Every framework, organized.

28 controls

NIST CSF 2.0

NIST (U.S.) · Global

Voluntary framework organizing cybersecurity risk management around six core functions.

262228

NIST (U.S.) · United States

131 controls

NIST 800-53

Catalog of security and privacy controls for federal information systems.

15141948

93 controls

ISO 27001

ISO/IEC · Global

International standard for information security management systems (ISMS).

93939393

Center for Internet Security · Global

18 controls

CIS v8

Prioritized set of 18 controls and 153 safeguards to defend against the most common cyber attacks.

5618

AICPA · Global (U.S.-origin)

26 controls

SOC 2

Auditing standard for service organizations covering security, availability, processing integrity, confidentiality, and privacy.

632621

UK National Cyber Security Centre (NCSC) · United Kingdom

22 controls

Cyber Essentials

UK government-backed scheme covering five technical control areas to defend against common cyber attacks.

4527

U.S. HHS / OCR · United States

12 controls

HIPAA

U.S. federal regulation protecting electronic Protected Health Information (ePHI).

239

PCI Security Standards Council · Global

12 controls

PCI DSS 4.0

Security standard for organizations that store, process, or transmit cardholder data.

4511

U.S. GSA / FedRAMP PMO · United States

23 controls

FedRAMP

Standardized U.S. government approach to security assessment for cloud services.

3428

StateRAMP (non-profit) · United States (state & local)

16 controls

StateRAMP

Standardized security framework for cloud services serving U.S. state and local governments.

1113

U.S. Department of Defense · United States

42 controls

CMMC 2.0

Tiered cybersecurity certification for the Defense Industrial Base, built on NIST SP 800-171.

139

HITRUST Alliance · Global (U.S. healthcare focus)

37 controls

HITRUST

Certifiable framework harmonizing HIPAA, ISO 27001, NIST, PCI DSS, and dozens of other authoritative sources.

1113

NERC (North American Electric Reliability Corporation) · North America

12 controls

NERC CIP

Mandatory cybersecurity standards for the bulk electric system.

2324

16 controls

GLBA

U.S. FTC · United States

Requires financial institutions to safeguard customer information.

2117

U.S. SEC / PCAOB · United States

19 controls

SOX ITGC

IT General Controls supporting Sarbanes-Oxley Section 404 internal control over financial reporting.

3313

ENX Association / VDA · Europe (automotive)

29 controls

TISAX

Trusted Information Security Assessment Exchange — automotive industry information security assessment.

Bundesamt für Sicherheit in der Informationstechnik (BSI) · Germany / EU

41 controls

BSI C5

German federal cloud security catalogue setting baseline criteria for cloud service providers.

European Union · EU / EEA

GDPR

Comprehensive EU privacy regulation governing personal data processing.

234

California Privacy Protection Agency (CPPA) · California, USA

CCPA / CPRA

California's consumer privacy law granting access, deletion, correction, and opt-out rights.

65106

Office of the Privacy Commissioner of Canada · Canada

PIPEDA

Canada's federal private-sector privacy law based on 10 fair information principles.

6295

ANPD (Autoridade Nacional de Proteção de Dados) · Brazil

13 controls

LGPD

Brazil's general data protection law, closely modeled on the GDPR.

42610

15 controls

ISO 27017/27018

ISO/IEC · Global

Cloud-specific extensions to ISO/IEC 27002 covering cloud security (27017) and PII in public clouds (27018).

6487

EU AI Act

European Union · EU

Risk-based regulation for AI systems placed on the EU market.

72135

23 controls

NIST AI RMF

NIST (U.S.) · Global

Voluntary framework to manage risks from AI systems organized around four functions.

63106

24 controls

ISO 42001

ISO/IEC · Global

International standard for AI management systems (AIMS).

5178

European Union (ESAs) · EU

22 controls

DORA

EU regulation on ICT operational resilience for the financial sector.