Technical

Technical reference documentation and standards

Overview

Technical documentation for consultants covering security tools, compliance requirements, and implementation standards.

Documentation Categories

Security Technologies

Category	Topics
Endpoint Security	EDR platforms, AV solutions, configuration standards
Network Security	Firewalls, SIEM, network monitoring
Identity & Access	IAM, MFA, privileged access management
Cloud Security	AWS/Azure/GCP security controls, CSPM
Email Security	Secure email gateways, DMARC/SPF/DKIM

Compliance Technical Requirements

Framework	Key Technical Controls
HIPAA	Access controls, encryption, audit logs, backup
SOC 2	All TSC controls technical implementation
ISO 27001	Annex A controls technical mapping
NIST CSF	Framework core technical implementation
CMMC	Practice-specific technical requirements

See Compliance Frameworks for framework details.

Implementation Standards

Standard	Purpose
Configuration baselines	Secure defaults for common platforms
Hardening guides	OS, application, network hardening
Assessment methodologies	Pen testing, vulnerability assessment
Architecture patterns	Reference architectures for common needs

Quick Reference

Common Tools

Tool	Purpose	Notes
Nessus/Qualys	Vulnerability scanning	Licensed
Burp Suite	Web app testing	Licensed
Nmap	Network scanning	Open source
Wireshark	Packet analysis	Open source

Compliance Quick Lookup

Question	Framework Reference
What encryption is required?	HIPAA 164.312(a)(2)(iv), SOC 2 CC6.1
MFA requirements?	All frameworks require, specifics vary
Log retention?	HIPAA 6 years, SOC 2 per policy, PCI 1 year

Related Documents

• Compliance Frameworks
• SOPs
• Troubleshooting