See How Your IT Environment Measures Up To Industry Best Practices.
ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following the successful completion of an audit.
As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171. If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts. The coming CMMC will incorporate these controls.
The Center for Internet Security Critical Security Controls for Effective Cyber Defense is a publication of best practice guidelines for computer security.
The guidelines consist of 20 key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks. The controls are designed so that primarily automated means can be used to implement, enforce and monitor them. The security controls give no-nonsense, actionable recommendations for cybersecurity, written in language that’s easily understood by IT personnel.