Compliance Support List

AVID

Custom framework for internal security and risk controls

Coverage

Defines organization-specific security and governance controls where external regulations do not apply. Used to standardize enforcement and reporting across diverse environments.

Digital Personal Data Protection (DPDP) Act – India

India’s statutory framework for digital personal data protection

Coverage

Establishes legal and technical obligations for personal data handling, including consent, safeguards, breach reporting, and transfers. Requires ongoing validation of implemented controls.

APRA 234 STANDARD

Australian Prudential Regulation Authority standard for operational risk management

Coverage

Operational risk management, business continuity, and information security for financial institutions.

AIID

AI Vulnerability and Incident Database for artificial intelligence security

Coverage

AI/ML vulnerability tracking and incident response. Essential for AI system security. Critical for organizations deploying AI/ML systems.

AWS CIS Benchmark v1.4.0

Center for Internet Security benchmark for AWS cloud security configuration

Coverage

AWS security best practices, identity management, logging, and monitoring. Critical for organizations using AWS infrastructure.

AWS CIS Benchmark v1.5.0

Updated CIS benchmark for AWS with enhanced security controls

Coverage

Enhanced AWS security configurations, improved identity controls, and updated monitoring. Essential for modern AWS security posture.

CIS Benchmark v2.0.0

Updated CIS security benchmark for multiple cloud platforms, with comprehensive security guidelines and enhanced controls.

Coverage

Provides updated security configurations, advanced threat detection, identity management, and compliance automation for AWS, Azure, and GCP. Essential for a modern, multi-cloud security posture.

AWS CIS Benchmark v2.0.0

Latest CIS benchmark for AWS with comprehensive security guidelines

Coverage

Latest AWS security best practices, advanced threat detection, and compliance automation. Critical for enterprises with advanced AWS usage.

Azure CIS Benchmark v2.0.0

Latest CIS security benchmark for Microsoft Azure cloud platform

Coverage

Azure security configuration, identity management, and compliance monitoring.

Azure CIS Benchmark v1.3.0

Established CIS benchmark for Azure security configuration

Coverage

Azure security fundamentals, access controls, and monitoring configurations. Important for Azure security baseline.

GCP CIS Benchmarks v2.0.0

Latest CIS benchmark for Google Cloud Platform with enhanced controls

Coverage

Advanced GCP security controls, improved monitoring, and compliance automation. Essential for modern GCP security posture.

AWS Well-Architected Framework - Security

AWS framework for building secure, high-performing, resilient, and efficient infrastructure

Coverage

Security pillar covering identity, detective controls, infrastructure protection, and incident response. Fundamental for AWS architecture design.

CIS Benchmark v3.0

Cross-cloud baseline for secure configuration

Coverage

Provides prescriptive configuration checks to reduce misconfiguration risk across major cloud platforms. Serves as a common baseline for posture assessment and audits.

CIS Benchmark v4.0.1

Updated AWS-specific security baseline

Coverage

Expands and refines AWS control coverage, with emphasis on identity, logging, and service-level configuration. Used for continuous AWS posture monitoring.

BAIT

Banking Supervision Requirements for IT (BaFin)

Coverage

IT risk management, outsourcing, and operational resilience for German banks. Mandatory for German financial institutions.

California Consumer Privacy Act (CCPA)

California privacy law protecting consumer personal information

Coverage

Consumer rights to know, delete, and opt-out of sale of personal information. Essential for businesses serving California consumers.

CMMC - Cybersecurity Maturity Model Certification

Defense Department cybersecurity standard for contractors

Coverage

Cybersecurity maturity model for defense contractors. Critical for DoD supply chain security. Mandatory for defense contractors.

COPPA

Children's Online Privacy Protection Act

Coverage

Privacy protection for children under 13, parental consent requirements. Critical for services targeting children. Mandatory for child-directed services.

CSCRF SEBI

Securities and Exchange Board of India Cyber Security and Cyber Resilience Framework

Coverage

Cybersecurity and resilience framework for Indian securities market participants. Mandatory for SEBI-regulated entities.

CSPM Encryption Program

Cloud Security Posture Management encryption requirements

Coverage

Data encryption at rest and in transit, key management, and cryptographic controls. Essential for cloud data protection.

FedRamp

Federal Risk and Authorization Management Program

Coverage

Security controls for cloud services used by federal agencies. Essential for federal cloud services. Mandatory for federal government cloud adoption.

FERPA

Family Educational Rights and Privacy Act

Coverage

Privacy protection for student education records. Critical for educational institutions. Mandatory for schools receiving federal funding.

FISMA

Federal Information Security Management Act

Coverage

Information security standards for federal agencies. Essential for federal information systems. Mandatory for federal agencies.

GCP CIS Benchmarks v1.2.0

CIS security benchmark for Google Cloud Platform

Coverage

GCP security configuration, identity and access management, and logging. Critical for organizations using Google Cloud.

GDPR (General Data Protection Regulation) EU

EU regulation for data protection and privacy

Coverage

Personal data protection, consent management, and individual rights. Essential for EU data processing. Mandatory for EU personal data processing.

HIPAA

Health Insurance Portability and Accountability Act

Coverage

Protected health information (PHI) security and privacy. Critical for healthcare organizations. Mandatory for healthcare entities handling PHI.

HITRUST CSF

Health Information Trust Alliance Common Security Framework

Coverage

Comprehensive security framework for healthcare and financial services. Essential for healthcare and financial organizations.

ISO 27001 - 2013

International standard for information security management systems (2013 version)

Coverage

Information security management system (ISMS) requirements based on 2013 standard. Essential for enterprise security. Widely adopted security standard.

ISO 27001 - 2022

Latest international standard for information security management systems

Coverage

Updated information security management system (ISMS) requirements with modern controls. Essential for contemporary enterprise security.

ISO 27017

International standard for cloud security controls

Coverage

Cloud-specific security controls and guidance. Critical for cloud security. Recommended for cloud deployments.

ISO 27018

International standard for cloud privacy protection

Coverage

Privacy protection for personally identifiable information in cloud. Essential for cloud privacy. Recommended for cloud PII processing.

ISMS-P for AWS

Information Security Management System Personal Information Protection

Coverage

Personal information protection and management system requirements. Important for Japanese AWS deployments.

Korean Financial Security Agency Guidelines

South Korean financial security requirements

Coverage

Financial information security and risk management. Essential for Korean financial institutions. Mandatory for Korean financial services.

LGPD

Brazilian General Data Protection Law

Coverage

Personal data protection and privacy rights. Essential for Brazilian data processing. Mandatory for Brazilian personal data processing.

Mitre AWS Attack Framework

MITRE ATT&CK framework for AWS cloud environments

Coverage

Threat detection and response for AWS environments. Critical for AWS threat detection. Recommended for advanced AWS security.

NIST 800-171

NIST standard for protecting controlled unclassified information

Coverage

Security requirements for controlled unclassified information (CUI). Essential for federal contractors. Mandatory for CUI handling.

NIST CSF

NIST Cybersecurity Framework

Coverage

Comprehensive cybersecurity framework: identify, protect, detect, respond, recover. Essential for enterprise cybersecurity.

NIST SP 800-53

NIST security controls for federal information systems

Coverage

Comprehensive security controls catalog for federal systems. Essential for federal information systems. Mandatory for federal agencies.

OWASP Top 10 for LLM v2025

OWASP Top 10 security risks for Large Language Model applications

Coverage

Security risks and mitigation strategies for LLM applications. Critical for AI/ML application security. Essential for organizations deploying LLM systems.

PCI

Payment Card Industry Data Security Standard

Coverage

Credit card data protection and secure payment processing. Critical for payment processing. Mandatory for card data handling.

SOC 2 Type II

Service Organization Control 2 Type II audit

Coverage

Security, availability, processing integrity, confidentiality, and privacy controls. Essential for service providers. Critical for customer trust.

SOC 3

Service Organization Control 3 general use report

Coverage

Public summary of SOC 2 controls and effectiveness. Important for public trust. Recommended for transparency.

VAIT

Insurance Supervision Requirements for IT (BaFin)

Coverage

IT risk management and operational resilience for German insurance companies. Mandatory for German insurance companies. Required for insurance operations in Germany.

Essential 8

ACSC Essential Eight (developed by the Australian Cyber Security Centre / ASD)

Coverage

It represents the baseline cybersecurity mitigation strategies to protect internet-connected networks. It focuses on three primary objectives: Prevent Attacks, Limit Attack Impact, and Ensure Data Availability.