Supporting Hundreds of Global Regulatory Frameworks & Standards
Attack Surface Management (ASM) and Asset Inventory form the crux of a robust cybersecurity program. Reduce the risk of a security breach by identifying, monitoring and managing digital assets.
NIST 800-53
NIST 800-53 is a mandatory compliance framework developed by US government agencies NIST to provide guidelines and controls for securing federal information systems and organizations.
NIST CSF
NIST CSFs are voluntary frameworks developed to provide guidance on managing and reducing cybersecurity risks, and helping organizations improve their ability to prevent, detect, and respond to cyber threats.
CMMC-FOUNDATIONAL (L1)
CMMC-FOUNDATIONAL (L1) framework establishes essential cybersecurity practices that organizations must implement to protect Federal Contract Information (FCI) and demonstrate basic cyber hygiene when working with the DoD.
CMMC-ADVANCED (L2)
CMMC-ADVANCED (L2) framework establishes rigorous cybersecurity practices that organizations must implement to protect Controlled Unclassified Information (CUI) and demonstrate mature cybersecurity capabilities when handling sensitive defense-related information.
Health Information Trust Alliance (HITRUST)
Health Information Trust Alliance (HITRUST) framework is a comprehensive cybersecurity framework developed specifically for the healthcare industry to provide standardized guidance on managing and reducing cybersecurity risks related to protected health information (PHI) and other sensitive healthcare data.
CIS (Center for Internet Security)
CIS (Center for Internet Security) is a comprehensive cybersecurity framework developed by a global community of cybersecurity experts to provide practical, actionable guidance on managing and reducing cybersecurity risks.
ISO 27001
ISO 27001 is an internationally recognized cybersecurity framework developed by the International Organization for Standardization (ISO) to provide comprehensive guidance on establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
NIST 800-171 (Special Publication 800-171)
NIST 800-171 (Special Publication 800-171) is a comprehensive cybersecurity framework developed by the National Institute of Standards and Technology (NIST) to provide mandatory guidance for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations.
FedRAMP (Federal Risk and Authorization Management Program)
FedRAMP (Federal Risk and Authorization Management Program) is a comprehensive cybersecurity framework developed by the U.S. General Services Administration (GSA) to provide standardized guidance for managing and reducing cybersecurity risks associated with cloud computing services used by federal agencies.
SOC 2
SOC 2, developed by the American Institute of Certified Public Accountants (AICPA), focuses on the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. It provides structured guidance for organizations—especially those offering cloud-based services—on establishing controls that ensure data is securely managed.
The Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the confidentiality, integrity, and availability of health information. It applies to covered entities (like healthcare providers and insurers) and business associates that handle ePHI on their behalf.
The Secure Controls Framework (SCF)
The Secure Controls Framework (SCF) is a comprehensive, risk- and control-based cybersecurity and privacy framework designed to help organizations implement, manage, and map security and compliance requirements across multiple regulations and standards.
The Federal Information Security Modernization Act (FISMA)
The Federal Information Security Modernization Act (FISMA) mandates that federal agencies—and organizations working with them—implement comprehensive information security programs.
Minimum Acceptable Risk Standards for Exchanges (MARS-E)
The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a framework established by the Centers for Medicare & Medicaid Services (CMS). It provides baseline security and privacy requirements for organizations operating health insurance exchanges, especially those handling federal tax information (FTI) and personally identifiable information (PII).
The Authorization to Operate Risk Criteria – Annual Maturity and Performance Evaluation (ARC-AMPE)
The Authorization to Operate Risk Criteria – Annual Maturity and Performance Evaluation (ARC-AMPE) is a CMS-driven cybersecurity and privacy assessment model. It provides a structured methodology for evaluating the maturity, effectiveness, and performance of security and privacy programs in systems that interact with Centers for Medicare & Medicaid Services (CMS).
The Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act, mandates that financial institutions implement controls to safeguard non-public personal information (NPI). It applies to banks, credit unions, insurance companies, and any organization significantly involved in offering financial products or services.
The Saudi Arabian Monetary Authority Cybersecurity Framework (SAMA CSF)
The Saudi Arabian Monetary Authority Cybersecurity Framework (SAMA CSF) is a risk-based cybersecurity framework developed to strengthen the resilience of Saudi Arabia’s financial sector by guiding institutions in protecting digital assets and managing cyber risks effectively.
The National Electronic Security Authority (NESA)
The National Electronic Security Authority (NESA) is a national cybersecurity standard developed to protect the UAE’s critical information infrastructure by guiding organizations in implementing robust, risk-based security controls.
The Federal Financial Institutions Examination Council (FFIEC)
The Federal Financial Institutions Examination Council (FFIEC) is a risk-based cybersecurity assessment tool designed to help financial institutions identify cybersecurity risks and improve their ability to prevent, detect, and respond to cyber threats.
The Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) is a mandatory EU framework aimed at strengthening the digital operational resilience of financial institutions by ensuring they can withstand, respond to, and recover from ICT-related disruptions and threats.
The Network and Information Security Directive 2 (NIS 2)
The Network and Information Security Directive 2 (NIS 2) is a binding EU directive that enhances cybersecurity requirements for critical and essential entities, aiming to strengthen resilience and harmonize security practices across the European Union.
The Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a global security framework developed to protect payment card data by setting technical and operational standards for organizations that store, process, or transmit cardholder information.
The Cyber Risk Institute (CRI)
The Cyber Risk Institute (CRI) is a streamlined, risk-based cybersecurity framework designed to help financial institutions align with regulatory expectations and improve resilience across critical digital operations.
Data Cybersecurity Controls (DCC)
Data Cybersecurity Controls (DCC) is a data-centric security framework that focuses on protecting structured and unstructured data across systems, networks, and third-party environments. It emphasizes data governance, classification, access controls, encryption, monitoring, and incident response—all mapped to the sensitivity and criticality of data assets.
Critical System Cybersecurity Controls (CSCC)
Critical System Cybersecurity Controls (CSCC) is a tactical, high-assurance framework designed to secure mission-critical systems, such as those in energy, defense, healthcare, transportation, and financial services. It emphasizes availability, integrity, and resilience over generic security, aligning with national critical infrastructure protection goals.
The Telework Cybersecurity Controls (TCC)
The Telework Cybersecurity Controls (TCC) framework provides a structured approach to safeguarding remote and hybrid workforces. Developed to address the surge in teleworking, TCC prioritizes endpoint security, secure connectivity, identity management, and data protection beyond traditional network perimeters.
The Essential Cybersecurity Controls (ECC)
The Essential Cybersecurity Controls (ECC) is a national cybersecurity compliance standard developed by the Saudi National Cybersecurity Authority to ensure baseline cyber resilience across essential sectors and government entities.
The Abu Dhabi Healthcare Information and Cybersecurity Standard (ADHICS)
The Abu Dhabi Healthcare Information and Cybersecurity Standard (ADHICS) is a healthcare-specific data privacy and cybersecurity framework developed to ensure the confidentiality, integrity, and availability of health information across Abu Dhabi’s digital health ecosystem.
The NIST Privacy Framework (PF)
The NIST Privacy Framework (PF) is a voluntary framework designed to help organizations identify and manage privacy risks, promote data protection, and build trust in products and services that process personal information.
GDPR-L1 (General Data Protection Regulation – Level 1)
GDPR-L1 (General Data Protection Regulation – Level 1) is a Level 1 compliance framework based on the EU General Data Protection Regulation, designed to establish foundational privacy controls for organizations handling personal data within or related to the EU.
GDPR-L2 (General Data Protection Regulation – Level 2)
GDPR-L2 (General Data Protection Regulation – Level 2) is an intermediate compliance framework that builds on foundational GDPR requirements by embedding stronger governance, risk management, and operational privacy controls across the data lifecycle.
IRS Publication 1075
IRS Publication 1075 is a mandatory federal security framework that outlines the safeguards required to protect Federal Tax Information (FTI) and ensure confidentiality, integrity, and availability in government and partner systems.
Cybersecurity Standards for Telecom (CST)
Cybersecurity Standards for Telecom (CST) is a specialized cybersecurity framework designed to secure telecommunications infrastructure by establishing baseline controls to protect networks, data, and services against cyber threats and disruptions.
The Cybersecurity Requirements Framework (CRF)
The Cybersecurity Requirements Framework (CRF) is a comprehensive cybersecurity framework designed to define minimum and advanced security requirements for organizations aiming to protect critical systems, sensitive data, and digital infrastructure.
The Qatar Cybersecurity Framework (QCSF)
The Qatar Cybersecurity Framework (QCSF) is a national cybersecurity framework developed to protect Qatar’s critical infrastructure and digital economy by enforcing standardized security controls, governance, and risk management practices across sectors.
The Cloud Cybersecurity Controls (CCC)
The Cloud Cybersecurity Controls (CCC), issued by the National Cybersecurity Authority (NCA) of Saudi Arabia, are mandatory controls designed to regulate the cybersecurity posture of cloud service providers (CSPs) and cloud consumers operating within or serving the Kingdom.
The National Information Assurance (NIA)
The National Information Assurance (NIA) framework is designed to protect sensitive government and critical sector information systems through structured assurance, risk management, and compliance requirements.
The Information Security Regulations (ISR)
The Information Security Regulations (ISR) are designed to establish baseline information security requirements for organizations, ensuring the protection of data, systems, and services within national and sector-specific boundaries.
The Abu Dhabi Global Market (ADGM)
The Abu Dhabi Global Market (ADGM) framework establishes robust information security and risk management standards to ensure the protection of data and systems across Abu Dhabi’s international financial center.
