Catalogues Supported 40

Our platform provides support for a rapidly growing number of standards, laws, and regulations that span many different industries. Our compliance cloud allows our customers to ensure they are continuously compliant with these regulations by easily building compliance artifacts, conducting assessments, and pro-actively remediating any issues. The current list of supported regulations is shown in the table below:

View

Regulation

Category

Download

Department of Defense Impact Level 5 (DOD IL5)

Department of Defense Impact Level 5 (DOD IL5)

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool

FedRAMP Rev 5 Moderate Baseline

FedRAMP Rev 5 Moderate Baseline

FedRAMP Rev 5 Low Baseline

FedRAMP Rev 5 Low Baseline

FedRAMP Rev 5 Low Impact-SaaS Baseline

FedRAMP Rev 5 Low Impact-SaaS Baseline

FedRAMP Rev 5 High Baseline

FedRAMP Rev 5 High Baseline

OWASP ASVS 4.0.3

OWASP ASVS 4.0.3

Trusted Internet Connection (TIC) 3.0

Trusted Internet Connection (TIC) 3.0

SOC 2 Version 2020.3

SOC 2 Version 2020.3

Secure Controls Framework (SCF)

Secure Controls Framework (SCF)

Sarbanes-Oxley Act of 2002 (SOX)

Sarbanes-Oxley Act of 2002 (SOX)

Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1

Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1

Payment Card Industry (PCI) Data Security Standard (DSS) 4.0

Payment Card Industry (PCI) Data Security Standard (DSS) 4.0

OMB M-22-09 – Moving the US Government Towards Zero Trust Cybersecurity Principles

OMB M-22-09 – Moving the US Government Towards Zero Trust Cybersecurity Principles

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Rev 2 – Guide to Industrial Control Systems (ICS) Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Rev 2 – Guide to Industrial Control Systems (ICS) Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 – DoD with CCIs

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 – DoD with CCIs

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Secure Software Development Framework (SSDF)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Secure Software Development Framework (SSDF)

New York Department of Financial Services (NYDFS)

New York Department of Financial Services (NYDFS)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (used for CMMC 2.0)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (used for CMMC 2.0)

National Institute of Standards and Technology (NIST) Privacy Framework 1.0

National Institute of Standards and Technology (NIST) Privacy Framework 1.0

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Minimally Viable Secure Product (MVSP) Version 1.0-20211007

Minimally Viable Secure Product (MVSP) Version 1.0-20211007

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Technology – Security Techniques – Code of Practice for Information Security Controls 27002:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Technology – Security Techniques – Code of Practice for Information Security Controls 27002:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Security Management 27001:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Security Management 27001:2013 PAID

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Financial Services Sector Cybersecurity Profile (FSSCP) v1.0

Financial Services Sector Cybersecurity Profile (FSSCP) v1.0

FedRAMP Rev 4 Moderate Baseline

FedRAMP Rev 4 Moderate Baseline

FedRAMP Rev 4 Low Baseline

FedRAMP Rev 4 Low Baseline

FedRAMP Rev 4 High Baseline

FedRAMP Rev 4 High Baseline

Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)

Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)

Department of Homeland Security (DHS) 4300A Handbook

Department of Homeland Security (DHS) 4300A Handbook

Defense Security Service (DSS) – Electronic Communication Plan (ECP)

Defense Security Service (DSS) – Electronic Communication Plan (ECP)

Cybersecurity Capability Maturity Model (C2M2) 2.1

Cybersecurity Capability Maturity Model (C2M2) 2.1

Cyber Risk Institute (CRI) Profile – Tier 4

Cyber Risk Institute (CRI) Profile – Tier 4

Cyber Risk Institute (CRI) Profile – Tier 3

Cyber Risk Institute (CRI) Profile – Tier 3

Cyber Risk Institute (CRI) Profile – Tier 2

Cyber Risk Institute (CRI) Profile – Tier 2

Cyber Risk Institute (CRI) Profile – Tier 1

Cyber Risk Institute (CRI) Profile – Tier 1

Criminal Justice Information Services (CJIS) Security Policy Version 5.9

Criminal Justice Information Services (CJIS) Security Policy Version 5.9

Control Objectives for Information and Related Technology (COBIT) 2019

Control Objectives for Information and Related Technology (COBIT) 2019

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 4.0

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 4.0

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 3.0.1

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 3.0.1

CISA CROSS-SECTOR CYBERSECURITY PERFORMANCE GOALS (CPG)

CISA CROSS-SECTOR CYBERSECURITY PERFORMANCE GOALS (CPG)

Center for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) Version 2.2

Center for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) Version 2.2

Center for Medicare and Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) Version 5

Center for Medicare and Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) Version 5

Center for Internet Security (CIS) Controls Version 8 Implementation Group 3

Center for Internet Security (CIS) Controls Version 8 Implementation Group 3

Center for Internet Security (CIS) Controls Version 8 Implementation Group 2

Center for Internet Security (CIS) Controls Version 8 Implementation Group 2

Center for Internet Security (CIS) Controls Version 8 Implementation Group 1

Center for Internet Security (CIS) Controls Version 8 Implementation Group 1

Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmarks Version 1.2

Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmarks Version 1.2

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA)

Australian Information Security Manual (ISM)

Australian Information Security Manual (ISM)

Air Force Management Instruction 63-1201

Air Force Management Instruction 63-1201