Frameworks & Reference Library

Core cybersecurity, risk, and compliance frameworks that inform ABI Consulting’s methodology — spanning governance, risk management, and control implementation across regulated and commercial environments.

Framework / Standard	Purpose / Focus	Primary Use Cases	Reference
ISO/IEC 27001:2022 Information Security Management System	Defines best practices for establishing, maintaining, and continually improving an ISMS.	CorporateDefenseFinance	ISO.org
SOC 2 Type II Trust Services Criteria	Auditing standard ensuring controls for security, availability, confidentiality, processing integrity, and privacy.	SaaSCloud	AICPA.org
NIST SP 800-30 Guide for Conducting Risk Assessments	Provides structured methodology to identify, analyze, and determine risk likelihood and impact.	Risk ManagementFederal	SP 800-30
CMMC 2.0 Cybersecurity Maturity Model Certification	Aligns defense contractors with protection standards for Controlled Unclassified Information (CUI).	DefenseSMB	DoD CIO
COBIT 2019 Governance & Management Framework	Enterprise framework for IT governance and risk alignment with business goals.	EnterpriseIT Governance	ISACA.org
CIS Critical Security Controls v8 Prioritized cyber hygiene baseline	Provides 18 essential controls to reduce the most prevalent cyber threats.	SMBEnterprise	CIS Controls
ISO/IEC 27005 Information Security Risk Management	Guidance for managing risks within the context of ISO 27001.	GovernanceRisk	ISO.org
NIST Cybersecurity Framework (CSF) 2.0	Outcome-based framework to improve and communicate cybersecurity risk management.	Critical InfrastructureSMB	NIST CSF
SP 800-171	Safeguards for Controlled Unclassified Information (CUI).	DefenseContractors	SP 800-171
SP 800-53 Rev.5	Catalog of security and privacy controls for information systems.	FederalEnterprises	SP 800-53
Zero Trust Architecture (SP 800-207)	Concepts and models for modern, perimeterless security.	All sectors	SP 800-207