Licensing the Cybersecurity Sustainability Standard™ and Framework™

The Cybersecurity Sustainability Standard™ is a governance instrument containing 160 controls across five dimensions, three-tier evidence criteria, and a certification architecture designed to codify what sustainable cybersecurity governance requires at the institutional level. The Cybersecurity Sustainability Framework™ is the governing intellectual architecture that defines the five-dimensional model, the cross-cutting principles, and the analytic structure the Standard operationalizes.

Together, they constitute the full governance ecosystem created by Veda T. Woods and published by Global Cyber Security Advisory Group.

The Cybersecurity Sustainability Standard™ Founder's Edition is published under Creative Commons BY-NC-ND 4.0 for open access, academic citation, and professional reference. Commercial use, implementation within revenue-generating services, and derivative application require a formal license from Global Cyber Security Advisory Group.

What a License Allows You to Do

A license gives your organization the right to apply the Cybersecurity Sustainability Standard™ and Framework™ in a structured and authorized way.

Licensed use may include:

• Implementation of the Standard's controls, evidence criteria, and maturity assessments within your organization or on behalf of clients

• Use of the Framework's five-dimensional governance model and analytic architecture in advisory, consulting, or strategic engagements

• Cybersecurity sustainability maturity assessments conducted against the Standard

• Implementation planning, roadmap design, and governance alignment

• Use of approved templates, tools, and evaluation resources from the Implementation Toolkit

• Staff training or facilitated workshops aligned to the Standard and Framework (based on license tier)

• Authorized recognition as a licensed organization or partner

What a License Does Not Allow

Neither the Cybersecurity Sustainability Standard™ nor the Cybersecurity Sustainability Framework™ may be copied, republished, resold, or repackaged.

Without an active license, you may not:

• Offer training using the Standard's controls, evidence criteria, or the Framework's governance architecture

• Use the Standard or Framework to deliver paid consulting, advisory, or vCISO services

• Create derivative models, methodologies, courses, or certifications based on the Standard or Framework

• Replicate, rebrand, or present the five-dimensional governance model, control architecture, or methodology as independent or original work

• Represent your organization as "authorized," "certified," or "aligned" without a formal license

• Use the Standard's or Framework's name, structure, or methodology to market services

Who Licensing Is For

Licensing is designed for organizations and practitioners operating across sectors where cybersecurity governance carries institutional accountability obligations.

• Governments and public-sector agencies

• Development and humanitarian organizations

• NGOs and foundations

• Education and workforce training partners

• Healthcare and critical services providers

• Financial institutions and regulated industries

• Private-sector organizations managing cyber, AI, and ESG risk across complex environments

• Consulting firms, advisory practices, and managed security providers