Nonprofit Cyber Solutions Index

wdt_ID Member Nonprofit Project or Solution Name Audience Benefit For URL Subject/Control Area Optional: Control Areas Description
1 APWG Phishing Activity Trends Report All Businesses, Governments and Intergovernmental Organizations, Individuals Public https://apwg.org/trendsreports Cybersecurity Awareness Since 2004, the APWG Phishing Activity Trends Report, now quarterly, analyzes phishing attacks and other cybercrime events reported to the APWG by its member companies, institutions and national government agencies, through the organization’s website at
2 APWG Symposium on Electronic Crime Research Researchers https://ecrimeresearch.org/ecrime-symposium/ Research and Knowledge Development The APWG Symposium on Electronic Crime Research (APWG eCrime), founded in 2006 as the eCrime Researchers Summit, was conceived as a comprehensive, multi-disciplinary venue to present applied research into electronic crime, engaging every aspect of its evo
3 APWG APWG Phishing Education Landing Page Content Providers https://ecrimeresearch.org/education-landing-page/ Cybersecurity Awareness CIS Control 14: Security Awareness and Skills Training The Phishing Education Landing Page replaces phishing pages with a redirect that sends users to a page of online safety and security instructions when they click on phishing URLs – instead of a confusing 404 message. The APWG launched the program in 200
4 APWG eCrime eXchange All Businesses, Governments and Intergovernmental Organizations, Law Enforcement, National CERTs, Nonprofits/Charities Member https://apwg.org/ecx Collaborative Defensive Operations/Information Sharing CIS Control 9: Email and Web Browser Protections The APWG eCrime Exchange (eCX) is the clearinghouse and repository developed specifically to exchange machine event and Internet event data about common cybercrimes such as phishing. The APWG’s member organizations contribute new data, and extract data
5 APWG STOP. THINK. CONNECT. Cybersecurity Awareness Campaign All Businesses Public https://messagingconvention.org Cybersecurity Awareness CIS Control 14: Security Awareness and Skills Training The STOP. THINK. CONNECT. program is a cybersecurity public awareness campaign of shared assets promoted by industry, NGOs and national government deployments and through MoUs with multilateral treaty organizations. STOP. THINK. CONNECT. was conceived and
6 APWG APWG Malicious Domain Suspension Program (AMDoS) Cybersecurity Providers, Law Enforcement Member https://ecrimeresearch.org/amdos/ Cybersecurity Awareness CIS Control 14: Security Awareness and Skills Training The APWG Malicious Domain Suspension (AMDoS) system enables Accredited Interveners to submit suspected malicious domain names for investigation and suspension by Sponsoring Registrars and Top-Level Domain Registries. AMDoS orders and systematizes suspensi
7 APWG University Researcher Grants Researchers Public https://apwg.org/membership/research/ For the purpose of obtaining access to reliable source data for original research in cybercrime, the APWG honors requests from researchers, Universities, and NGO’s for access to resources within our eCrime Exchange (eCX). Accepted programs are granted a
8 Canadian Cyber Threat Exchange (CCTX) Best Practices Development/Sharing/Deployment All Businesses Member https://www.cctx.ca Collaborative Defensive Operations/Information Sharing The CCTX is a not for profit organization created by the private sector that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collabor
9 Canadian Cyber Threat Exchange (CCTX) Collaborative Information Sharing All Businesses Member https://www.cctx.ca Collaborative Defensive Operations/Information Sharing The CCTX is a not for profit organization that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collaboration amongst member organizat
10 Canadian Cyber Threat Exchange (CCTX) Cybersecurity Awareness All Businesses, Individuals Public https://www.cctx.ca Cybersecurity Awareness CCTX provides podcasts, presentations and research to the general public to raise awareness of the cyber risk and the critical role that collaboration plays in building resiliency.
11 Canadian Cyber Threat Exchange (CCTX) Cross Sector Threat Intelligence Sharing All Businesses Member https://www.cctx.ca Collaborative Defensive Operations/Information Sharing The CCTX is a not for profit organization that enables members to reduce financial and operational risk through access to relevant and actionable threat intelligence, best practices and information. The cross-sector collaboration amongst member organizat
12 Canadian Cyber Threat Exchange (CCTX) Annual Symposium and Webinars All Businesses, Individuals Member https://www.cctx.ca Cybersecurity Awareness, Research and Knowledge Development CCTX Annual Symposdium is a member only learning and networking opportunity, enabling members to connect, build relationshipos and earn CPE credits. The Technical Webinars are an opportunity for leading edge technology companies and solution providers to
13 Center for Internet Security CIS Critical Security Controls All Businesses Public https://www.cisecurity.org/controls Best Practices Sharing/Deployment Foundational set of prioritized security controls
14 Center for Internet Security CIS Benchmarks All Businesses Public https://www.cisecurity.org/cis-benchmarks/ Best Practices Sharing/Deployment 100+ vendor-neutral Security configuration guides for IT components
15 Center for Internet Security CIS SecureSuite All Businesses Member https://www.cisecurity.org/cis-securesuite Best Practices Sharing/Deployment Start secure and stay secure with integrated cybersecurity tools and resources designed to help you implement CIS Benchmarks and CIS Controls.
16 Center for Internet Security CIS Hardened Images All Businesses Public https://www.cisecurity.org/cis-benchmarks/ Best Practices Sharing/Deployment Virtual images hardened to CIS Benchmarks on cloud service provider marketplaces
17 Center for Internet Security CIS-CAT (Controls Assessment Tool) All Businesses Public https://www.cisecurity.org/ Cybersecurity Measurement A configuration assessment tool that checks conformance to the recommendations in the CIS Benchmarks. Leveraging the CIS-CAT Pro Dashboard component, users can view conformance to best practices and evaluate compliance scores over time.
18 Center for Internet Security CIS-CAT Pro (Controls Assessment Tool) All Businesses Member https://www.cisecurity.org/ Cybersecurity Measurement A configuration assessment tool that checks conformance to the recommendations in the CIS Benchmarks. Leveraging the CIS-CAT Pro Dashboard component, users can view conformance to best practices and evaluate compliance scores over time.
19 Center for Internet Security CSAT (Controls Self-Assessment Tool, hosted by CIS) All Businesses Public https://www.cisecurity.org/ Cybersecurity Measurement A hosted (by CIS) CIS Controls self-assessment tool that enables you to conduct, track, and assess implementation of the Controls.
20 Center for Internet Security CSAT-Pro (Controls Self-Assessment Tool) All Businesses Member https://www.cisecurity.org/ Cybersecurity Measurement An on-premises CIS Controls self-assessment tool that enables you to conduct, track, and assess implementation of the Controls.
21 Center for Internet Security CIS-RAM (Risk Assessment Method) All Businesses Public https://learn.cisecurity.org/cis-ram Cybersecurity Measurement An information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices.
22 Center for Internet Security MS-ISAC Operations Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/isac Collaborative Defensive Operations/Information Sharing Improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication.
23 Center for Internet Security MS-ISAC Managed Security Services Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/services/managed-security-services-mss Collaborative Defensive Operations/Information Sharing Monitor SLTT devices for signs of malicious or anomalous activity, eliminate false positives, and escalate only actionable items as an alert.
24 Center for Internet Security MS-ISAC Endpoint Security Services Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/services/endpoint-security-services Collaborative Defensive Operations/Information Sharing Offers device-level protection and response to strengthen an organization’s cybersecurity program, and provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity.
25 Center for Internet Security EI-ISAC Operations Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/isac Collaborative Defensive Operations/Information Sharing Works closely with election officials and security and technology personnel to provide the highest standards of election security, including incident response and remediation through our team of cyber experts. Our 24x7x365 Security Operations Center (SOC)
26 Center for Internet Security ISAC Albert Network Monitoring (IDS) Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/services/albert-network-monitoring Collaborative Defensive Operations/Information Sharing 24x7x365 managed and monitored Intrusion Detection System (IDS) built to detect SLTT-specific threats.
27 Center for Internet Security MDBR (Malicious Doman Blocking & Reporting) Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/ms-isac/services/mdbr Collaborative Defensive Operations/Information Sharing A cloud-based solution that uses recursive DNS technology to prevent IT systems from connecting to harmful web domains, helping SLTTs limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the v
28 Center for Internet Security CIS CyberMarket Governments US State/Local/Tribal/Territorial (SLTT) Member https://www.cisecurity.org/services/cis-cybermarket Best Practices Sharing/Deployment Collaborative purchasing program that serves U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, nonprofit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement.
29 Cloud Security Alliance Security, Trust, Assurance & Risk (STAR) Program All Businesses Public https://cloudsecurityalliance.org/star Cybersecurity Measurement CSA STAR has public registry of cloud providers complying with CSA Cloud Controls Matrix best practices. Free to view and download all entries to analyze the security of providers. Also free for providers to submit level one self assessments.
30 Cloud Security Alliance Zero Trust Resource Hub All Businesses Public https://cloudsecurityalliance.org/zt/resources/ Best Practices Sharing/Deployment Curated site of useful Zero Trust technical documents and standards
31 Cloud Security Alliance CSA Research All Businesses Public https://cloudsecurityalliance.org/research/ Best Practices Development Location for complete archive of CSA research, all free to the public
32 Cloud Security Alliance CSA Cyber Incident Sharing Center All Businesses Member https://cloudsecurityalliance.org/membership/enterprises/ Collaborative Defensive Operations/Information Sharing Private sharing enclave of cloud-related threat intelligence for members
33 Consumer Reports Security Planner Individuals Public https://securityplanner.org,https://securityplanner.consumerreports.org/ Cyber Hygiene Implementation CIS Control 3: Data Protection, CIS Control 5: Account Management, CIS Control 6: Access Control Management, CIS Control 7: Continuous Vulnerability Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses, CIS Control 14: Security Awareness and Skills Training, CIS Control 16: Application Software Security Security Planner is an easy personal security assistant that helps people stay safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from sm
34 CREST Simulated Target Attack & Response,Simulated Target Attack & Response (RedTeam) All Businesses, Cybersecurity Providers Public https://www.crest-approved.org/certification-careers/crest-certifications/ Cybersecurity Certification
35 CREST Penetration Testing All Businesses, Cybersecurity Providers Public https://www.crest-approved.org/certification-careers/crest-certifications/ Cybersecurity Certification
36 CREST Incident Response All Businesses, Cybersecurity Providers Public https://www.crest-approved.org/certification-careers/crest-certifications/ Cybersecurity Certification
37 CREST Security Operations Centers All Businesses, Cybersecurity Providers Public https://www.crest-approved.org/membership/membership-benefits/ Standards
38 Cyber Readiness Institute Cyber Readiness Program Small and Medium Businesses Public https://cyberreadinessinstitute.org/ Cybersecurity Training and Workforce Development The Cyber Readiness Program is a simple, practical way for organizations to provide security awareness training to employees and establish sustainable, effective cyber readiness practices. Specifically designed for small and medium-sized enterprises, this
39 Cyber Readiness Institute Cyber Leader Program Small and Medium Businesses Public https://cyberreadinessinstitute.org/ Cybersecurity Training and Workforce Development The Cyber Leader Certification Program is a personal professional credential that can be achieved after completing the Cyber Readiness Program.
40 Cyber Readiness Institute Cyber Readiness Guides Small and Medium Businesses Public https://cyberreadinessinstitute.org/ Cybersecurity Awareness CRI offers guides on MFA, MSPs, Holiday Season, and other cyber issues and topics relevant to SMBS.
41 Cyber Readiness Institute Incident Response Plan Small and Medium Businesses Public https://cyberreadinessinstitute.org/ Best Practices Development Establishing cyber readiness practices and policies helps to reduce risk, but it’s important to assume that our company is likely to have to deal with a security incident at some point that could impact business operations. Trying to determine how to re
42 Cyber Readiness Institute Ransomware Playbook Small and Medium Businesses Public https://cyberreadinessinstitute.org/resource/ransomware-playbook/ Best Practices Development How to prepare for, respond to, and recover from a ransomware attack
43 Cyber Threat Alliance Threat Intelligence Sharing Cybersecurity Providers Public https://cyberthreatalliance.org/ Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention The Cyber Threat Alliance improves the cybersecurity of the global digital ecosystem by enabling real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field.
44 Cyber Threat Alliance Magellan Automated Sharing Platform Cybersecurity Providers, Security Operations Entities Member https://cyberthreatalliance.org Collaborative Defensive Operations/Information Sharing Magellan is CTA's automated threat indicator sharing platform. Member companies submit indicators of compromise and associated context to the platform; members can then retrieve submissions by others. All CTA members are required to submit a minimum numbe
45 Cyber Threat Alliance Analytic Sharing Cybersecurity Providers Member https://cyberthreatalliance.org Collaborative Defensive Operations/Information Sharing CTA maintains several channels for members to share threat intelligence at human speed, including dedicated WebEx channels, regular virtual meetings among member representatives, and pre-publication sharing of embargoed blog posts, reports, and research p
46 Cyber Threat Alliance Partnership Program Information Sharing Organizations Member https://cyberthreatalliance.org Collaborative Defensive Operations/Information Sharing CTA partners with other information sharing organizations, such as Information Sharing and Analysis Centers (ISACs), to enable informal, human speed collaboration among these entities. This program is open to threat sharing organziations that otherwise do
47 Cybercrime Support Network Fightcybercrime.org Individuals, Small and Medium Businesses Public https://fightcybercrime.org Cybercrime Victim Assistance Cybercrime Support Network provides information for individuals and small and medium businesses to recognize, report and recover from cybercrime. Cybercrime Support Network is your advocate and partner in protecting your online data and privacy.
48 Cybercrime Support Network Peer Support Program Individuals Public https://fightcybercrime.org/programs/peer-support/ Cybercrime Victim Assistance To support individuals impacted by romance imposter scams, Cybercrime Support Network offers a free, confidential Peer Support Program for romance scam survivors. The counselor-led sessions provide a safe virtual environment for individuals to work throug
49 Cybercrime Support Network Military & Veteran Program Individuals Public https://fightcybercrime.org/programs/milvet/ Cybercrime Victim Assistance CSN has created the Partnership to FightCybercrime, a bold new alliance of military and veteran service organizations, non-governmental organizations, corporations, foundations, and federal agencies. By collaborating with this alliance to provide relevant
50 CyberGreen Institute Global data for open services Governments and Intergovernmental Organizations, ISPs, National CERTs Public https://stats.cybergreen.net Cyber Hygiene Implementation, Cybercrime Prevention, Cybersecurity Measurement CIS Control 12: Network Infrastructure Management, CIS Control 15: Service Provider Management Weekly, global data and statistics related to 5 open services at the country and ASN levels. Allows policymakers, nat'l CS agencies, CSIRTs, and other network operators assess levels and do cross comparisons.
51 CyberPeace Institute CyberPeace Builders Nonprofits/Charities Member https://cyberpeaceinstitute.org/cyberpeacebuilders Best Practices Development, Best Practices Sharing/Deployment, Collaborative Defensive Operations/Information Sharing, Cyber Hygiene Implementation, Cybercrime Prevention, Cybercrime Victim Assistance, Cybersecurity Awareness, Cybersecurity Certification, Cybersecurity Measurement, Cybersecurity Testing, Cybersecurity Training and Workforce Development, Development of Tools and Services, Diversity and Inclusion The CyberPeace Builders programme assists NGOs to build cybersecurity capacity through a trusted and dedicated network of corporate partners who provide volunteers managing a variety of free cybersecurity services for these NGOs.
52 CyberPeace Institute CyberPeace Cafes Nonprofits/Charities Public https://cyberpeaceinstitute.org/cyberpeace-cafe/ Cyber Hygiene Implementation, Cybersecurity Awareness CIS Control 14: Security Awareness and Skills Training CyberPeace Café is a repository of international and local cybersecurity awareness and digital resilience resources for NGOs’ employees and users in general.
53 Global Cyber Alliance Cybersecurity Toolkit for Individuals Individuals Public https://gcatoolkit.org/individuals/ Cyber Hygiene Implementation CIS Control 14: Security Awareness and Skills Training The GCA Cybersecurity Toolkit for Individuals provides free and effective tools to help protect individuals from cyber risks. The included free tools, services and resources focus on basic cyber hygiene to enable people to significantly reduce their risk
54 Global Cyber Alliance Cybersecurity Toolkit for Small Business Small and Medium Businesses Public https://gcatoolkit.org/smallbusiness/ Cyber Hygiene Implementation, Cybersecurity Awareness CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses The GCA Cybersecurity Toolkit for Small Business provides free and effective tools to reduce cyber risk. The tools are carefully selected and organized to make it easy to find and implement cybersecurity controls that will help organizations defend themse
55 Global Cyber Alliance Cybersecurity Toolkit for Journalists Journalists Public https://gcatoolkit.org/journalists/ Cyber Hygiene Implementation CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses This GCA Cybersecurity Toolkit for Journalists empowers independent journalists, watchdogs, and small newsrooms with information and tools to protect their sources and reputation. It helps the user to assess their security posture, implement free tools, f
56 Global Cyber Alliance Cybersecurity Toolkit for Elections Elections Offices/Officials Public https://gcatoolkit.org/elections/ Cyber Hygiene Implementation CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 3: Data Protection, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 5: Account Management, CIS Control 6: Access Control Management, CIS Control 7: Continuous Vulnerability Management, CIS Control 8: Audit Log Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses, CIS Control 11: Data Recovery, CIS Control 12: Network Infrastructure Management The tools in the GCA Cybersecurity Toolkit for Elections have been selected to assist election offices and officials augment their security programs with free operational tools and guidance which support implementation of the recommendations in the EI-ISA
57 Global Cyber Alliance Cybersecurity Toolkit for Mission-Based Organizations Nonprofits/Charities Public https://gcatoolkit.org/mission-based-orgs/ Cyber Hygiene Implementation CIS Control 1: Inventory and Control of Enterprise Assets, CIS Control 2: Inventory and Control of Software Assets, CIS Control 4: Secure Configuration of Enterprise Assets and Software, CIS Control 6: Access Control Management, CIS Control 9: Email and Web Browser Protections, CIS Control 10: Malware Defenses The GCA Cybersecurity Toolkit for Mission-Based Organizations provides a set of free tools, guidance, and training designed to help organizations take key cybersecurity steps and be more secure.
58 Global Cyber Alliance DMARC Setup Guide & Resources All Businesses Public https://www.globalcyberalliance.org/dmarc/ Cyber Hygiene Implementation CIS Control 9: Email and Web Browser Protections GCA assembled these resources about DMARC and a step-by-step DMARC Setup Guide, available in 18 languages, to help organizations of all sizes implement DMARC.
59 Global Cyber Alliance AIDE/IoT Developers and Development Organizations, ISPs, National CERTs Member https://www.globalcyberalliance.org/aide/ Best Practices Sharing/Deployment, Cybercrime Prevention At the core of AIDE is a database of 4 years' worth of global honeyfarm data. The current focus is on using the data to identify pockets of criminality and encourage cleanup in source networks. The ultimate goal is to use this sort of intelligence to info
60 Global Cyber Alliance Domain Trust Carriers/Communications, Critical Infrastructure, Cybersecurity Providers, Information Sharing Organizations, National CERTs, Registrars and Registries, Security Operations Entities Public https://www.globalcyberalliance.org/domain-trust/ Best Practices Sharing/Deployment, Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention GCA has convened a community of organizations across the globe, working together and driven by data, to help increase the integrity of the Internet by decreasing the number and impact of domains registered for cybercrime and other malicious purposes. This
61 Global Resilience Federation ISAC/ISAO construction and operation, cross-sector intelligence sharing, operational resilience against systemic threats All Businesses Member https://www.grf.org/ Collaborative Defensive Operations/Information Sharing Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response te
62 Institute for Security and Technology Blueprint for Ransomware Defense Small and Medium Businesses Public https://securityandtechnology.org/ransomwaretaskforce/blueprint-for-ransomware-defense/ Best Practices Sharing/Deployment The Blueprint for Ransomware Defense represents a set of foundational and actionable Safeguards, aimed at small- and medium-sized enterprises (SMEs).They’re based on a curated subset of the globally recognized CIS Critical Security Controls. It is writt
63 National Cyber-Forensics and Training Alliance Internet Fraud Alert (IFA) All Businesses Public https://www.ncfta.net Cyber Hygiene Implementation CIS Control 6: Access Control Management IFA is a public service which alerts on compromised credentials recovered online. Stolen credentials include credit/debit cards, email accounts with passwords, and user login accounts with passwords. Credentials are recovered daily by cyber-research analy
64 National Cyber-Forensics and Training Alliance Cyfin Security Operations Entities Member https://www.ncfta.net Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention CyFin is an NCFTA Member Program that facilitates financial institutions and law enforcement to share information and identify, validate, mitigate, and disrupt cyber-enabled financial crimes and cyber-threats to the financial services industry.
65 National Cyber-Forensics and Training Alliance Malware Lab Law Enforcement, MSPs and MSSPs, Security Operations Entities Member https://www.ncfta.net Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention CIS Control 10: Malware Defenses Through NCFTA's onsite Malware Lab, teams research, analyze, and provide intelligence on malware, ransomware and related technical cyber threats. Three outbound "feeds" are generated consiting of Long Term Infection analysis, live Malicious Threat Indicat
66 National Cyber-Forensics and Training Alliance Brand and Consumer Protection Program All Businesses, Law Enforcement Member https://www.ncfta.net Collaborative Defensive Operations/Information Sharing, Cybercrime Prevention BCP is an NCFTA Member Program that provides industry and law enforcement with actionable intelligence on cyber-enabled illegal sale and distribution of counterfeit goods and intelectual property including; fraud related to ecommerce transactions, pharmac
67 National Cybersecurity Alliance Career + Education Library Individuals Public https://staysafeonline.org/resources/career-education/ Cybersecurity Education (pre-college), Cybersecurity Training and Workforce Development CIS Control 14: Security Awareness and Skills Training The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organi
68 National Cybersecurity Alliance Cybersecurity Awareness Month All Businesses, Governments and Intergovernmental Organizations, Individuals Public https://staysafeonline.org/programs/cybersecurity-awareness-month/ Cyber Hygiene Implementation, Cybersecurity Awareness, Cybersecurity Education (pre-college), Cybersecurity Training and Workforce Development CIS Control 14: Security Awareness and Skills Training Cybersecurity Awareness Month, every October, is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. The month is dedicated to
69 National Cybersecurity Alliance Convene Regional Conferences Security Personnel Public https://staysafeonline.org/programs/events/regional-conferences/ Best Practices Sharing/Deployment, Cybersecurity Awareness, Cybersecurity Training and Workforce Development CIS Control 14: Security Awareness and Skills Training Elevate your cybersecurity training and awareness programs and learn from the experts at Convene.Since 2001, The National Cybersecurity Alliance has created educational resources and campaigns to help training and awareness professionals lead the charge
70 National Cybersecurity Alliance CyberSecure My Business Small and Medium Businesses Public https://staysafeonline.org/programs/cybersecure-my-business/ Best Practices Sharing/Deployment, Cyber Hygiene Implementation, Cybercrime Prevention CIS Control 14: Security Awareness and Skills Training CybersecureMyBusiness is a national program,CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online. The program is a series of in-person, highly interactive and easy-to-un
71 Open Cybersecurity Alliance STIX Shifter Developers and Development Organizations, Security Personnel Public https://opencybersecurityalliance.org/ Best Practices Sharing/Deployment, Development of Tools and Services CIS Control 14: Security Awareness and Skills Training Structured Threat Information eXpression (STIX™) is a software library and toolchain that allow SOC personnel and threat hunters to query data across many different security tools and have that data all be normalized to a common data format (the OASIS S
72 Open Cybersecurity Alliance Kestrel Threat Hunting Language Developers and Development Organizations, Security Personnel Public https://opencybersecurityalliance.org/ Collaborative Defensive Operations/Information Sharing, Development of Tools and Services CIS Control 10: Malware Defenses, CIS Control 13: Network Monitoring and Defense, CIS Control 17: Incident Response Management Kestrel is a threat hunting language aiming to make cyber threat hunting fast by providing a layer of abstraction to build reusable, composable, and shareable hunt-flow. Kestrel sits on top of STIX Shifter and uses it to provide a full universal threat hu
73 Open Cybersecurity Alliance Posture Attribute Collection and Evaluation (PACE) Developers and Development Organizations, Security Personnel Public https://opencybersecurityalliance.org/ Collaborative Defensive Operations/Information Sharing, Development of Tools and Services CIS Control 10: Malware Defenses, CIS Control 13: Network Monitoring and Defense, CIS Control 17: Incident Response Management Posture Attribute Collection and Evaluation (PACE) is an Open Cybersecurity Alliance (OCA) project. Posture assessment generally consists of understanding, for a given computing resource (or set of computing resources), software load, composition of that
74 OpenSecurityTraining2 OpenSecurityTraining2 All Businesses, Governments and Intergovernmental Organizations, Individuals Public https://ost2.fyi Cybersecurity Training and Workforce Development Free online deep-technical vocational cybersecurity training
75 OWASP OWASP Top 10 Web Developers Public https://owasp.org/Top10/A00_2021_Introduction/ Best Practices Development CIS Control 14: Security Awareness and Skills Training The OWASP Top 10 is primarily an awareness document. However, this has not stopped organizations using it as a de facto industry AppSec standard since its inception in 2003. If you want to use the OWASP Top 10 as a coding or testing standard, know that it
76 OWASP OWASP Amass Cybersecurity Providers Public https://owasp.org/www-project-amass/ Cybersecurity Testing CIS Control 1: Inventory and Control of Enterprise Assets The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
77 OWASP OWASP Application Security Verification Standard Developers and Development Organizations Public https://owasp.org/www-project-application-security-verification-standard/ Secure Development CIS Control 16: Application Software Security The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
78 OWASP OWASP Cheat Sheet Series Developers and Development Organizations Public https://owasp.org/www-project-cheat-sheets/ Best Practices Development CIS Control 16: Application Software Security The OWASP Cheat Sheet Series was created to provide a set of simple good practice guides for application developers and defenders to follow. Rather than focused on detailed best practices that are impractical for many developers and applications, they are
79 OWASP OWASP CSRFGuard Developers and Development Organizations Public https://owasp.org/www-project-csrfguard/ Best Practices Development CIS Control 16: Application Software Security OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.
80 OWASP OWASP CycloneDX Developers and Development Organizations Public https://owasp.org/www-project-cyclonedx/ Best Practices Development CIS Control 2: Inventory and Control of Software Assets OWASP CycloneDX is a lightweight Bill of Materials (BOM) standard designed for use in application security contexts andsupply chain component analysis.
81 OWASP OWASP Defectdojo Developers and Development Organizations Public https://owasp.org/www-project-defectdojo/ Best Practices Development CIS Control 7: Continuous Vulnerability Management An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.
82 OWASP OWASP Dependency-Check Developers and Development Organizations Public https://owasp.org/www-project-dependency-check/ Best Practices Development CIS Control 7: Continuous Vulnerability Management Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier f
83 OWASP OWASP Dependency-Track Developers and Development Organizations Public https://owasp.org/www-project-dependency-track/ Best Practices Development CIS Control 7: Continuous Vulnerability Management Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bi
84 OWASP OWASP Juice Shop Developers and Development Organizations Public https://owasp.org/www-project-juice-shop/ Cybersecurity Education (pre-college) CIS Control 14: Security Awareness and Skills Training OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top T
85 OWASP OWASP Mobile Application Security Developers and Development Organizations Public https://owasp.org/www-project-mobile-app-security/ Best Practices Development CIS Control 16: Application Software Security The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS), a comprehensive testing guide (OWASP MASTG) and a checklist bringing everything together. Together they provide that covers during a m
86 OWASP OWASP ModSecurity Core Rule Set All Businesses Public https://owasp.org/www-project-modsecurity-core-rule-set/ Cybercrime Prevention CIS Control 13: Network Monitoring and Defense The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with
87 OWASP OWASP OWTF Cybersecurity Providers Public https://owasp.org/www-project-owtf/ Cybersecurity Testing CIS Control 18: Penetration Testing OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP
88 OWASP OWASP SAMM Developers and Development Organizations Public https://owasp.org/www-project-samm/ Secure Development CIS Control 16: Application Software Security Software Assurance Maturity Model's mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic.
89 OWASP OWASP Security Knowledge Framework Developers and Development Organizations Public https://owasp.org/www-project-security-knowledge-framework/ Secure Development CIS Control 16: Application Software Security The OWASP Security Knowledge Framework is an open source web application that explains secure coding principles in multiple programming languages. The goal of OWASP-SKF is to help you learn and integrate security by design in your software development and
90 OWASP OWASP Security Shepherd Developers and Development Organizations Public https://owasp.org/www-project-security-shepherd/ Secure Development CIS Control 16: Application Software Security OWASP Security Shepherd is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or exp
91 OWASP OWASP Web Security Testing Guide Cybersecurity Providers Public https://owasp.org/www-project-web-security-testing-guide/ Cybersecurity Testing CIS Control 18: Penetration Testing The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetrati
92 OWASP OWASP ZAP Cybersecurity Providers Public https://owasp.org/www-project-zap/ Cybersecurity Testing CIS Control 18: Penetration Testing The worlds most widely used web app scanner. Free and open source. Actively maintained by a dedicated international team of volunteers.
93 SAFECode Trainiing and Culture Development Developers and Development Organizations Public https://safecode.org/category/resource-training-and-culture/ Best Practices Sharing/Deployment, Cybersecurity Training and Workforce Development, Secure Development CIS Control 16: Application Software Security Developing a software security program without consideration for the people who create the software is an effort doomed to fail. Creating and fostering a security-supportive culture is essential to successfully scaling a software security program. This In
94 SAFECode Managing a Software Security Program Developers and Development Organizations Public https://safecode.org/category/resource-managing-software-security/ Best Practices Sharing/Deployment, Secure Development CIS Control 16: Application Software Security A mature secure development lifecycle is more than just a checklist of secure development practices. It also encompasses all aspects of a healthy business process, such as program management, stakeholder engagement, deployment planning and measurement. SA
95 SAFECode Software Security for Buyers and Government All Businesses, Governments and Intergovernmental Organizations, Security Personnel Public https://safecode.org/category/resource-buyers-and-government/ Best Practices Sharing/Deployment, Cyber Hygiene Implementation CIS Control 16: Application Software Security There is no “secret sauce” for creating secure software. It is achieved through the successful execution of a holistic, scalable assurance process that should be transparent to those seeking to evaluate the security of the software they use. SAFECode
96 SAFECode Sofware Supply Chain Security All Businesses, Governments and Intergovernmental Organizations, Security Personnel Public https://safecode.org/blog/untangling-supply-chain-security/ Best Practices Sharing/Deployment, Cybersecurity Certification, Secure Development CIS Control 15: Service Provider Management, CIS Control 16: Application Software Security As global technology leaders, SAFECode members are frequently drawn into discussions of supply chain security with customers and regulators, and have a key role to play in managing the security of the supply chains used to deliver commercial products. Thi
97 SAFECode Secure Development Practices Developers and Development Organizations, Web Developers Public https://safecode.org/category/resource-secure-development-practices/ Best Practices Sharing/Deployment, Secure Development CIS Control 16: Application Software Security Effective technology practices are the foundation of any secure development process. From threat modeling to fuzzing, SAFECode members share their insights and experiences around implementing security practices across all stages of the software developmen
98 SecureTheVillage Executive and Board Leadership Security and Privacy Program Nonprofits/Charities, Small and Medium Businesses Public https://securethevillage.org/ Best Practices Sharing/Deployment, Secure Development Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals.
99 SecureTheVillage IT Security Management Program MSPs and MSSPs Public https://securethevillage.org/ Best Practices Development, Collaborative Defensive Operations/Information Sharing Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals.
100 SecureTheVillage Financial Services Cybersecurity Program Financial Institutions Public https://securethevillage.org/ Cybercrime Prevention Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals.
101 SecureTheVillage Cybersecurity Workforce Program All Businesses, Nonprofits/Charities Public https://securethevillage.org/ Cybersecurity Training and Workforce Development, Diversity and Inclusion Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals.
102 SecureTheVillage Community Engagement Program Individuals Public https://securethevillage.org/ Cyber Hygiene Implementation, Cybercrime Prevention, Cybercrime Victim Assistance, Cybersecurity Awareness Through a systemically-integrated series of information security and privacy programs, SecureTheVillage provides education, support, and advocacy to the bottom half of the cybersecurity divide: mid-size & smaller organizations, and families & individuals.
103 Shadowserver Daily threat intelligence feeds All Businesses, National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/get-reports/ Collaborative Defensive Operations/Information Sharing,Cybercrime Prevention,Cyber Hygiene Implementation Shadowserver is the world's largest provider of free threat intelligence, sharing billions of security events daily with 201 National CSIRTs in 175 countries and territories, and over 7000+ organizations (government entities, ISPs, hosting providers, CSPs
104 Shadowserver Dashboard All Businesses, Carriers/Communications, Content Providers, Critical Infrastructure, Financial Institutions, Governments and Intergovernmental Organizations, Governments US State/Local/Tribal/Territorial (SLTT), Individuals, Information Sharing Organizations, ISPs, Law Enforcement, MSPs and MSSPs, National CERTs, Nonprofits/Charities, Registrars and Registries, Security Operations Entities, Small and Medium Businesses Public https://dashboard.shadowserver.org Collaborative Defensive Operations/Information Sharing, Cyber Hygiene Implementation, Cybercrime Prevention Shadowserver maintains a Public Dashboard that allows any user to explore many Internet-scale security datasets (high-level statistics only)
105 Shadowserver Scanning Project All Businesses, National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/get-reports/ Collaborative Defensive Operations/Information Sharing Daily scanning of entire IPv4 space for over 100 services, plus 10 IPv6 services (latter based on hitlists). Overview of external exposed services worldwide since 2014. Remote fingerprinting of IoT and other devices, with over 1200+ fingerprinting rules c
106 Shadowserver Malware Project All Businesses, National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/get-reports Collaborative Defensive Operations/Information Sharing Malware collection of over 1.7 billion unique samples by hash, over 1 million collected daily (unique by hash). Sample exchange with industry/CSIRTs/researchers.
107 Shadowserver Sandbox Project All Businesses, National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/get-reports Collaborative Defensive Operations/Information Sharing Large scale sandboxing of malware, YARA rule development and classification of malware. Over 200 physical and 2000 virtual sandboxes running at one time
108 Shadowserver Honeynet Project All Businesses, National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/get-reports Collaborative Defensive Operations/Information Sharing Large scale deployments (over 2000) IoT, Web, ICS and other honeypots (7 types) in over 90 countries worldwide. Presence in over 400 datacentre locations worldwide. Tracking new exploits and common vulnerabilities daily (currently over 200 total). Any org
109 Shadowserver Honeynet-as-a-Service Cybersecurity Providers, National CERTs, Nonprofits/Charities Member https://www.shadowserver.org/contact/ Collaborative Defensive Operations/Information Sharing Ability to operate honeypot platforms for other entities
110 Shadowserver SSL/TLS certificate collection,SSL/TLS certificate active collection National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/api-scan-ssl/ Collaborative Defensive Operations/Information Sharing Shadowserver collects over 40 million SSL certificates per day, enabling tracking of threat actors and their infra that use SSL certificates.
111 Shadowserver Sinkholing Project All Businesses, National CERTs Public https://www.shadowserver.org/what-we-do/network-reporting/get-reports Collaborative Defensive Operations/Information Sharing Shadowserver sinkholes over 400 malware families and malware variants. Any organization that has a responsibility for a network can subscribe for free to this data for their network.
112 Shadowserver SSPT,Special Projects Team (SSPT) Cybersecurity Providers, Law Enforcement, National CERTs Member https://www.shadowserver.org/contact/ Collaborative Defensive Operations/Information Sharing Shadowserver maintains a team that collaborates with leading LE agencies worldwide on large scale malware, botnet and ransomware cases.
113 Shadowserver Registrar of Last Resort (ROLR) Law Enforcement, National CERTs Public https://www.rolr.eu/ Collaborative Defensive Operations/Information Sharing Shadowserver operates ROLR, a registrar of malicious domains - enabling registration of malicious domains that need to be blocked or sinkholed, thus ensuring protection of users (Public)
114 Shadowserver Malicious hash lookup service National CERTs Member https://www.shadowserver.org/what-we-do/network-reporting/api-research/ Collaborative Defensive Operations/Information Sharing Shadowserver maintains a free malicious hash lookup service for the (vetted) community.
115 Shadowserver Trusted program lookup service All Businesses, National CERTs, Security Operations Entities Public https://www.shadowserver.org/what-we-do/network-reporting/api-trusted-programs-query/ Collaborative Defensive Operations/Information Sharing Shadowserver maintains a trusted hash lookup service for the community.
116 Shadowserver Cybersecurity training for CSIRTs Governments and Intergovernmental Organizations, Law Enforcement, National CERTs Member https://www.shadowserver.org/contact/ Collaborative Defensive Operations/Information Sharing, Cybersecurity Awareness, Cybersecurity Training and Workforce Development Shadowserver conducts trainings for National CSIRTs, Law Enforcement, Government and others on cybersecurity issues as seen in Shadowserver dataset and on how to use Shadowserver data.
117 Shadowserver Geo-ip/ASN/lookup service All Businesses Public https://www.shadowserver.org/what-we-do/network-reporting/api-asn-and-network-queries/ Collaborative Defensive Operations/Information Sharing Shadowserver maintains a free IP/ASN lookup service for the community.
118 Sightline Security [cybersecurity] KickStart for Nonprofits Nonprofits/Charities Public https://sightlinesecurity.org/kickstart Best Practices Development Cybersecurity assessments designed for nonprofits rooted in the NIST CSF includes assessment questions, outcomes and roadmap report, and training.
119 Sightline Security Member Forum for Nonprofits Nonprofits/Charities Public https://sightlinesecurity.org/member-forum Cybersecurity Awareness A free cybersecurity community private for nonprofits only (no vendors) where they gain knowledge about current events (as well as security reports), do early stage assessments and participate in learning and discussion groups with other nonprofits.
120 Sightline Security Cybersecurity consulting services for nonprofits Nonprofits/Charities Public https://sightlinesecurity.org/ Best Practices Sharing/Deployment Sightline provides adhoc consulting and project based services for data mapping, social media use and policies, and training.
Member Nonprofit Audience Benefit For Subject/Control Area Optional: Control Areas