Threat Intelligence & Vulnerability Databases
ISACs (Information Sharing and Analysis Centers)
Industry-specific cyber threat intelligence networks (e.g., finance, healthcare, aviation).
MS-ISAC (Multi-State Information Sharing and Analysis Center)
Cybersecurity intelligence and resources for state and local governments.
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)
A framework of adversary tactics and techniques for cyber defense and threat hunting.
CVE (Common Vulnerabilities and Exposures)
Official catalog of cybersecurity vulnerabilities and exposures.
NVD (National Vulnerability Database)
U.S. government vulnerability database with risk scoring and mitigation guidance.
CISA Known Exploited Vulnerabilities Catalog
List of actively exploited vulnerabilities with remediation guidance.
Official Government Agencies
CISA (Cybersecurity and Infrastructure Security Agency)
U.S. cybersecurity alerts, threat intelligence, and security guidelines for protecting infrastructure.
NSA (National Security Agency) Cybersecurity
Security advisories, threat mitigation, and national cybersecurity guidance.
NIST (National Institute of Standards and Technology)
Cybersecurity frameworks and risk management best practices, including NIST CSF and 800-53.
FBI (Federal Bureau of Investigation) Cybercrime Division
Investigations into cybercrime, including ransomware, fraud, and nation-state attacks.
DHS (Department of Homeland Security) Cybersecurity
Government-led cybersecurity strategies and national security research.
US-CERT (United States Computer Emergency Readiness Team)
Cyber threat alerts, vulnerability reports, and response coordination.
IC3 (Internet Crime Complaint Center)
FBI-run cybercrime reporting center with trend analysis and public alerts.
Professional Development & Research
OWASP (Open Web Application Security Project)
Web application security research, including the OWASP Top 10 vulnerabilities.
CIS (Center for Internet Security)
Security best practices, benchmarks, and compliance tools for organizations.
CERT Division - Carnegie Mellon University
Cyber risk research and incident response methodologies.
General Cybersecurity Compliance Frameworks
NIST CSF
A voluntary framework that provides best practices for identifying, protecting, detecting, responding to, and recovering from cyber threats.
ISO/IEC 27001
An international standard for information security management systems (ISMS) that helps organizations secure data.
CIS Controls
A set of prioritized cybersecurity best practices designed to help organizations prevent cyberattacks.
Industry-Specific Cybersecurity Regulations
Healthcare
Financial Services
Government & Defense
FISMA
Requires federal agencies and contractors to implement cybersecurity programs based on NIST guidelines.
CMMC
Required for DoD contractors to ensure cybersecurity readiness for handling Controlled Unclassified Information (CUI).
Consumer Data Protection & Privacy
GDPR
While primarily an EU regulation, many US companies that handle European data must comply with GDPR.
NYDFS (23 NYCRR 500)
Mandates financial institutions in New York to maintain cybersecurity programs.
Cloud & Third-Party Security Compliance
FedRAMP
Ensures cloud service providers meet strict cybersecurity standards for government use.
SOC 2
Defines security, availability, and privacy requirements for third-party vendors managing customer data.