Vendor Docs
Splunk Enterprise Security — Documentation
Splunk, SIEM, Enterprise Security, correlation rules.
External Authority References
Standards, scholarship, and frameworks cited by the doctrine.
Every external authority referenced across the institutional doctrine series — standards bodies, academic institutions, consulting houses, OSS projects, and analyst firms — collected in one index. Each reference links to its authoritative source.
166 references
68 sources
Vendor Docs
IBM QRadar SIEM — Knowledge Center
IBM QRadar, SIEM, correlation rules, log analytics.
Vendor Docs
OpenText ArcSight ESM — Documentation
ArcSight, ESM, SIEM, correlation.
Vendor Docs
LogRhythm SIEM — Documentation Portal
LogRhythm, SIEM, UEBA, SOC.
Vendor Docs
Splunk SOAR (Phantom) — Documentation
Splunk SOAR, Phantom, playbook automation.
Vendor Docs
Palo Alto Cortex XSOAR — Documentation
XSOAR, Cortex, SOAR, incident orchestration.
AWS Docs
AWS Security Hub — Documentation
AWS, Security Hub, CSPM, cloud security.
Azure Docs
Microsoft Defender for Cloud — CSPM & CWPP
Azure, Defender for Cloud, CSPM, CWPP.
GCP Docs
GCP Security Command Center — Documentation
GCP, Security Command Center, CSPM, cloud security.
Vendor Docs
CrowdStrike Falcon — Tech Center
CrowdStrike, Falcon, EDR, endpoint security.
Vendor Docs
SentinelOne Singularity — Documentation
SentinelOne, Singularity, EDR, XDR.
Microsoft Learn
Microsoft Defender XDR — Documentation
MS Defender, XDR, endpoint, Microsoft 365.
Vendor Docs
VMware Carbon Black Cloud — Documentation
Carbon Black, EDR, endpoint forensics.
Vendor Docs
CyberArk Privileged Access Manager — Documentation
CyberArk, PAM, privileged access, vaulting.
Vendor Docs
SailPoint IdentityNow — Documentation
SailPoint, IGA, identity governance, access reviews.
Vendor Docs
BeyondTrust Password Safe — Documentation
BeyondTrust, PAM, privileged session.
Vendor Docs
Okta Identity Cloud — Developer & Admin Docs
Okta, IAM, SSO, MFA.
Microsoft Learn
Microsoft Entra ID (Azure AD) — Identity Documentation
Entra ID, Azure AD, conditional access, identity.
Vendor Docs
Qualys VMDR — Cloud Platform Documentation
Qualys, VMDR, vulnerability management, CVE.
Vendor Docs
Tenable Nessus — Documentation
Tenable, Nessus, vulnerability scanning.
Vendor Docs
Rapid7 InsightVM — Documentation
Rapid7, InsightVM, risk-based prioritisation.
Vendor Docs
Palo Alto Networks NGFW — Technical Documentation
Palo Alto, NGFW, firewall, zero trust.
Vendor Docs
Cisco Secure Firewall (ASA / FTD) — Documentation
Cisco, ASA, Firepower, firewall.
Vendor Docs
Check Point Quantum Security Gateways — Documentation
Check Point, Quantum, firewall, NGFW.
Vendor Docs
Fortinet FortiGate — Documentation Library
Fortinet, FortiGate, NGFW, SD-WAN.
Vendor Docs
Juniper SRX Series Firewalls — Documentation
Juniper, SRX, firewall, Netscreen.
Open Source
Snort — Network IDS/IPS Documentation
Snort, IDS, IPS, network detection.
Standards Body
MITRE ATT&CK — Enterprise Matrix
MITRE ATT&CK, TTPs, threat intelligence.
Standards Body
OASIS STIX/TAXII — Cyber Threat Intelligence Standards
STIX, TAXII, CTI, threat intel exchange.
Standards Body
ISO/IEC 27001:2022 — Information Security Management
ISO 27001, ISMS, lead auditor.
Standards Body
ISO/IEC 27701:2019 — Privacy Information Management
ISO 27701, PIMS, privacy.
Standards Body
NIST Cybersecurity Framework (CSF) 2.0
NIST CSF, framework, cyber governance.
Standards Body
NIST SP 800-61 Rev. 2 — Incident Handling Guide
NIST 800-61, incident response, CSIRT.
Standards Body
OWASP Top 10 — Web Application Security Risks
OWASP Top 10, web app security, DevSecOps.
Standards Body
PCI DSS v4 — Payment Card Industry Data Security
PCI DSS, payment card, compliance.
ISACA
COBIT 2019 — Governance Framework
COBIT, governance, ISACA.
ICO Guidance
ICO — UK GDPR Records of Processing (RoPA / Article 30)
RoPA, Article 30, UK GDPR, records of processing.
ICO Guidance
ICO — Personal Data Breach Notification Guidance
data breach, ICO notification, GDPR.
EDPB Guidance
EDPB — International Data Transfers (SCCs)
SCCs, cross-border transfer, EDPB, GDPR.
Regulator
FCA — SYSC 8 Outsourcing Rules
FCA, SYSC 8, outsourcing, third-party risk.
Regulator
Central Bank of Ireland — Cross-Industry Operational Resilience Guidance
CBI, operational resilience, Ireland.
Vendor Docs
HashiCorp Terraform — Infrastructure as Code Docs
Terraform, IaC, DevSecOps.
Vendor Docs
Kubernetes — Security Documentation
Kubernetes, K8s, container security, CIS Benchmark.
Ping Docs
PingFederate Server — Administrator's Manual
PingFederate, SSO, federation, SAML, OIDC.
Ping Docs
PingAccess — Documentation
PingAccess, web access management, policy, API access.
Ping Docs
PingOne for Workforce — Cloud Identity Documentation
PingOne, cloud identity, workforce SSO, MFA.
Ping Docs
PingDirectory — LDAP Directory Documentation
PingDirectory, LDAP, directory services, identity store.
Ping Docs
PingIDM (Identity Management) — Documentation
PingIDM, provisioning, SCIM, identity sync.
Ping Docs
PingID — MFA Service Documentation
PingID, MFA, adaptive authentication, push notification.
Ping Docs
PingFederate SDK — Java Integration Kit Developer Guide
PingFederate SDK, Java adapter, selector, OGNL.
Ping Docs
PingFederate SCIM 2.0 Connector — Documentation
SCIM, Ping, provisioning, outbound connector.
AWS Docs
AWS IAM Identity Center — Documentation
AWS, IAM Identity Center, AWS SSO, SAML.
AWS Docs
IAM Roles for Service Accounts (IRSA) — EKS Documentation
IRSA, AWS, EKS, Kubernetes, service account.
AWS Docs
AWS IAM Access Analyzer — User Guide
Access Analyzer, AWS IAM, least privilege, policy validation.
Microsoft Learn
Microsoft Entra ID Conditional Access — Documentation
Conditional Access, Entra ID, Azure AD, Zero Trust, policy.
Microsoft Learn
Microsoft Entra Privileged Identity Management (PIM)
PIM, Entra ID, just-in-time, privileged access.
GCP Docs
Google Cloud Identity — Documentation
GCP, Cloud Identity, SSO, directory.
GCP Docs
GCP Workload Identity Federation — Documentation
GCP, Workload Identity, federation, OIDC, external identities.
GCP Docs
GCP IAM Conditions — Documentation
GCP IAM, conditions, attribute-based access, CEL.
Vendor Docs
Kubernetes RBAC — Authorization Documentation
Kubernetes, RBAC, authorization, role binding.
AWS Docs
AWS Security Token Service (STS) — User Guide
STS, AWS, AssumeRole, temporary credentials.
IETF RFC
OAuth 2.0 Authorization Framework — RFC 6749
OAuth 2.0, RFC 6749, authorization, tokens.
IETF Draft
OAuth 2.1 — IETF Draft
OAuth 2.1, PKCE, consolidated, security BCP.
OpenID
OpenID Connect Core 1.0 — Final Specification
OpenID Connect, OIDC, ID token, claims.
OASIS
SAML 2.0 — OASIS Standard
SAML 2.0, federation, assertion, metadata.
IETF RFC
System for Cross-domain Identity Management (SCIM) 2.0 — RFC 7644
SCIM 2.0, RFC 7644, provisioning, REST.
W3C
Web Authentication (WebAuthn) Level 2 — W3C Recommendation
WebAuthn, FIDO2, passkeys, public key credential.
FIDO Alliance
FIDO2 — Specifications Overview
FIDO2, CTAP2, passwordless, authenticator.
IETF RFC
JSON Web Token (JWT) — RFC 7519
JWT, RFC 7519, claims, Bearer token.
IETF RFC
OAuth 2.0 Mutual-TLS Client Authentication — RFC 8705
mTLS, RFC 8705, certificate-bound tokens, FAPI.
OpenID
FAPI 2.0 — Financial-grade API Security Profile
FAPI 2.0, Open Banking, high-security profile, PAR.
OWASP
OWASP API Security Top 10 — 2023
OWASP, API Security, Top 10, BOLA, BFLA.
Vendor Docs
Spring Security — Reference Documentation
Spring Security, Java, OAuth resource server, method security.
Oracle Docs
Java Authentication and Authorization Service (JAAS) — Reference Guide
JAAS, Java security, LoginModule, Subject.
Oracle Docs
Java Cryptography Architecture (JCA) — Reference Guide
JCA, JCE, cryptography, providers.
Vendor Docs
Apache Tomcat — Documentation
Tomcat, Servlet, JSP, realm, valve.
IBM Docs
IBM WebSphere Application Server — Documentation
WebSphere, WAS, application server, security domains.
Oracle Docs
Oracle WebLogic Server — Documentation
WebLogic, Oracle, Java EE, security realm.
Vendor Docs
CyberArk Defender — Privileged Access Manager Administration
CyberArk, Defender, PAM, Sentry, vaulting.
Vendor Docs
BeyondTrust Privileged Remote Access — Documentation
BeyondTrust, PRA, privileged remote access, session brokering.
Vendor Docs
RSA SecurID — Authentication Manager Documentation
RSA SecurID, Authentication Manager, OTP, hard token.
Vendor Docs
Symantec VIP (Validation & ID Protection) — Documentation
Symantec VIP, Broadcom, MFA, cloud authentication.
Vendor Docs
YubiKey — Developer & Admin Documentation
YubiKey, Yubico, FIDO2, smart card, OTP.
FIDO Alliance
FIDO Alliance — Specifications & Resources
FIDO Alliance, U2F, FIDO2, passkeys.
Vendor Docs
SailPoint IdentityIQ — Administration Guide
SailPoint, IdentityIQ, IGA, certifications, role mining.
Vendor Docs
Saviynt Enterprise Identity Cloud — Documentation
Saviynt, EIC, IGA, SoD, application onboarding.
Vendor Docs
One Identity Manager (Aveksa heritage) — Documentation
One Identity Manager, Aveksa, IGA, attestation.
Microsoft Learn
Active Directory Domain Services — Documentation
Active Directory, AD DS, GPO, domain controller.
Microsoft Learn
Active Directory Federation Services (AD FS) — Documentation
AD FS, federation, claims-based identity, relying party.
MIT
MIT Kerberos — Documentation
Kerberos, KDC, TGT, cross-realm trust.
Vendor Docs
OpenLDAP — Administrator's Guide
OpenLDAP, slapd, LDAP, schema.
OCC
OCC Comptroller's Handbook — Information Technology
OCC, Comptroller's Handbook, US banking, IT supervision.
Federal Reserve
FRB Supervisory Letters (SR Letters) — Cybersecurity
FRB, SR letter, Federal Reserve, supervision, cyber.
FCA
FCA Handbook — SYSC 8 Outsourcing
FCA, SYSC 8, outsourcing, UK FS.
PRA
PRA Rulebook — Operational Resilience
PRA, operational resilience, Bank of England, UK banks.
Central Bank of Ireland
Central Bank of Ireland — Cross-Industry Operational Resilience Guidance
CBI, Central Bank of Ireland, operational resilience, Ireland.
ECB
ECB SREP — Supervisory Review and Evaluation Process
ECB, SREP, Eurozone, banking supervision.
HKMA
HKMA TM-G-1 General Principles for Technology Risk Management
HKMA, TM-G-1, Hong Kong, technology risk.
MAS
MAS Technology Risk Management Guidelines
MAS, TRM, Singapore, technology risk.
US SEC
Sarbanes-Oxley Act — Section 404 (ICFR)
SOX, Section 404, ICFR, internal controls.
EU Regulation
DORA — Regulation (EU) 2022/2554 on Digital Operational Resilience
DORA, EU, operational resilience, ICT risk.
SWIFT
SWIFT Customer Security Programme (CSP) — Customer Security Controls Framework
SWIFT, CSP, CSCF, financial messaging.
FFIEC
FFIEC Cybersecurity Assessment Tool (CAT) & IT Examination Handbook
FFIEC, CAT, US examiners, IT handbook.
BCBS
BCBS 239 — Principles for Effective Risk Data Aggregation & Reporting
BCBS 239, Basel, risk data, SIB.
PCI Council
PCI DSS v4.0 — Payment Card Industry Data Security Standard
PCI DSS, v4.0, cardholder data, compliance.
US Law
Gramm-Leach-Bliley Act (GLBA) — Safeguards Rule
GLBA, Safeguards Rule, financial privacy, US.
NIST
NIST SP 800-53 Rev.5 — Security & Privacy Controls
NIST, SP 800-53, control families, federal.
NIST
NIST SP 800-63 — Digital Identity Guidelines
NIST 800-63, identity assurance, AAL, IAL, FAL.
ISDA
ISDA — 2021 Equity Derivatives Definitions
ISDA, equity derivatives, definitions, 2021.
ISDA
ISDA — Master Agreement, Schedule & CSA Documentation
ISDA Master Agreement, Schedule, CSA, derivatives docs.
BIS
BIS — OTC Derivatives Statistics (Semiannual Survey)
BIS, OTC derivatives, notional, gross market value.
ESMA
ESMA — MiFID II / MiFIR Algorithmic & High-Frequency Trading Guidelines
ESMA, MiFID II, algorithmic trading, HFT, EU.
FCA
FCA Handbook — MAR 7A Algorithmic Trading
FCA, MAR 7A, algorithmic trading, systematic, UK.
SEC
SEC — Rules on Systematic Internalisers & Quantitative Trading
SEC, systematic internaliser, quantitative trading, US markets.
CFA Institute
CFA Institute — Factor Investing & Quantitative Equity Investing
CFA, factor investing, systematic, equity factors, smart beta.
EDHEC-Risk
EDHEC-Risk Climate Impact Institute — Factor Investing Research
EDHEC-Risk, factor investing, systematic, risk premia.
AIMA
AIMA — Alternative Investment Management Association Guidance
AIMA, alternative investments, systematic, hedge funds.
MSCI
MSCI Index Methodology — Factor & Strategy Indices
MSCI, index methodology, factor indices, systematic.
S&P DJI
S&P Dow Jones Indices — Methodology Library
S&P, Dow Jones, index methodology, systematic.
Bloomberg
Bloomberg Index Services Ltd (BISL) — Methodology Documents
Bloomberg, BISL, index methodology, systematic.
OSS
QuantLib — Free Library for Quantitative Finance
QuantLib, C++, pricing, derivatives, open source.
Vendor Docs
Numerix CrossAsset — Analytics Platform
Numerix, CrossAsset, pricing, XVA, structured products.
Vendor Docs
Murex MX.3 — Front-to-Back Trading & Risk Platform
Murex, MX.3, front-to-back, trading, risk.
Vendor Docs
Calypso — Cross-Asset Trading & Risk Platform (Adenza)
Calypso, Adenza, cross-asset, derivatives, risk.
Vendor Docs
kdb+/q — Time-Series Database & Language
kdb+, q language, time series, market data, KX.
OSS
Apache Arrow — Columnar In-Memory Analytics
Apache Arrow, columnar, in-memory, analytics, Parquet.
OSS
Apache Parquet — Columnar Storage Format
Parquet, columnar, big data, Hadoop, Arrow.
OSS
pandas — Python Data Analysis Library
pandas, Python, DataFrame, analytics, time series.
OSS
NumPy / SciPy — Scientific Computing in Python
NumPy, SciPy, Python, scientific computing, linear algebra.
OSS
Boost C++ Libraries — Documentation
Boost, C++, libraries, templates, performance.
Vendor Docs
Bloomberg API (BLPAPI) — Developer Documentation
Bloomberg API, BLPAPI, market data, real-time, developer.
Vendor Docs
LSEG (Refinitiv) Eikon Data API — Documentation
LSEG, Refinitiv, Eikon, Data API, market data.
OSS
Apache Kafka — Distributed Event Streaming Documentation
Kafka, distributed streaming, market data, event-driven.
OSS
Dask — Parallel Computing for Python
Dask, Python, parallel, distributed, DataFrame.
Framework
SAFe — Scaled Agile Framework (Big Picture & Configurations)
SAFe, Scaled Agile, ART, PI planning, portfolio.
Framework
Scrum.org — The Scrum Guide (2020)
Scrum, Scrum Guide, sprint, backlog, ceremonies.
Framework
TOGAF Standard 10 — Architecture Development Method
TOGAF, ADM, enterprise architecture, Open Group.
Standard
ISO/IEC/IEEE 12207:2017 — Software Lifecycle Processes
ISO 12207, software lifecycle, SDLC, processes.
Standard
ISO/IEC 25010 — Systems & Software Quality Model (SQuaRE)
ISO 25010, SQuaRE, quality model, non-functional.
PMI
PMI PMBOK Guide — 7th Edition
PMI, PMBOK, project management, performance domains.
AXELOS
PRINCE2 — Managing Successful Projects
PRINCE2, AXELOS, project management, governance.
DORA
DORA — DevOps Research & Assessment Four Keys Metrics
DORA, Four Keys, lead time, deployment frequency, MTTR.
Google
Google — State of DevOps Report (Accelerate)
State of DevOps, Accelerate, Google, elite performers.
martinfowler.com
Continuous Delivery — Jez Humble & David Farley (Reference)
Continuous Delivery, CD, Jez Humble, deployment pipeline.
OSS
Trunk-Based Development — Reference Site
trunk-based, short-lived branches, CI, release flag.
Google SRE
Google SRE Books — Site Reliability Engineering & Workbook
SRE, Google, reliability, SLO, error budget.
ThoughtWorks
ThoughtWorks — Technology Radar
ThoughtWorks, Tech Radar, adopt, trial, assess, hold.
ISTQB
ISTQB — Foundation Level Syllabus (CTFL)
ISTQB, CTFL, foundation, test design, test management.
IEEE
IEEE 829 / ISO/IEC/IEEE 29119 — Software Test Documentation
IEEE 829, ISO 29119, test documentation, plans, cases.
OSS
pytest — Python Testing Framework Documentation
pytest, Python, unit testing, fixtures, plugins.
OSS
Cucumber — BDD Framework Documentation
Cucumber, BDD, Gherkin, executable specs, feature files.
OSS
Selenium WebDriver — Documentation
Selenium, WebDriver, browser automation, E2E.
Vendor Docs
Postman / Newman — API Testing Documentation
Postman, Newman, API testing, collection, CI.
OSS
k6 — Open-Source Load Testing Tool
k6, load testing, performance, Grafana, scripting.
Vendor Docs
Tricentis Tosca — Model-Based Test Automation
Tricentis, Tosca, model-based, test automation, SAP.
ISO
ISO 31000:2018 — Risk Management Guidelines
ISO 31000, risk management, principles, framework.
COSO
COSO — Enterprise Risk Management Integrated Framework
COSO, ERM, enterprise risk, integrated framework.
NIST
NIST SP 800-30 Rev.1 — Guide for Conducting Risk Assessments
NIST, SP 800-30, risk assessment, threat, likelihood.
FAIR Institute
FAIR — Factor Analysis of Information Risk Framework
FAIR, quantitative risk, loss event frequency, magnitude.
NIST
NIST SP 800-39 — Managing Information Security Risk (Organization, Mission, Information System)
NIST, SP 800-39, risk management, tiered.
HBR
Harvard Business Review — Leading without Authority Collection
HBR, influence, leading without authority, matrix.
McKinsey
McKinsey & Company — Operating Models & Stakeholder Alignment Insights
McKinsey, operating model, stakeholder alignment, matrix.
BCG
Boston Consulting Group — Organization & Change Management Insights
BCG, organization, change management, matrix.
Gartner
Gartner — IT Governance, Risk & Compliance Research
Gartner, IT governance, GRC, executive briefings.
PMI
PMI — Stakeholder Engagement & Communications Management Practice Guide
PMI, stakeholder engagement, communications, RACI.
Forrester
Forrester — Executive Communications & Influence Research
Forrester, executive communications, matrix influence.