Frameworks & Methodology
The AYSOLI Security Baseline is based on globally recognized standards and best practices. Learn more about the frameworks used here.
STRIDE-LM
STRIDE is a model for identifying computer security threats. We use the extended variant STRIDE-LM, to map modern cloud and network architectures.
MITRE ATT&CK®
ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It helps us adopt the attacker's perspective.
Visit Official WebsiteOWASP
The Open Web Application Security Project® (OWASP) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus on the most critical security risks to web applications.
Explore OWASP Top 10CIS Controls
The Center for Internet Security (CIS) Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks.
Visit Official WebsiteNIST CSF
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
Visit Official WebsiteNIST AI RMF
The NIST AI Risk Management Framework (AI RMF 1.0, published 2023) is a standalone framework separate from the NIST CSF. It helps organisations identify, assess, and manage risks associated with AI systems — with a focus on trustworthiness, fairness, transparency, and safety.
Controls Library
The Controls Library contains all security controls on the platform, mapped to CIS v8, NIST CSF, and NIST AI RMF. Use the framework filter to view controls by standard — grouped by CIS control group (1–18), NIST CSF function (GV · ID · PR · DE · RS · RC), or AI RMF category.
Security Assessment
The Security Assessment evaluates an organisation's security posture in two tiers. The Quick Check (~27 questions) gives an initial baseline across seven domains. The Deep Assessment then drills into open or partially implemented controls with targeted follow-up questions.
TLP 2.0
The Traffic Light Protocol (TLP) is a standard defined by FIRST (Forum of Incident Response and Security Teams) to classify sensitive information. TLP defines who information may be shared with. Version 2.0 comprises five classification levels.
No restriction
Information can be distributed without restriction. Recipients may share this information freely, regardless of source or format.
Community-wide sharing
Information is for the community at large. It may be shared within the community, but not publicly or outside of it.
Limited disclosure
Information may be shared with members of the recipient's own organisation who need to know. It must not be shared outside the organisation.
Direct recipients only
Like TLP:AMBER but more restrictive: information may only be shared with the direct recipients — not further within the organisation.
No disclosure
Information is not for disclosure. It is restricted to direct participants only — including in-person and verbal communications.