Security &
Compliance Framework
Organizations face a complex landscape of cybersecurity standards, regulatory requirements, and contractual obligations – each with its own scope, focus, and level of enforcement.
Cybersecurity
Frameworks
- AWS Security Reference Architecture 2023
- AWS Well-Architected Framework 2023
- Azure Security Benchmark v3
- CSA Cloud Controls Matrix (CCM) v4.01
- CIS Benchmarks v8
- CIS Critical Security Controls v8
- COBIT 2019
- COSO Internal Control Framework 2013
- DISA STIG
- FAIR v2
- FFIEC IT Examination Handbook
- Goole Cloud Security Best Practices
- ISO/IEC 27001 2022
- ISO/IEC 27002 2022
- ITIL v4
- Microsoft Security Benchmark v1
- MITRE ATT&CK v14+
- MITRE D3FEND
- NIST Cybersecurity Framework (CSF) 2.0
- NIST Special Publication 800-30 Rev 1
- NIST Special Publication 800-34 Rev 1
- NIST Special Publication 800-53 Rev 5
- NIST Special Publication 800-171 Rev 2
- NIST Secure Software Development Framework (SSDF) SP 800-218
- OWASP Security Guidance
- SABSA
- TOGAF Ed 10
Regulatory &
Legal Requirements
- Basel III/BCBS 239 2013
- CCPA/CPRA 2023
- CSL (China Cybersecurity Law) 2017
- DORA 2025
- DPDP 2023
- FedRAMP
- FISMA Rev 5
- GDPR 2018
- GLBA 2021
- HIPPA 1996
- HITECH 2009
- LGPD 2018
- NYDFS 23 MYCRR 500 2023
- PCI DSS v4.01
- PDPA
- PIPEDA
- SEC Cyber Disclosure Rules 2023
- SOX 2002
Contractual &
Assurance Obligations
- Business Associate Agreements (BAAs)
- Cloud Provider Shared Responsibility Agreements
- CSA STAR
- Customr Security Requirements
- Data Processing Agreements (DPAs)
- ISAE 145 2022
- SOC 1 SSAE 18
- SOC 2 TSC 2017
- SOC 3 TSC 2017
- Vendor Security Requirements