Public Domain Resources
Frameworks and guidance published as public domain works, primarily from U.S. government agencies (NIST, FedRAMP, DoD) and open-source organizations (OWASP). These resources can be freely used, shared, and built upon. 5062 items across 22 resources.
NIST SP 800-53
Security and Privacy Controls for Information Systems and Organizations
FedRAMP Rev 5
Federal Risk and Authorization Management Program Security Baselines
FedRAMP 20x KSI
Key Security Indicators for FedRAMP 20x authorization
DoD SRG
DoD Cloud Computing Security Requirements Guide - FedRAMP+ controls by Impact Level
OWASP Top 10
The OWASP Top 10 is a standard awareness document for web application security risks
OWASP API Security Top 10
The OWASP API Security Top 10 represents the most critical security risks to APIs
OWASP Mobile Top 10
The OWASP Mobile Top 10 represents the most critical security risks to mobile applications
OWASP Smart Contract Top 10
The most critical security risks in smart contract development, based on 2025 incident data
Kubernetes STIG
DoD Security Technical Implementation Guide for Kubernetes container orchestration
NIST AI RMF
AI Risk Management Framework Playbook - Suggested actions for trustworthy AI
EU AI Act
European Union Artificial Intelligence Act - Risk-based regulatory framework for AI systems
NIST SSDF
Secure Software Development Framework - Practices for integrating security into SDLC
NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
CMMC
Cybersecurity Maturity Model Certification for DoD contractors
TX-RAMP
Texas Risk and Authorization Management Program - Security assessment and certification for cloud computing services used by Texas state agencies
HIPAA Security Rule
Health Insurance Portability and Accountability Act - Security safeguards for electronic protected health information (ePHI)
NIS2 Directive
Network and Information Security Directive 2 - EU cybersecurity legislation
CISA Secure by Design
Principles and pledge goals for building cybersecurity into product design — jointly published by CISA, FBI, NSA, and 17+ international partners
> About Public Domain
Public domain works are not restricted by copyright and can be freely used by anyone for any purpose.
Most U.S. government publications, including NIST standards and FedRAMP baselines, are automatically in the public domain under 17 U.S.C. § 105. OWASP content is released under open-source licenses (typically Creative Commons) that allow free redistribution.
This means you can reference, reproduce, and build upon these frameworks without permission or licensing fees.