Frameworks

Establish foundational cybersecurity protections against basic attacks.

Adopt strengthened cybersecurity controls to reduce risk from common threats.

Implement the highest level of Essential Eight controls to defend against sophisticated cyber threats.

Australian regulation requiring financial institutions to manage information security risks.

Governance framework focused on trustworthy and responsible AI deployment.

Security and reliability review required for certain AWS partner programs.

Demonstrate cloud security transparency through Germany’s Cloud Computing Compliance Criteria Catalogue.

The California Consumer Privacy Act is a law that allows any California consumers to see all the information a company has saved on them. 

Security configuration benchmark specifically for AWS cloud environments.

Implement prioritized security controls designed to defend against today’s most common cyber threats.

FBI security requirements governing the protection of criminal justice information.

Align cloud security practices with the Cloud Security Alliance’s Cloud Controls Matrix.

Meet foundational cybersecurity requirements to protect Federal Contract Information (FCI).

Implement advanced cybersecurity controls required for handling Controlled Unclassified Information (CUI).

Implement security controls required for systems supporting the Centers for Medicare & Medicaid Services.

Meet CMS security and privacy requirements for systems handling healthcare exchange data.

Align IT governance and management practices with business objectives and risk management.

Enhance California privacy protections and strengthen consumer data rights.

Cloud Security Alliance framework supporting GDPR compliance for cloud providers.

Cloud security assurance program demonstrating alignment with CSA security requirements.

Financial services cybersecurity framework aligned with multiple regulatory expectations.

Assess and improve cybersecurity maturity across critical infrastructure sectors.

Improve transparency and accountability for digital platforms operating in the EU.

Ensure financial institutions maintain resilient digital operations and strong ICT risk management.

Establish security requirements for trusted digital service providers and electronic trust services.

European regulation establishing risk-based governance for artificial intelligence systems.

Modernized FedRAMP initiative focused on automated authorization and continuous security validation.

Protect highly sensitive federal data with the strictest cloud security requirements.

Demonstrate baseline security controls required for low-impact federal cloud systems.

Meet the most widely adopted security requirements for federal cloud service providers.

Cybersecurity assessment framework used by U.S. financial regulators.

Protect personal information held by public sector organizations through privacy governance.

Protect personal data and ensure privacy compliance for individuals within the European Union.

Ensure financial institutions safeguard sensitive customer information.

Protect consumer financial information through comprehensive security programs.

By safeguarding health information, you demonstrate a commitment to preserving trust in your brand.

Comprehensive security and privacy framework used as the foundation for HITRUST certification programs.

Achieve essential cybersecurity protection with a foundational HITRUST certification.

Demonstrate strong cybersecurity hygiene through a streamlined, risk-based assurance framework.

International certification standard for quality management systems.

International certification standard for business continuity management systems.

Establish a proven information security management system aligned with international standards.

Establish and maintain a globally recognized information security management system (ISMS).

Apply additional security controls specifically designed for cloud services.

International standard for protecting personally identifiable information in public cloud services.

Ensure business continuity by preparing ICT systems to respond to and recover from disruptions.

Cybersecurity guidance standard focused on internet security and collaboration.

Extend ISO 27001 to manage privacy information and support global data protection requirements.

Implement governance and risk management practices for responsible artificial intelligence systems.

Protect personal data and ensure privacy compliance within Brazil’s data protection law.

Microsoft compliance requirements for vendors handling Microsoft customer data.

Lightweight checklist defining baseline security requirements for SaaS vendors.

Understand attacker behaviors and improve defenses using a globally recognized threat knowledge base.

Map defensive cybersecurity techniques to strengthen protection against known attack methods.

Assess and improve cybersecurity resilience for critical national infrastructure organizations.

Secure critical energy infrastructure by adhering to cybersecurity standards for the bulk electric system.

Strengthen cybersecurity and resilience requirements for essential and important EU organizations.

Manage AI risks and promote trustworthy AI through structured governance and oversight.

Strengthen cybersecurity programs with a flexible framework for identifying, protecting, detecting, responding, and recovering from threats.

Risk management framework designed to help organizations manage privacy risks.

Guidance for integrating security into the software development lifecycle.

Security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems.

Comprehensive catalog of security and privacy controls for U.S. federal information systems.

Apply NIST guidance to implement the HIPAA Security Rule and strengthen healthcare cybersecurity.

Apply guidance for managing cybersecurity supply chain risks across organizations.

Meet New York Department of Financial Services cybersecurity requirements for financial institutions.

Security framework designed for fintech and open finance organizations.

Manage technology and cyber risks for Canadian financial institutions under OSFI guidance.

Protect payment card data and reduce fraud risk by implementing strong security controls.

Self-assessment questionnaire for merchants fully outsourcing card processing.

Self-assessment questionnaire for merchants hosting payment pages but outsourcing processing.

Protect consumer financial information through strong privacy and safeguarding controls.

Unified control framework mapping multiple regulatory and security standards.

Close more deals and build customer trust by effectively proving your commitment to security.

Controls supporting financial reporting integrity under the Sarbanes-Oxley Act.

Strengthen financial messaging security with SWIFT’s Customer Security Controls Framework.

Meet automotive industry security requirements for protecting sensitive information across supply chains.

Protect organizations from common cyber threats with the UK government’s baseline security framework.

Helps organizations manage compliance with multiple U.S. state privacy regulations as they continue to expand.

Ensure digital accessibility so websites and applications are usable by everyone.