ANSI - American National Standards Institute

Cybersecurity Portal

This portal provides information on the contributions of ANSI, members of the ANSI Federation, and the broader community to address issues related to cybersecurity. It includes links to selected public- and private-sector cybersecurity resources.

ANSI Publications

ANSI partnered with the Internet Security Alliance (ISA) and others to produce several publications which are freely available. 

  • The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security (2012),
    published by ANSI, via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and ISA, calls for enhanced security to safeguard protected health information (PHI). Developed by over 100 industry leaders in health care privacy and security, this report estimates the overall potential costs of a health care data breach to an organization and provides a 5-step method to assess specific security risks and determine an appropriate level of investment to strengthen privacy and security programs. The report also addresses the most common threats and vulnerabilities to the security of PHI, and safeguards and controls that organizations can put in place to mitigate the risk of a breach.
  • The Financial Management of Cyber Risk: An Implementation Framework for CFOs (2010),
    published by ANSI in partnership with ISA, offers a pragmatic action plan that addresses cybersecurity from an enterprise-wide perspective. Developed by a task force of more than 60 industry and government experts, this guide responds directly to President Obama’s Cyberspace Policy Review which asked for a program that would help assign monetary value to cyber risks and consequences, giving organizations greater ability and incentive to address cybersecurity.
  • The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask (2008),
    published by ANSI in partnership with ISA, is designed to help business executives in the analysis, management and transfer of financial risk related to cyber attack. Developed by a cross-sector task force representing more than 30 private and public sector organizations, this is the first known publication to approach the financial impact of cyber risks from the perspective of core business functions.

The ANSI IDSP also produced several reports focused on preventing identity theft and fraud which are freely available:

  • ANSI IDSP Workshop Report Identity Verification (October 2009)
    calls for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft.  The workshop and report were driven by recognized vulnerabilities in the issuance of foundational documents used to prove identity. The North American Security Products Organization, an ANSI-accredited standards developing organization, has initiated a standards development activity.
  • ANSI IDSP Workshop Report Measuring Identity Theft (October 2009)
    addresses the way in which research companies measure identity theft. The publication includes a review of relevant terminology, research studies and methodologies for studying the problem, as well as recommendations in each of these areas.
  • ANSI BBB IDSP Final Report (January 31, 2008),
    developed in partnership with the Better Business Bureau and more than 70 leading private and public organizations, this comprehensive, two volume report helps to arm businesses and other organizations with the tools and processes they need to prevent the theft of personal and financial information. Volume one contains findings and recommendations for areas needing new or updated standards, guidelines, best practices or compliance systems, while  volume two contains a catalog of standards, guidelines, best practices and compliance systems.

ANSI Standards Resources

ANSI Conformity Assessment Activities

ANSI's accreditation program for personnel certification bodies under ANSI/ISO/IEC 17024 includes accreditation of certification bodies for cybersecurity professionals. Some examples can be found in the Accreditation Directory by searching on "cyber", "hacker", "information systems" and "security". ANSI is recognized as the accreditor for the U.S. Department of Defense (DOD) Information Assurance (IA) Workforce Improvement Program. Under DOD directive 8570, all agency employees and contractors involved in information assurance must receive and maintain certification for the highest level functions that they perform related to data management, use, processing, storage and transmission.

The National Initiative For Cybersecurity Education (NICE) is an initiative that enhances the overall cybersecurity posture of the United States by accelerating the availability of educational and training resources designed to improve the cybersecurity skills, and knowledge of our nation’s students and workforce. Organizations proving cybersecurity training are eligible to apply under the ANSI certificate accreditation program based on an American National Standard, ANSI/ASTM E2659-09, Standard Practice for Certificate Programs. The standard requires that the training program meets predefined industry requirements for content, follows predetermined processes, includes constant feedback for quality improvement, and much more.

The ANSI-ASQ National Accreditation Board (ANAB) accreditation program for management systems certification bodies under ISO/IEC 17021 includes accreditation of certification bodies for ISO/IEC 27001 Information Security Management Systems.

ANSI Company Member Forum

Cybersecurity has been identified as one of the top issues of concern to the ANSI Company Member Forum and various speakers have presented on this topic. If you are not already a member of ANSI, find out more about the benefits of ANSI membership.

National Institute of Standards and Technology (NIST) Resources

U.S. Department of Homeland Security Resources

White House Cybersecurity Resources

Private-Sector Cybersecurity Resources

  • Center for Internet Security (CIS)
    is an international nonprofit organization focused on enhancing cybersecurity readiness and response for the public and private sectors. It produces consensus-based, best practice secure configuration benchmarks and security automation content, and serves as the key cyber security resource for state, local, territorial and tribal governments, including chief security officers, homeland security advisors and fusion centers.
  • Cloud Security Alliance (CSA) 
    is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
  • Council on CyberSecurity (CCS)
    is an independent, expert, not-for-profit organization with a global scope committed to the security of an open Internet. The Council is committed to the ongoing development and widespread adoption of the Critical Controls, to elevating the competencies of the cybersecurity workforce, and to the development of policies that lead to measurable improvements in our ability to operate safely, securely and reliably in cyberspace.
  • Forum of Incident Response and Security Teams (FIRST)
    is the premier organization and recognized global leader in incident response.
  • FBI InfraGard
    is a partnership between the FBI and the private sector.  It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
  • Global Information Assurance Certification (GIAC)
    is the leading provider and developer of cybersecurity certifications
  • Information Systems Security Association (ISSA)®
    is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.
  • Internet Security Alliance (ISA)
    - a multi-sector trade association that combines the thought leadership that might be found in a "think tank” with advocacy one would expect from a trade association, and operational security programs that might be found in a professional association. Founded in 2000 in collaboration with Carnegie Mellon University, ISA membership is open to public and privately held entities and currently has substantial participation from the aviation, banking, communications, defense, education, financial services, health care, insurance, manufacturing, security, and technology industries.
  • Internet Storm Center (ISC)
    provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
  • ISACA
    helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development
  • (ISC)2
    is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers
  • National Council of ISACs (NCI)
    – Contains links to members of the Council that are the individual Information Sharing and Analysis Centers (ISACs) that represent their respective sectors
  • National Cyber-Forensics and Training Alliance (NCFTA)
    is a non-profit corporation focused on identifying, mitigating, and ultimately neutralizing cyber crime threats through strategic alliances and partnerships with subject matter experts in the public, private, and academic sectors.
  • National Cyber Security Alliance (NCSA)
    has as its mission to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets.
  • SANS Institute
    was established in 1989 as a cooperative research and education organization. It is the most trusted and by far the largest source for information security training and security certification in the world.
  • U.S. Cyber Consequences Unit (US-CCU)
    is an independent, non-profit research institute. It provides assessments of the strategic and economic consequences of possible cyber-attacks and cyber-assisted physical attacks. It also investigates the likelihood of such attacks and examines the cost-effectiveness of possible counter-measures.
ISO 50001:2011 is NOW AVAILABLE