Compliance standards
Compliance standards
This library contains 39 framework recipes, generated from a reviewed structured catalog. Each recipe separates framework applicability from evidence readiness, identifies its exact version and status, and links to official sources. It never treats a recipe as certification or legal advice.
Catalog sources were reviewed on 2026-07-12. Draft, phased, and revision-in-progress entries are labeled; users must confirm official changes before relying on an assessment.
Section index
- AI governance
- Assurance and governance
- Cloud assurance
- Critical infrastructure
- Government and public sector
- Privacy
- Product and software security
- Regulated industries
- Security programs
AI governance (4)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| NIST AI SSDF | SP 800-218A | final |
global, united-states |
| NIST AI RMF 1.0 | 1.0; revision in progress | revision-in-progress |
global, united-states |
| ISO/IEC 42001:2023 | 2023 | final |
global |
| EU AI Act | Regulation (EU) 2024/1689; phased implementation | phased-implementation |
european-union, extraterritorial |
Assurance and governance (4)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| SOC 2 TSC | 2017 TSC with 2022 revised points of focus | final |
global, united-states |
| COBIT 2019 | 2019 | final |
global |
| SOX ITGC | PCAOB AS 2201 current text; 2026 amendments tracked | revision-in-progress |
united-states |
| SEC Cyber Disclosure Rule | Release 33-11216 (2023) | final |
united-states |
Cloud assurance (1)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| CSA CCM v4.1 | 4.1 | final |
global |
Critical infrastructure (4)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| IEC 62443 | IEC 62443-2-1:2024 and IEC 62443-4-1:2018 | final |
global |
| NERC CIP | Operator-supplied effective standards set; checked 2026-07-12 | revision-in-progress |
north-america, united-states, canada |
| CISA Cross-Sector CPGs | 1.0.1; CSF 2.0 update in progress | revision-in-progress |
united-states |
| EU NIS2 | Directive (EU) 2022/2555 | final |
european-union, member-state-implementation |
Government and public sector (5)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| NIST SP 800-53 Rev. 5 | Rev. 5, Release 5.2.0 | final |
united-states |
| NIST SP 800-171 Rev. 3 | Rev. 3 | final |
united-states |
| FedRAMP 2026 | 2026 Consolidated Rules / Rev. 5 controls | final |
united-states |
| CMMC 2.0 | 32 CFR Part 170 / phased implementation beginning November 10, 2025 | phased-implementation |
united-states |
| CJIS Security Policy v6.1 | 6.1 (June 25, 2026) | final |
united-states |
Privacy (3)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| EU GDPR | Regulation (EU) 2016/679 | final |
european-union, eea, extraterritorial |
| NIST Privacy Framework | 1.0 final; 1.1 Initial Public Draft | draft-update |
global, united-states |
| ISO/IEC 27701:2025 | 2025 | final |
global |
Product and software security (9)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| NIST SSDF 1.1 | SP 800-218 v1.1 | final |
global, united-states |
| SLSA v1.2 | 1.2 | final |
global |
| OWASP ASVS 5.0.0 | 5.0.0 | final |
global |
| OWASP API Top 10:2023 | 2023 | final |
global |
| OWASP MASVS 2.1.0 | 2.1.0 | final |
global |
| OWASP SAMM 2.1 | 2.1 | final |
global |
| OpenSSF OSPS Baseline | 2026.02.19 | final |
global |
| EU Cyber Resilience Act | Regulation (EU) 2024/2847 | phased-implementation |
european-union, extraterritorial |
| NIST IoT 8259 Series | NISTIR 8259 Rev. 1 series (April 2026) | final |
global, united-states |
Regulated industries (6)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| PCI DSS 4.0.1 | 4.0.1 | final |
global |
| HIPAA Security Rule | Current effective rule (2026-07-12) | final |
united-states |
| GLBA Safeguards Rule | Current rule (2026-07-12) | final |
united-states |
| NYDFS Part 500 | Second Amendment, effective November 1, 2023 with phased dates | phased-implementation |
united-states, new-york |
| FDA Medical Device Cybersecurity | Final Guidance, February 2026 | final |
united-states |
| EU DORA | Regulation (EU) 2022/2554 | final |
european-union |
Security programs (3)
| Framework | Version | Status | Jurisdiction |
|---|---|---|---|
| CIS Controls v8.1 | 8.1 | final |
global |
| ISO/IEC 27001:2022 | 2022 | final |
global |
| NIST CSF 2.0 | 2.0 | final |
global, united-states |