Compliance
Explore 109 curated tools and resources
LATEST ADDITIONS
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A tool for discovering, analyzing, and remedying sensitive data
A next-generation file integrity monitoring and change detection system
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A compliant audit log tool that provides a searchable, exportable record of read/write events.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A module that enforces HTTPS connections and automatically redirects non-encrypted HTTP requests to HTTPS.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
AWS account compliance using centrally managed Config Rules
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Tool for assessing compliance and running vulnerability scans on Docker images.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Guidelines for contributing to a cybersecurity tools and resources list
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
A summary of the threat modeling posts and final thoughts on the process
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Continually audit your AWS usage to simplify risk and compliance assessment.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Metadata repository with installation tools and cloud provider support.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
A documentation template library for implementing industrial information security management systems.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A tool for monitoring and managing device compliance and security across multiple platforms
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Open source application to instantly remediate common security issues through the use of AWS Config.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Assess, audit, and evaluate configurations of AWS resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
Scripts to quickly fix security and compliance issues
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Collects and organizes Linux OS data for detailed analysis and incident response.
A system for reserving classrooms at the University of Pisa.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
A centralized platform for managing open source components and automating software supply chain security.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A community-driven GRC solution that is simple, affordable, and open-source.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
A free online tool that scans and fixes common security issues in WordPress websites.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Receive important notifications and updates related to North American electric grid security.
Docker's Actuary automates security best-practices checks for Docker containers.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
A community website for API security news, vulnerabilities, and best practices
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
An open-source artifact metadata API for managing metadata about software resources and governing the software supply chain.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security