25+ supported compliance frameworks

ControlMap comes pre-loaded and is cross-mapped to over 25 global and regional compliance frameworks, including SOC 2, ISO 27001, FedRAMP, NIST CSF, GDPR, HIPAA, and more.

/_next/static/media/svg-horizontal.85e8651f.svg
soc2.png

SOC 2 Type I & II

We know your customers want it. SOC 2 examination has become a de-facto, go-to standard for cybersecurity assurance for all the service providers. Let's get yours done too.

more
iso27001.png

ISO 27001

ISO 27001 is the international standard for managing information security. It is also your key to winning larger deals. ControlMap can help you get ISO 27001 certified.

more
nist.png

NIST CSF

You are here, so you already know this. NIST CSF is implemented by thousands of small & large enterprises to secure their information systems. We can help you implement, maintain and evolve it.

more
HIPAA.png

HIPAA

Are you looking for help with HIPAA compliance? Whether it's Security, Privacy, Breach Notification, or Final Omnibus rules, ControlMap can help you understand it all.

more
gdpr.png

GDPR

Are you GDPR compliant? Does it apply to your organization? It's definitely something that your customers want. Discover how ControlMap can help you automate GDPR compliance.

more
fedramp.png

FedRAMP

Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. ControlMap can help.

more
CMMC-Logo.webp

CMMC

Ready for your (Cybersecurity Maturity Model Certification) CMMC certification? Start yours here! Take an assessment, document your practices, track your maturity levels. All in a consistent, streamlined assessments platform.

csaccm.png

CSA -CCM

ControlMap provides a comprehensive online audit readiness solution combined with a partner network of Virtual Compliance Officers (VCOS), Virtual CISOs, security providers, and auditors.

cobit2019.png

COBIT 2019

COBIT® 2019 (Control Objectives for Information and Related Technologies) is the most recent evolution of ISACA’s globally recognized and utilized COBIT framework.

ccpa.png

CCPA

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information, that businesse's collect about them and the CCPA regulations provide guidance on how to implement the law.

cisv8.png

CIS Controls

See how ControlMap can help you protect your organization from cyber-attacks with globally recognized CIS Controls, companion guides, mappings, and more.

nist.png

NIST 800-53

NIST 800-53 is a regulatory standard that defines the minimum baseline of security controls for all U.S. federal information systems except those related to national security.

pcidss.png

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is required by the contract for those handling cardholder data, whether you are a Startup or a global enterprise. It's important for customers to know your website is secure.

scf.png

SCF

SCF (Secure Control Framework) is designed to empower organizations to design, implement and manage both cybersecurity and privacy principles to address strategic, operational and tactical guidance.

msdpr.png

Microsoft DPR

Microsoft Data Protection Regulations (DPR) are a set of regulations that apply to Microsoft suppliers that process Personal Data or Confidential Data. It is an annual requirement for all Microsoft suppliers enrolled in the SSPA program.

tisax.png

TISAX

TISAX (Trusted Information Security Assessment Exchange) certification confirms that a company's information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.

ICO.jpg

UK ICO

Privacy Accountability Framework (UK ICO) can assist any organization, large or small, with its obligations. The more complex and robust the measures, the greater the risk. We can help you assess, report, and improve your compliance.

ACSC.png

Essential Eight (ACSC)

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats.

aescsf.png

AESCSF -AEMO

The Australian Energy Sector Cyber Security Framework (AESCSF) program provides a tool for assessing cyber security maturity across Australia's energy sector. In 2021, the program was extended to gas markets and non-Australian Energy Market Operator (AEMO) electricity grids and markets.

MARS.png

MARS

(Minimum Acceptable Risk Standards) MARS-E compliance is designed to ensure secure handing of PII, PHI, and FTI of US Citizens. MARS-E is based on the NIST SP 800-53. It a set of privacy and security standards for ACA act administering entities, as well as their contractors and sub-contractors.