Automated Compliance Across
60+ Frameworks
RegScale streamlines compliance and risk efforts by automating evidence collection, tests, and controls management across 60+ frameworks and standards, including GDPR, CRI, ISO 27001, PCI DSS 4.0, CMMC 2.0, and FedRAMP. Save time and enable Continuous Controls Monitoring to improve your compliance and security posture.
Air Force Instruction 63-101/20-101
Establishes the Integrated Life Cycle Management guidelines and procedures for Air Force (AF) personnel who develop, review, approve or manage systems, subsystems, end-items, services, and activities procured under Department of Defense (DoD) 5000 series instructions comprising the Defense Acquisition System.
INSPECTIONS
Australian ISM
Comprehensive guidelines published by the Australian Cyber Security Centre (ACSC) for protecting information and communication technology (ICT).
CYBER SECURITY
CCPA
The California Consumer Privacy Act, a state law intended to enhance privacy rights and consumer protections for residents of California.
PRIVACY
CIS Benchmarks for AWS
v1.2Security benchmarks for Amazon Web Services that provide consensus-based best practices for securing AWS environments.
CYBER SECURITY
CIS v8
Group 1, Group 2, Group 3Cybersecurity best practices from the Center for Internet Security to help organizations defend against the most prevalent and dangerous cyber threats.
CYBER SECURITY
CMS:ARS
v5.1Defines the minimum security requirements and standards for CMS and its contractors’ information systems and privacy programs.
CYBER SECURITY
HEALTHCARE
CMS:MARS-E
v2.2Standards to ensure that healthcare exchanges meet the minimum federal requirements for security and privacy while handling sensitive personal, financial, and health information.
CYBER SECURITY
HEALTHCARE
CISA CPG
Cross-sector security performance goals designed to assist organizations in reducing risk and strengthening their cybersecurity posture.
CYBER SECURITY
CSA: CCM 4.0
v4.0, v3.01A cybersecurity control framework for cloud providers and users that provides a detailed understanding of security concepts and principles.
CYBER SECURITY
COBIT 2019
v2019A framework for developing, implementing, monitoring, and improving IT governance and management practices.
CYBER SECURITY
CJIS
v5.9.1Standards for creating, viewing, modifying, transmitting, and destroying criminal justice information.
CYBER SECURITY
CRI: Cyber Profile
Tier 1, Tier 2, Tier 3, Tier 4A model to help the financial sector evaluate and improve their cybersecurity capabilities and resilience.
CYBER SECURITY
FINANCIAL
See all our Catalogs and Profiles
C2M2
v2.1A framework to improve cybersecurity capabilities within energy sector organizations and their supply chains.
CYBER SECURITY
DSS-ECP
A Defense Security Service plan for maintaining the security of classified electronic communications.
CYBER SECURITY
DEFENSE
DHS 4300A Handbook
Provides specific techniques and procedures for implementing requirements of the DHS Information Security Program, both for DHS sensitive systems and for systems that process sensitive information for DHS.
CYBER SECURITY
FFIEC CAT
A tool by FFIEC to help financial institutions appraise their cybersecurity risks and determine the maturity of their cybersecurity programs.
CYBER SECURITY
FINANCIAL
FedRAMP
Rev 4, Rev 5, Baselines High, Moderate, Low, LI-SaaSRisk-based requirements for modern cloud technologies to secure and protect federal information.
CYBER SECURITY
GDPR
General Data Protection Regulation, the European Union’s landmark regulation enforcing data privacy and protection for individuals within the EU.
PRIVACY
HIPAA
The Health Insurance Portability and Accountability Act, a law protecting the privacy of individuals’ medical records and other personal health information (PHI) in the United States.
CYBER SECURITY
HEALTHCARE
ISO/IEC 27001
v2022, v2013The International Organization for Standardization’s requirements for establishing, implementing, maintaining, and continually improving an information security management system.
CYBER SECURITY
ISO/IEC 27002
v2022, v2013The International Organization for Standardization’s techniques for control implementation within an information security management system.
CYBER SECURITY
ISO 9001
v2015Sets criteria for a quality management system designed to help organizations meet the needs of customers and stakeholders while also meeting statutory and regulatory requirements related to a product or service.
QUALITY
MVSP
v2.0-20221012, v1.0-20211007The Minimum Viable Secure Product guidelines outline the minimum security requirements necessary for secure product development and deployment.
CYBER SECURITY
NIST CSF
v1.1The National Institute of Standards and Technology Cybersecurity Framework, a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
CYBER SECURITY
See what RegScale can streamline for you
Book a demo now for a quick walkthrough of how our Continuous Controls Monitoring platform can solve your compliance, risk, and cybersecurity challenges.
NIST CSF 2.0
v2.0The National Institute of Standards and Technology Cybersecurity Framework 2.0, an updated high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
CYBER SECURITY
NIST Privacy Framework
A tool from the National Institute of Standards and Technology for improving privacy practices through risk management.
PRIVACY
NIST 800-171
Rev2Guidelines from the National Institute of Standards and Technology on protecting controlled unclassified information in nonfederal systems and organizations.
CYBER SECURITY
NIST 800-218
v1.1Provides a core set of high-level secure software development practices for integration into software development lifecycle (SDLC) implementation.
CYBER SECURITY
PRODUCT DEVELOPMENT
NIST 800-53 Rev 4 – DoD with CCIs
Rev4The Department of Defense’s adaptation of NIST SP 800-53 Rev 4 with Control Correlation Identifiers for easier mapping to other frameworks.
CYBER SECURITY
NIST 800-53
Rev 4, Rev 5Provides a flexible framework of security and privacy controls to defend information systems against wide-ranging threats, ensuring their reliability and trustworthiness.
CYBER SECURITY
NIST 800-82
Rev 2, Rev 3Guidelines from the National Institute of Standards and Technology on securing industrial control systems and other operational technology.
CYBER SECURITY
23 NYCRR 500
v1.2Cybersecurity requirements from the Department of Financial Services for financial services companies.
CYBER SECURITY
FINANCIAL
NIST AI RMF
Guidelines to incorporate trustworthiness considerations into the design, development, use, and evaluation of artificial intelligence (AI) products, services, and systems.
ARTIFICIAL INTELLIGENCE
RISK MANAGEMENT
NERC CIP
Requirements to secure the assets required for operating North America’s bulk electric system.
CYBER SECURITY
ENERGY/UTILITIES
OMB M-22-09
A memorandum providing a roadmap for Federal agencies to adopt Zero Trust cybersecurity principles.
CYBER SECURITY
OWASP ASVS
v.4.0.3The Open Web Application Security Project’s Application Security Verification Standard, a framework for securing web applications.
CYBER SECURITY
PCI DSS
v4.0, v3.2.1The Payment Card Industry Data Security Standard, a set of robust security measures for all companies that accept, process, store, or transmit credit card information.
CYBER SECURITY
SOX
The Sarbanes–Oxley Act, a United States law that mandates certain internal controls in financial record keeping and reporting for publicly traded companies.
FINANCIAL
SCF
A comprehensive catalog of cybersecurity and data privacy controls enabling companies to design, build, and maintain secure processes, systems, and applications.
CYBER SECURITY
PRIVACY
SOC 2
v2020.3Standards for service providers to securely manage and protect the interests and privacy of their customers’ data.
CYBER SECURITY
StateRAMP
Rev 4, Rev 5, Baselines High, Moderate, Low, LI-SaaSRisk-based requirements that establish security standards for cloud service providers (CSPs) that work with state and local governments.
CYBER SECURITY
TIC
v3.0Documents from the Cybersecurity and Infrastructure Security Agency to guide federal agencies in securing their network architecture, especially for cloud environments.
CYBER SECURITY
Card Template
Group 1, Group 2, Group 3Cybersecurity best practices for organizations to defend against the most prevalent and dangerous threats.
CYBER SECURITY
Card Template
Tier 1, Tier 2, Tier 3, Tier 4A model to help the financial sector evaluate and improve their cybersecurity capabilities and resilience.
CYBER SECURITY
FINANCIAL
Ready to accelerate your compliance program? Let us show you how it’s done
Reading can only get you so far. That’s why we’d like to give you a quick live walkthrough of RegScale to show you exactly what we can do for your organization.