Cybersecurity Frameworks
The cybersecurity frameworks reference.
Cybersecurity has dozens of frameworks. Most professionals use the same handful every day — and seeing them named without explanation is one of the fastest ways to feel lost in this field. This page covers the twelve frameworks you'll actually encounter at work, in certifications, and across this site.
If you only learn three
The minimum viable set, ranked.
If you're new to cybersecurity and want maximum return on study time, learn these three. Together they cover how organizations think about security strategically, how attackers actually behave, and how application-layer threats break in. Almost every other framework in this list builds on or borrows from one of them.
First / Strategic
NIST CSF 2.0
The lingua franca of corporate security. Five functions, plain English, free to read. Speaks to executives.
Second / Tactical
MITRE ATT&CK
How attackers actually operate. Used by every red team, every blue team, every modern detection product on earth.
Third / Practical
OWASP Top 10
The ten most common web app vulnerability classes. Asked about in nearly every AppSec interview.
12
Frameworks covered, organized into 4 categories
200+
Countries with organizations using NIST CSF or ISO 27001
50+
Years of combined evolution — most predate the modern internet
$0
Cost to read 11 of 12 — only ISO 27001 sits behind a paywall
Showing 0 of 0 frameworks · All categories
No frameworks match your search
Try a different keyword, clear the search, or pick another category.