Compliance standards

Compliance standards

This library contains 39 framework recipes, generated from a reviewed structured catalog. Each recipe separates framework applicability from evidence readiness, identifies its exact version and status, and links to official sources. It never treats a recipe as certification or legal advice.

Catalog sources were reviewed on 2026-07-12. Draft, phased, and revision-in-progress entries are labeled; users must confirm official changes before relying on an assessment.

Section index

AI governance (4)

Framework Version Status Jurisdiction
NIST AI SSDF SP 800-218A final global, united-states
NIST AI RMF 1.0 1.0; revision in progress revision-in-progress global, united-states
ISO/IEC 42001:2023 2023 final global
EU AI Act Regulation (EU) 2024/1689; phased implementation phased-implementation european-union, extraterritorial

Assurance and governance (4)

Framework Version Status Jurisdiction
SOC 2 TSC 2017 TSC with 2022 revised points of focus final global, united-states
COBIT 2019 2019 final global
SOX ITGC PCAOB AS 2201 current text; 2026 amendments tracked revision-in-progress united-states
SEC Cyber Disclosure Rule Release 33-11216 (2023) final united-states

Cloud assurance (1)

Framework Version Status Jurisdiction
CSA CCM v4.1 4.1 final global

Critical infrastructure (4)

Framework Version Status Jurisdiction
IEC 62443 IEC 62443-2-1:2024 and IEC 62443-4-1:2018 final global
NERC CIP Operator-supplied effective standards set; checked 2026-07-12 revision-in-progress north-america, united-states, canada
CISA Cross-Sector CPGs 1.0.1; CSF 2.0 update in progress revision-in-progress united-states
EU NIS2 Directive (EU) 2022/2555 final european-union, member-state-implementation

Government and public sector (5)

Framework Version Status Jurisdiction
NIST SP 800-53 Rev. 5 Rev. 5, Release 5.2.0 final united-states
NIST SP 800-171 Rev. 3 Rev. 3 final united-states
FedRAMP 2026 2026 Consolidated Rules / Rev. 5 controls final united-states
CMMC 2.0 32 CFR Part 170 / phased implementation beginning November 10, 2025 phased-implementation united-states
CJIS Security Policy v6.1 6.1 (June 25, 2026) final united-states

Privacy (3)

Framework Version Status Jurisdiction
EU GDPR Regulation (EU) 2016/679 final european-union, eea, extraterritorial
NIST Privacy Framework 1.0 final; 1.1 Initial Public Draft draft-update global, united-states
ISO/IEC 27701:2025 2025 final global

Product and software security (9)

Framework Version Status Jurisdiction
NIST SSDF 1.1 SP 800-218 v1.1 final global, united-states
SLSA v1.2 1.2 final global
OWASP ASVS 5.0.0 5.0.0 final global
OWASP API Top 10:2023 2023 final global
OWASP MASVS 2.1.0 2.1.0 final global
OWASP SAMM 2.1 2.1 final global
OpenSSF OSPS Baseline 2026.02.19 final global
EU Cyber Resilience Act Regulation (EU) 2024/2847 phased-implementation european-union, extraterritorial
NIST IoT 8259 Series NISTIR 8259 Rev. 1 series (April 2026) final global, united-states

Regulated industries (6)

Framework Version Status Jurisdiction
PCI DSS 4.0.1 4.0.1 final global
HIPAA Security Rule Current effective rule (2026-07-12) final united-states
GLBA Safeguards Rule Current rule (2026-07-12) final united-states
NYDFS Part 500 Second Amendment, effective November 1, 2023 with phased dates phased-implementation united-states, new-york
FDA Medical Device Cybersecurity Final Guidance, February 2026 final united-states
EU DORA Regulation (EU) 2022/2554 final european-union

Security programs (3)

Framework Version Status Jurisdiction
CIS Controls v8.1 8.1 final global
ISO/IEC 27001:2022 2022 final global
NIST CSF 2.0 2.0 final global, united-states