Working with security best practices and documentation vendor agnostic

Where do you find your source of truth for information? Whitepapers/CIS benchmarks / PCI DSS / SOC 2 / ISO27001 standards.


Maybe its network security and you don't just want to go with your vendors best practices. What do you validate against? or would you have an external review.


I worry about getting inbred ideas of what is "security"

benchmarks best practices cis cis benchmarks cybersecurity documentation don dss external find information iso27001 network network security pci practices review security soc soc 2 standards truth vendor vendors whitepapers working