamentals-framework-renco-schoemaker-3vgye
+
+---  
+
+[^1]: https://qfor.org/nl/cyfun-cyberfundamentals-framework/
+[^2]: https://www.dnv.be/nieuws/cyberfundamentals-certificering-in-ontwikkeling-bij-DNV/
+[^3]: https://ccb.belgium.be/en/certification-service-ccb-certification
+[^4]: https://financialforum.be/en/bfw-digitaal/cyberfundamentals-a-tool-to-reduce-the-cyber-protection-gap
+[^5]: https://atwork.safeonweb.be/sites/default/files/2023-12/CAS CyFun Version 20 November 2023.pdf
+[^6]: https://cyen.eu/index.php/2024/07/08/nis2-in-belgium/
+[^7]: https://www.agoria.be/nl/diensten/expertise/digitalisering/cybersecurity/ccb-cyberfundamentals-framework-een-effectieve-methode-om-de-weerbaarheid-van-uw-organisatie-tegen-cyberdreigingen-te-vergroten
+[^8]: https://codific.com/what-is-cyfun-and-how-to-implement-it/
+[^9]: https://www.beltug.be/nis2-where-to-begin-the-cyfun-basic-key-measures-are-a-good-starting-point/
+[^10]: https://practiceguides.chambers.com/practice-guides/cybersecurity-2025/belgium/trends-and-developments/O20293
+[^11]: https://www.dnv.be/services/cyberfundamentals/
+[^12]: https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework
+[^13]: http://ccb.belgium.be/nl/ncca
+[^14]: http://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework
+[^15]: https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2025/april/10/risicomanagementraamwerken/Risicomanagementraamwerken_NL_042025.pdf
+[^16]: https://ccb.belgium.be/sites/default/files/NIS2 FAQ Website v1.0 NL.pdf
+[^17]: http://ccb.belgium.be/ncca
+[^18]: https://www.brainframe.com/cyberfundamentals
+[^19]: https://www.agoria.be/nl/diensten/expertise/digitalisering/cybersecurity/ccb-cyberfundamentals-framework-aantoonbare-cyberveiligheid-voor-uw-klanten-en-partners
+[^20]: https://www.cyberday.ai/blog/what-is-cyberfundamentals
+[^21]: https://annacon.be/wp-content/uploads/2023/11/ANNACON-0x7E7-Johan-Decock.pdf
+
--- a/Corpus/Standards/other/Cyber
+++ b/Corpus/Standards/other/Cyber
@ -0,0 +1,5 @@
+# Cyber Resilience Act
+
+CRA proposal 15 September 2022
+[https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act]
+
--- a/Corpus/Standards/other/Digital
+++ b/Corpus/Standards/other/Digital
@ -0,0 +1,31 @@
+# Digital Markets Act (DMA)
+The EU's DMA came into force on November 1, 2022, now moves into a six month implementation phase, and will start to apply on 2 May 2023. Following their designation, gatekeepers will have six months to comply with the requirements in the DMA, at the latest by 6 March 2024.
+If those gatekeeper platforms don't comply, they can be fined of up to 10 per cent of the company's worldwide turnover, and up to 20 per cent in the case of repeat offenders.
+
+The goal is to disrupt the "winner takes all" dynamic in markets, spec. digital platforms.
+
+big platforms will be forced to "open up" their features by becoming APIs.
+
+The requirements apply to so called "gatekeepers".
+
+https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair-and-open-digital-markets_en
+
+A Gatekeeper is a company that:
+- has a strong economic position, significant impact on the internal market and is active in multiple EU countries
+- has a strong intermediation position, meaning that it links a large user base to a large number of businesses
+- has (or is about to have) an entrenched and durable position in the market, meaning that it is stable over time if the company met the two criteria above in each of the last three financial years
+
+Gatekeeper platforms will have to:
+- allow third parties to inter-operate with the gatekeeper’s own services in certain specific situations
+- allow their business users to access the data that they generate in their use of the gatekeeper’s platform
+- provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper
+- allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform
+
+Gatekeeper platforms may no longer:
+- treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper's platform
+- prevent consumers from linking up to businesses outside their platforms
+- prevent users from un-installing any pre-installed software or app if they wish so
+- track end users outside of the gatekeepers' core platform service for the purpose of targeted advertising, without effective consent having been granted
+
+
+https://www.skadden.com/insights/publications/2022/10/eu-digital-markets-act-enters-into-force
--- a/Corpus/Standards/other/Digital
+++ b/Corpus/Standards/other/Digital
@ -0,0 +1,2 @@
+https://iapp.org/media/pdf/resource_center/digital-services-act-101-chart.pdf
+Heb ik ook een door mij geannoteerde versie van ergens
--- a/Corpus/Standards/other/HITRUST
+++ b/Corpus/Standards/other/HITRUST
@ -0,0 +1,2 @@
+https://gemini.google.com/app/7df35a4340b61292
+
--- a/Corpus/Standards/other/IEC
+++ b/Corpus/Standards/other/IEC
@ -0,0 +1,7 @@
+# IEC 62443 Cybersecurity for operational technology in automation and control systems
+https://en.wikipedia.org/wiki/IEC_62443?wprov=sfti1
+Part 4.1 describes development process
+
+
+
+
--- a/Corpus/Standards/other/Infosec
+++ b/Corpus/Standards/other/Infosec
@ -0,0 +1,34 @@
+See also:
+- [Cybersecurity framework selection](https://content.complianceforge.com/education/cybersecurity-framework-selection.pdf)
+- [CSA Cloud Controls Matrix](CSA%20Cloud%20Controls%20Matrix.md)
+
+## Regulations
+- Artificial Intelligence Act
+- CRE - Resilience of Critical Entities
+- [Cyber Resilience Act](Cyber%20Resilience%20Act.md)
+- [Digital Markets Act](Digital%20Markets%20Act.md)
+- [Digital Services Act](Digital%20Services%20Act.md)
+- DORA
+- GDPR
+- [NIS 2](../NIS%202/NIS%202%20Index.md)
+
+
+
+
+## Frameworks
+- [CISSP Official Study Guide](../CISSP/CISSP%20Official%20Study%20Guide.md)
+- [IEC 62443 Cybersecurity for operational technology in automation and control systems](IEC%2062443%20Cybersecurity%20for%20operational%20technology%20in%20automation%20and%20control%20systems.md)
+- [ISO 27k family](../../../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md)
+- [ISO_27001_2013_EN_Index](../ISO27x/archive/ISO%2027001%202013/ISO_27001_2013_EN_Index.md)
+- [ISO_27001_2017_NL_Index](../ISO27x/archive/ISO%2027001%202017%20NL/ISO_27001_2017_NL_Index.md)
+- [ISO_27001_2022_00_MoC Index EXT](../../MoCs/ISO_27001_2022_00_MoC%20Index%20EXT.md)
+- [ISO_27002_2022_NL_Index](../ISO27x/OST/27002/NL/ISO_27002_2022_NL_Index.md)
+- [ISO31000-5.4.1-Understanding-the-organization-and-its-context](../ISO27x/ISO31000-5.4.1-Understanding-the-organization-and-its-context.md)
+- [NEN7510 Risicos](../ISO27x/OST/7510/NEN7510%20Risicos.md)
+- [NIST CSF 2.0](../NIST/NIST%20CSF%202.0.md)
+- [Secure Controls Framework SCF](Secure%20Controls%20Framework%20SCF.md)
+- [WEGIZ stub](../WEGIZ/WEGIZ%20stub.md)
+
+
+- [OWASP Top 10 CI-CD Security Risks](OWASP%20Top%2010%20CI-CD%20Security%20Risks.md)
+
--- a/Corpus/Standards/other/OWASP
+++ b/Corpus/Standards/other/OWASP
@ -0,0 +1,30 @@
+
+related to software development / devops
+
+Laatste retrieval date:  5 februari 2025 
+
+# OWASP Top 10 CI/CD Security Risks
+[source](https://owasp.org/www-project-top-10-ci-cd-security-risks/)
+
+[CICD-SEC-1](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-01-Insufficient-Flow-Control-Mechanisms): Insufficient Flow Control Mechanisms
+
+[CICD-SEC-2](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-02-Inadequate-Identity-And-Access-Management): Inadequate Identity and Access Management
+
+[CICD-SEC-3](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-03-Dependency-Chain-Abuse): Dependency Chain Abuse
+
+[CICD-SEC-4](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-04-Poisoned-Pipeline-Execution): Poisoned Pipeline Execution (PPE)
+
+[CICD-SEC-5](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-05-Insufficient-PBAC): Insufficient PBAC (Pipeline-Based Access Controls)
+
+[CICD-SEC-6](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-06-Insufficient-Credential-Hygiene): Insufficient Credential Hygiene
+
+[CICD-SEC-7](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-07-Insecure-System-Configuration): Insecure System Configuration
+
+[CICD-SEC-8](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-08-Ungoverned-Usage-of-3rd-Party-Services): Ungoverned Usage of 3rd Party Services
+
+[CICD-SEC-9](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-09-Improper-Artifact-Integrity-Validation): Improper Artifact Integrity Validation
+
+[CICD-SEC-10](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-10-Insufficient-Logging-And-Visibility): Insufficient Logging and Visibility
+
+
+related: [Risk management](../../🎇%20Sparks/Risk%20management.md)
--- a/Corpus/Standards/other/Privacy
+++ b/Corpus/Standards/other/Privacy
@ -0,0 +1,10 @@
+[AVG lijst artikelen](../AVG/AVG%20lijst%20artikelen.md)
+[BC_5701_Hoofstukken_Normtekst](../BC%205701/BC_5701_Hoofstukken_Normtekst.md)
+[NIST Privacy Framework (PF)](../NIST/NIST%20Privacy%20Framework%20(PF).md)
+
+[Privacy in ISO 27k](../../📚️%20Literature%20notes/Privacy%20in%20ISO%2027k.md)
+
+Related:
+- [Privacy protection in Databases](../../🎇%20Sparks/Privacy%20protection%20in%20Databases.md)
+- [ISO 27001 A.18.1.4 Privacy and protection of personally identifiable information](../ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.18.1.4%20Privacy%20and%20protection%20of%20personally%20identifiable%20information.md)
+
--- a/Corpus/Standards/other/SCF
+++ b/Corpus/Standards/other/SCF
@ -0,0 +1,16 @@
+
+The Secure Controls Framework lists 32 risk categories in 7 groups.
+
+Detailed on page 30-31 of Secure Controls Framework Overview & Instructions, version 2022.1. ([download link](https://scf.securecontrolsframework.com/SCF_Overview_Recommended_Practices.pdf))
+
+Website page:https://securecontrolsframework.com/risk-management-model/
+
+More detail in Security & Privacy Risk Management Model (SP-RMM) Overview
+[download link](http://securecontrolsframework.com/SCF_Security_Privacy_Risk_Management_Model.pdf)
+
+
+Related:
+- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md)
+- [Risk analysis](../../🎇%20Sparks/Risk%20analysis.md)
+- [Risk inventories](../../🎇%20Sparks/Risk%20inventories.md)
+
--- a/Corpus/Standards/other/SCF
+++ b/Corpus/Standards/other/SCF
@ -0,0 +1,16 @@
+The Secure Controls Framework lists 14 natural threats and 11 manmade threats.
+
+Detailed on page 31-33 of Secure Controls Framework Overview & Instructions, version 2022.1. ([download link](https://scf.securecontrolsframework.com/SCF_Overview_Recommended_Practices.pdf))
+
+https://securecontrolsframework.com/risk-management-model/
+
+
+Related:
+- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md)
+- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md)
+- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
+
+
+Secure Controls Framework
+[SCF Risk Categories for Establishing a Risk Catalog](SCF%20Risk%20Categories%20for%20Establishing%20a%20Risk%20Catalog.md)
+[SCF Threat Categories for Establishing a Threat Catalog](SCF%20Threat%20Categories%20for%20Establishing%20a%20Threat%20Catalog.md)
--- a/Corpus/Standards/other/SP-CMM
+++ b/Corpus/Standards/other/SP-CMM
@ -0,0 +1,11 @@
+## Security & Privacy: SP-CMM
+
+The Security & Privacy Capability Maturity Model (SP-CMM) from the [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md) takes the organizations size into consideration by having different requirements for small, medium and large organizations.
+
+Detailed on page 21 of Secure Controls Framework Overview & Instructions, version 2022.1. ([download link](https://scf.securecontrolsframework.com/SCF_Overview_Recommended_Practices.pdf))
+
+More detail in  
+SECURITY & PRIVACY CAPABILITY MATURITY MODEL (SP-CMM) OVERVIEW
+ [download link](http://scf.securecontrolsframework.com/SCF_Security_Privacy_Capability_Maturity_Model.pdf)
+
+Website page: https://www.securecontrolsframework.com/sp-cmm
--- a/Corpus/Standards/other/Secure
+++ b/Corpus/Standards/other/Secure
@ -0,0 +1,2 @@
+[SCF Risk Categories for Establishing a Risk Catalog](SCF%20Risk%20Categories%20for%20Establishing%20a%20Risk%20Catalog.md)
+[SCF Threat Categories for Establishing a Threat Catalog](SCF%20Threat%20Categories%20for%20Establishing%20a%20Threat%20Catalog.md)
--- a/Corpus/Standards/other/🗃
+++ b/Corpus/Standards/other/🗃
@ -0,0 +1,29 @@
+[ISO 27k family](../../../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md)
+	[ISO_27001_2013_EN_Index](../ISO27x/archive/ISO%2027001%202013/ISO_27001_2013_EN_Index.md)
+	[ISO_27001_2022_00_MoC Index EXT](../../MoCs/ISO_27001_2022_00_MoC%20Index%20EXT.md)
+	[IEC 62443 Cybersecurity for operational technology in automation and control systems](IEC%2062443%20Cybersecurity%20for%20operational%20technology%20in%20automation%20and%20control%20systems.md)
+
+**EU regulations:**
+- AI Act
+- CRE
+- [[Cyber Resilience Act (CRA)]]
+- DM Act
+- DS Act
+- DORA
+- GDPR
+- [NIS 2](../NIS%202/NIS%202%20Index.md)
+- [NIST](../NIST/NIST%20articles%20list.md)
+
+[BIO Baseline Informatiebeveiliging Overheid](BIO%20Baseline%20Informatiebeveiliging%20Overheid.md)
+
+ICTRecht: [Wat is op wie van toepassing?](https://www.ictrecht.nl/blog/europese-wetgeving-rond-digitale-weerbaarheid-wat-is-op-wie-van-toepassing)
+
+
+Not really a standard or regulation, but excellent nonetheless, the UK's [NCSC’s Board Toolkit](https://www.ncsc.gov.uk/collection/board-toolkit):
+	The NCSC’s Board Toolkit helps boards to ensure that cyber resilience and risk management are embedded throughout an organisation, including its people, systems, processes and technologies.
+
+## Cross references
+- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md) brings a lot of those together, see their Secure Controls Framework (SCF) - 2022.1 matrix.xslx.
+- [Mapping NIST Controls to ISO Standards](../../📚️%20Literature%20notes/Mapping%20NIST%20Controls%20to%20ISO%20Standards.md)
+
+[CSA Cloud Controls Matrix](CSA%20Cloud%20Controls%20Matrix.md)
				`@ -0,0 +1,2 @@`
				`https://gemini.google.com/app/7df35a4340b61292`