Framework catalog

Assess your organization against internationally recognized standards and regulations. Frameworks marked Ready can be assessed right now; others are being added.

Information Security

ISO 27001
Version 2022
Ready

The international standard for an Information Security Management System (ISMS), including the Annex A control set.

ISO/IEC4 domains
ISO 27002
Version 2022
Ready

Implementation guidance for the information security controls referenced by ISO 27001 Annex A.

ISO/IEC4 domains
CIS Controls
Version v8.1
Ready

A prioritized set of safeguards to mitigate the most prevalent cyber-attacks.

Center for Internet Security18 domains
NIST CSF 2.0
Version 2.0
Ready

Outcome-based cybersecurity framework across the Govern, Identify, Protect, Detect, Respond and Recover functions.

NIST22 domains
NIST 800-53
Version Rev. 5
Ready

Catalog of security and privacy controls for information systems and organizations.

NIST20 domains
C2M2
Version 2.1
Ready

Maturity model to evaluate and improve cybersecurity capabilities.

US DoE10 domains
Cyber Essentials
Ready

Baseline technical controls to protect against common internet-based threats.

NCSC (UK)5 domains

Privacy

ISO 27701
Version 2019
Ready

Extension to ISO 27001/27002 for a Privacy Information Management System (PIMS).

ISO/IEC16 domains
GDPR
Ready

EU regulation on data protection and privacy for individuals.

European Union11 domains
DPDP Act
Version 2023
Ready

India's law governing the processing of digital personal data — consent, data-principal rights and obligations.

Government of India9 domains
HIPAA
Ready

US regulation for protecting sensitive patient health information (PHI).

US HHS7 domains
CCPA
Ready

California law granting consumers rights over their personal information.

State of California7 domains

AI Governance

ISO 42001
Version 2023
Ready

Management-system standard for the responsible governance of artificial intelligence.

ISO/IEC13 domains
NIST AI RMF
Version 1.0
Ready

Framework to manage risks of AI across the Govern, Map, Measure and Manage functions.

NIST4 domains

Assurance

SOC 2 Type II
Ready

Report on controls relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy over a period.

AICPA14 domains
SOC 1
Ready

Report on controls at a service organization relevant to user entities' financial reporting.

AICPA7 domains
SOC 3
Ready

General-use summary report of SOC 2 trust services criteria.

AICPA5 domains

Payment Security

PCI DSS v4.0
Version 4.0
Ready

Security standard for organizations that handle branded credit cards.

PCI SSC12 domains
PCI SAQ A
Version 4.0
Ready

Self-Assessment Questionnaire for fully outsourced card-not-present merchants.

PCI SSC5 domains
PCI SAQ A-EP
Version 4.0
Ready

SAQ for e-commerce merchants who partially outsource payment processing.

PCI SSC12 domains
PCI SAQ D
Version 4.0
Ready

SAQ for merchants and service providers not covered by other SAQ types.

PCI SSC12 domains
PCI SAQ C
Version 4.0
Ready

SAQ for merchants with payment application systems connected to the internet.

PCI SSC11 domains
PCI SAQ B
Version 4.0
Ready

SAQ for merchants using only imprint machines or standalone dial-out terminals.

PCI SSC5 domains

Business Continuity

ISO 22301
Version 2019
Ready

Management-system standard for business continuity.

ISO10 domains

Service Management

ISO 20000-1
Version 2018
Ready

Requirements for an IT service management system (SMS).

ISO/IEC12 domains

Compliance

ISO 37301
Version 2021
Ready

Management-system standard for a compliance management system.

ISO8 domains
ISO 37001
Version 2016
Ready

Management-system standard to prevent, detect and address bribery.

ISO8 domains

Sectoral Regulations

RBI
Ready

Cyber-security framework for banks and regulated entities in India.

Reserve Bank of India12 domains
SEBI CSCRF
Ready

Cyber Security and Cyber Resilience Framework for SEBI-regulated entities.

SEBI9 domains
IRDAI
Ready

Information & cyber-security guidelines for insurers in India.

IRDAI11 domains
IFSCA
Ready

Regulatory guidelines for entities in International Financial Services Centres.

IFSCA9 domains
CERT-In
Ready

Directions on cyber-incident reporting and cyber-security practices in India.

CERT-In6 domains
SWIFT CSP
Ready

Mandatory and advisory controls for the SWIFT financial-messaging environment.

SWIFT8 domains
DORA
Ready

EU regulation on digital operational resilience for the financial sector.

European Union7 domains
CRA
Ready

EU regulation on cyber-security requirements for products with digital elements.

European Union8 domains