Catalogues Supported 40

Our platform provides support for a rapidly growing number of standards, laws, and regulations that span many different industries. Our compliance cloud allows our customers to ensure they are continuously compliant with these regulations by easily building compliance artifacts, conducting assessments, and pro-actively remediating any issues. The current list of supported regulations is shown in the table below:

View

Regulation

Download

Department of Defense Impact Level 5 (DOD IL5)

Cyber Security, Government

FFIEC Cybersecurity Assessment Tool

Cyber Security

FedRAMP Rev 5 Moderate Baseline

Cyber Security

FedRAMP Rev 5 Low Baseline

Cyber Security

FedRAMP Rev 5 Low Impact-SaaS Baseline

Cyber Security

FedRAMP Rev 5 High Baseline

Cyber Security

OWASP ASVS 4.0.3

Cyber Security

Trusted Internet Connection (TIC) 3.0

Cyber Security

SOC 2 Version 2020.3

Cyber Security

Secure Controls Framework (SCF)

Energy, Financial, Government, Healthcare

Sarbanes-Oxley Act of 2002 (SOX)

Financial

Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1

Cyber Security

Payment Card Industry (PCI) Data Security Standard (DSS) 4.0

Cyber Security

OMB M-22-09 – Moving the US Government Towards Zero Trust Cybersecurity Principles

Cyber Security

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

Cyber Security, Energy/Utilities

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Rev 2 – Guide to Industrial Control Systems (ICS) Security

Cyber Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 – DoD with CCIs

Cyber Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Secure Software Development Framework (SSDF)

Cyber Security

New York Department of Financial Services (NYDFS)

Cyber Security, Financial

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5

Cyber Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4

Cyber Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (used for CMMC 2.0)

Cyber Security

National Institute of Standards and Technology (NIST) Privacy Framework 1.0

Privacy

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Cyber Security

Minimally Viable Secure Product (MVSP) Version 1.0-20211007

Cyber Security

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Technology – Security Techniques – Code of Practice for Information Security Controls 27002:2013 PAID

Cyber Security

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Security Management 27001:2013 PAID

Cyber Security

Health Insurance Portability and Accountability Act (HIPAA)

Cyber Security, Healthcare

General Data Protection Regulation (GDPR)

Privacy

Financial Services Sector Cybersecurity Profile (FSSCP) v1.0

Cyber Security, Financial

FedRAMP Rev 4 Moderate Baseline

Cyber Security

FedRAMP Rev 4 Low Baseline

Cyber Security

FedRAMP Rev 4 High Baseline

Cyber Security

Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)

Cyber Security, Financial

Department of Homeland Security (DHS) 4300A Handbook

Cyber Security

Defense Security Service (DSS) – Electronic Communication Plan (ECP)

Cyber Security, Defense

Cybersecurity Capability Maturity Model (C2M2) 2.1

Cyber Security

Cyber Risk Institute (CRI) Profile – Tier 4

Cyber Security

Cyber Risk Institute (CRI) Profile – Tier 3

Cyber Security

Cyber Risk Institute (CRI) Profile – Tier 2

Cyber Security

Cyber Risk Institute (CRI) Profile – Tier 1

Cyber Security

Criminal Justice Information Services (CJIS) Security Policy Version 5.9

Cyber Security

Control Objectives for Information and Related Technology (COBIT) 2019

Cyber Security

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 4.0

Cyber Security

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Version 3.0.1

Cyber Security

CISA CROSS-SECTOR CYBERSECURITY PERFORMANCE GOALS (CPG)

Cyber Security

Center for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) Version 2.2

Cyber Security, Healthcare

Center for Medicare and Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) Version 5

Cyber Security, Healthcare

Center for Internet Security (CIS) Controls Version 8 Implementation Group 3

Cyber Security

Center for Internet Security (CIS) Controls Version 8 Implementation Group 2

Cyber Security

Center for Internet Security (CIS) Controls Version 8 Implementation Group 1

Cyber Security

Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmarks Version 1.2

Cyber Security

California Consumer Privacy Act (CCPA)

Privacy

Australian Information Security Manual (ISM)

Cyber Security

Air Force Management Instruction 63-1201

Inspections

Visit RegScale at booth #500 at ISC2 Security Congress in Nashville on Oct 25-27

Catalogues Supported 40

View

Regulation

Category

Download

Department of Defense Impact Level 5 (DOD IL5)

Department of Defense Impact Level 5 (DOD IL5)

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool

FedRAMP Rev 5 Moderate Baseline

FedRAMP Rev 5 Moderate Baseline

FedRAMP Rev 5 Low Baseline

FedRAMP Rev 5 Low Baseline

FedRAMP Rev 5 Low Impact-SaaS Baseline

FedRAMP Rev 5 Low Impact-SaaS Baseline

FedRAMP Rev 5 High Baseline

FedRAMP Rev 5 High Baseline

OWASP ASVS 4.0.3

OWASP ASVS 4.0.3

Trusted Internet Connection (TIC) 3.0

Trusted Internet Connection (TIC) 3.0

SOC 2 Version 2020.3

SOC 2 Version 2020.3

Secure Controls Framework (SCF)

Secure Controls Framework (SCF)

Sarbanes-Oxley Act of 2002 (SOX)

Sarbanes-Oxley Act of 2002 (SOX)

Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1

Payment Card Industry (PCI) Data Security Standard (DSS) 3.2.1

Payment Card Industry (PCI) Data Security Standard (DSS) 4.0

Payment Card Industry (PCI) Data Security Standard (DSS) 4.0

OMB M-22-09 – Moving the US Government Towards Zero Trust Cybersecurity Principles

OMB M-22-09 – Moving the US Government Towards Zero Trust Cybersecurity Principles

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Rev 2 – Guide to Industrial Control Systems (ICS) Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Rev 2 – Guide to Industrial Control Systems (ICS) Security

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 – DoD with CCIs

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 – DoD with CCIs

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Secure Software Development Framework (SSDF)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Secure Software Development Framework (SSDF)

New York Department of Financial Services (NYDFS)

New York Department of Financial Services (NYDFS)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (used for CMMC 2.0)

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (used for CMMC 2.0)

National Institute of Standards and Technology (NIST) Privacy Framework 1.0

National Institute of Standards and Technology (NIST) Privacy Framework 1.0

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Minimally Viable Secure Product (MVSP) Version 1.0-20211007

Minimally Viable Secure Product (MVSP) Version 1.0-20211007

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Technology – Security Techniques – Code of Practice for Information Security Controls 27002:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Technology – Security Techniques – Code of Practice for Information Security Controls 27002:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Security Management 27001:2013 PAID

International Organization for Standardization/International Electrotechnical Commission (IS0/IEC) Information Security Management 27001:2013 PAID

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Financial Services Sector Cybersecurity Profile (FSSCP) v1.0

Financial Services Sector Cybersecurity Profile (FSSCP) v1.0

FedRAMP Rev 4 Moderate Baseline

FedRAMP Rev 4 Moderate Baseline

FedRAMP Rev 4 Low Baseline

FedRAMP Rev 4 Low Baseline

FedRAMP Rev 4 High Baseline

FedRAMP Rev 4 High Baseline

Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)

Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)

Department of Homeland Security (DHS) 4300A Handbook

Department of Homeland Security (DHS) 4300A Handbook

Defense Security Service (DSS) – Electronic Communication Plan (ECP)

Defense Security Service (DSS) – Electronic Communication Plan (ECP)

Cybersecurity Capability Maturity Model (C2M2) 2.1

Cybersecurity Capability Maturity Model (C2M2) 2.1