•  ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements

•  ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management

•  ISO/IEC 27005:2011 – Information technology – Security techniques – Information security risk management

•  ISO/IEC 31000:2009 – Risk management – Principles and guidelines

•  ISO/IEC 20000-1:2011 – Information technology – Service management – Part 1: Service management system requirements

•  NIST SP 800-115 – Technical Guide to Information Security Testing and Assessment (2008)

•  NIST SP 800-81 Revision 1 – Secure Domain Name System (DNS) Deployment Guide (2009)

•  NIST SP 800-53A Revision 1 – Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (2010)

•  NIST SP 800-41 Revision 1 – Guidelines on Firewalls and Firewall Policy (2002).