W3C WCAG 2.2
Web Content Accessibility Guidelines - the international standard for making web content accessible to people with disabilities.
w3.orgReferences & Resources
Standards, frameworks, and tools referenced across Structured For Growth - curated for developers, compliance teams, and security professionals.
Web Standards & Specifications
W3C WAI-ARIA
Accessible Rich Internet Applications - defines semantics for UI widgets, structures, and behaviors to improve accessibility.
w3.orgHTML Living Standard
The continuously-updated specification for HTML maintained by WHATWG - the definitive reference for HTML elements and APIs.
html.spec.whatwg.orgCSS Specifications
W3C CSS specifications hub - the authoritative source for all CSS modules, from layout to animations.
w3.orgFederal & Government Standards
digital.gov
GSA's hub for digital government guidance - best practices for federal web teams on design, content, and technology.
digital.govFederal Website Standards (21st Century IDEA)
Mandatory standards for federal websites under the 21st Century Integrated Digital Experience Act.
standards.digital.govOMB M-23-22 Delivering Digital-First Public Experience
OMB memo directing agencies to deliver digital-first public experiences - modernization, accessibility, and mobile-friendly design.
digital.govU.S. Web Design System (USWDS)
A design system of principles, guidance, and code to build accessible, mobile-friendly federal government websites.
designsystem.digital.govSection 508
Federal accessibility requirements for ICT - ensures technology is accessible to people with disabilities.
section508.govNIST SP 800-53
Security and privacy controls for information systems - the comprehensive catalog of controls used across federal agencies.
csrc.nist.govNIST SP 800-171r3
Protecting Controlled Unclassified Information (CUI) in nonfederal systems - required for defense contractors.
csrc.nist.govNIST SP 800-207 Zero Trust Architecture
Defines zero trust architecture concepts - never trust, always verify approach to network security.
csrc.nist.govNIST AI RMF
AI Risk Management Framework playbook - voluntary guidance for managing risks in AI system design, development, and deployment.
airc.nist.govFedRAMP
Federal Risk and Authorization Management Program - standardized approach to cloud security assessment for government use.
fedramp.govCMMC
Cybersecurity Maturity Model Certification - DoD framework ensuring defense contractors meet cybersecurity requirements.
dodcio.defense.govCompliance Frameworks
SOC 2
Service Organization Control 2 - audit framework for service providers covering security, availability, processing integrity, confidentiality, and privacy.
aicpa-cima.comISO 27001
International standard for information security management systems (ISMS) - the global benchmark for security governance.
iso.orgISO 42001 (AI Management)
International standard for AI management systems - provides requirements for responsible AI development and deployment.
iso.orgHIPAA
Health Insurance Portability and Accountability Act - U.S. regulations for protecting health information privacy and security.
hhs.govGDPR
General Data Protection Regulation - EU regulation governing data protection, privacy rights, and cross-border data transfers.
gdpr.euPCI DSS
Payment Card Industry Data Security Standard - requirements for organizations handling credit card data.
pcisecuritystandards.orgDORA
Digital Operational Resilience Act - EU regulation for ICT risk management in the financial sector.
digital-operational-resilience-act.comNIS 2
EU Network and Information Security Directive - cybersecurity requirements for essential and important entities across member states.
digital-strategy.ec.europa.euOSCAL
Open Security Controls Assessment Language - NIST standard for machine-readable security control catalogs and assessment results.
pages.nist.govSecurity
OWASP Top 10
The most critical web application security risks - the industry-standard awareness document for developers and security teams.
owasp.orgOWASP Secure Headers
Best practices for HTTP security response headers - CSP, HSTS, X-Frame-Options, and more.
owasp.orgOWASP Cheat Sheet Series
Concise, actionable security guidance for developers - covering authentication, injection prevention, session management, and more.
cheatsheetseries.owasp.orgMozilla Observatory
Free website security scanner by Mozilla - grades your site on HTTP headers, TLS configuration, and security best practices.
observatory.mozilla.orgSecurity Headers
Analyze and grade HTTP security headers for any website - quick validation of header configuration.
securityheaders.comPerformance & SEO
web.dev - Core Web Vitals
Google's essential metrics for web performance - LCP, FID/INP, and CLS explained with optimization guidance.
web.devGoogle Search Central
Official Google documentation for search optimization - crawling, indexing, structured data, and ranking guidance.
developers.google.comSchema.org
Shared vocabulary for structured data markup - used by Google, Bing, and other search engines for rich results.
schema.orgLighthouse
Automated auditing tool for performance, accessibility, SEO, and best practices - built into Chrome DevTools.
developer.chrome.comDevelopment Tools & Frameworks
Vite
Next-generation frontend build tool - blazing fast HMR and optimized production builds with native ES modules.
vitejs.devExpress.js
Minimal and flexible Node.js web application framework - the de facto standard for building APIs and web servers.
expressjs.comReact
JavaScript library for building user interfaces - component-based architecture with declarative rendering.
react.devNext.js
Full-stack React framework with server-side rendering, static generation, and API routes built in.
nextjs.orgUnreal Engine
Industry-leading real-time 3D creation tool for games, simulations, and interactive experiences.
unrealengine.comGitHub Actions
CI/CD and workflow automation platform - automate builds, tests, and deployments directly from GitHub repositories.
docs.github.comCodeQL
Semantic code analysis engine by GitHub - find vulnerabilities across codebases with query-based static analysis.
codeql.github.comOWASP ZAP
Free open-source web application security scanner - dynamic testing (DAST) for finding vulnerabilities in running applications.
zaproxy.orgSnyk
Developer-first security platform - find and fix vulnerabilities in dependencies, containers, and infrastructure as code.
snyk.ioAccessibility Resources
USWDS Accessibility
Accessibility guidance from the U.S. Web Design System - practical implementation patterns for federal compliance.
designsystem.digital.govInclusive Design Principles
Seven principles for designing inclusive digital experiences - provide comparable experience, consider situation, be consistent.
inclusivedesignprinciples.infoA11Y Project
Community-driven accessibility resource hub - checklists, patterns, and guides for building accessible websites.
a11yproject.comWebAIM
Web accessibility evaluation and training organization - home of the WAVE tool and contrast checker.
webaim.orgDeque axe
Industry-standard accessibility testing engine - automated detection of WCAG violations in browsers and CI pipelines.
deque.comDesign & UX
USWDS Components
Ready-to-use accessible UI components - buttons, forms, alerts, navigation, and more for federal websites.
designsystem.digital.govUSWDS Design Tokens
Design tokens for color, spacing, typography, and more - the foundation of USWDS's consistent design language.
designsystem.digital.govMaterial Design
Google's open-source design system - Material 3 with dynamic color, updated components, and adaptive design guidance.
m3.material.ioInclusive Components
A pattern library of accessible component designs - practical, inclusive approaches to common UI patterns.
inclusive-components.designBuilding Something Compliant?
Structured For Growth implements these standards into production-ready, audit-proof solutions. Let's build it right.
Get in Touch