Free Cybersecurity Resources

Checklists, templates, and references

The checklists we use internally on engagements. Free to read, print, and share. No email gate, no sales funnel, no bullshit. Use them to prepare for audits, respond to vendor questionnaires, and structure your own security program.

HIPAA · 45 CFR 164.308

HIPAA Risk Analysis Template

The document HHS OCR asks for first during any investigation. Full template covering all systems handling ePHI, threat and vulnerability enumeration, and likelihood/impact scoring.

Read resource →

SOC 2 · Trust Services Criteria

SOC 2 Type II Readiness Checklist

Control-by-control readiness checklist for SOC 2 Type II. Covers all Common Criteria, Availability, Confidentiality, and the evidence your auditor will actually accept.

Read resource →

PCI DSS 4.0

PCI DSS 4.0 Requirements Map

All 12 requirement families with 2026 enforcement notes. Includes the newly enforced Requirements 6.4.3 and 11.6.1 for payment page script integrity monitoring.

Read resource →

CMMC 2.0 · NIST 800-171

CMMC 2.0 Level 2 Self-Assessment Checklist

All 110 NIST 800-171 Rev. 2 practices grouped by domain. Self-assessment scoring guidance aligned to the Cyber AB CMMC Assessment Process (CAP).

Read resource →

Vendor Risk

Vendor Security Questionnaire Template

60+ question template for assessing third-party vendors handling your data. Use it to send to your vendors — or to answer the ones you receive.

Read resource →

Incident Response

Incident Response Runbook Template

Minute-by-minute runbook for the first 72 hours of a suspected incident. Covers ransomware, BEC, credential compromise, and data exfiltration scenarios.

Read resource →

Need the real engagement?

Checklists are the start. The engagement is where we actually find the gaps, validate the controls, and produce audit-grade documentation. Start with a free security check.

Request Free Check