<?xml version="1.0" encoding="utf-8"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Compliance standards on security-recipes.ai</title><link>https://security-recipes.ai/recipes/general/compliance-standards/</link><description>Recent content in Compliance standards on security-recipes.ai</description><language>en-us</language><atom:link href="https://security-recipes.ai/recipes/general/compliance-standards/index.xml" rel="self" type="application/rss+xml"/><item><title>CIS Controls v8.1 Safeguard Implementation Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/cis-controls-safeguard-implementation-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/cis-controls-safeguard-implementation-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations using the CIS Controls and Implementation Groups to prioritize a defensible baseline security program.</description></item><item><title>ISO/IEC 27001:2022 ISMS Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/iso27001-secure-development-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/iso27001-secure-development-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations operating or preparing to certify an information security management system against ISO/IEC 27001:2022.</description></item><item><title>NIST SSDF 1.1 Repository Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-ssdf-repo-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-ssdf-repo-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Software producers assessing secure development practices and repository evidence against NIST SP 800-218.</description></item><item><title>PCI DSS 4.0.1 Cardholder Data Environment Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/pci-dss-cde-agent-boundary-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/pci-dss-cde-agent-boundary-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Entities that store, process, or transmit payment account data, and service providers that can affect the cardholder data environment.</description></item><item><title>SLSA v1.2 Build and Source Provenance Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/slsa-provenance-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/slsa-provenance-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Software producers and consumers evaluating source and build integrity using SLSA v1.2 tracks and provenance.</description></item><item><title>SOC 2 Trust Services Criteria Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/soc2-change-management-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/soc2-change-management-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Service organizations preparing evidence for a SOC 2 examination using the applicable Trust Services Criteria.</description></item><item><title>NIST SP 800-218A AI Model Development Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/ai-governance-oversight-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/ai-governance-oversight-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations extending secure software development practices to AI model development across the AI lifecycle.</description></item><item><title>NIST Cybersecurity Framework 2.0 Profile Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-csf-2-0-profile-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-csf-2-0-profile-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations using CSF 2.0 Organizational Profiles and Tiers to communicate and improve cybersecurity risk outcomes.</description></item><item><title>NIST SP 800-53 Rev. 5 Control Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-sp-800-53-rev5-control-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-sp-800-53-rev5-control-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Information systems using an organization-selected NIST SP 800-53 Rev. 5 control baseline or overlay.</description></item><item><title>NIST SP 800-171 Rev. 3 CUI Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-sp-800-171-rev3-cui-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-sp-800-171-rev3-cui-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Nonfederal organizations protecting Controlled Unclassified Information in systems subject to federal contract or policy requirements.</description></item><item><title>HIPAA Security Rule Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/hipaa-security-rule-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/hipaa-security-rule-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>HIPAA covered entities and business associates protecting electronic protected health information; the January 2025 modification remains proposed, not final.</description></item><item><title>EU GDPR Accountability Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/eu-gdpr-accountability-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/eu-gdpr-accountability-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Controllers and processors handling personal data within GDPR territorial scope, including applicable extraterritorial processing.</description></item><item><title>CSA Cloud Controls Matrix v4.1 Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/csa-ccm-4-1-cloud-control-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/csa-ccm-4-1-cloud-control-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Cloud service providers and cloud customers assessing cloud control responsibilities using CSA CCM v4.1.</description></item><item><title>COBIT 2019 Governance System Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/cobit-2019-governance-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/cobit-2019-governance-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Enterprises designing, evaluating, or improving governance of information and technology using COBIT 2019.</description></item><item><title>SOX IT General Controls Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/sox-itgc-financial-reporting-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/sox-itgc-financial-reporting-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Public-company financial reporting environments where IT general controls support internal control over financial reporting; AS 2201 amendments become effective December 15, 2026.</description></item><item><title>FTC GLBA Safeguards Rule Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/glba-safeguards-rule-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/glba-safeguards-rule-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>FTC-regulated financial institutions maintaining a written information security program for customer information.</description></item><item><title>NYDFS 23 NYCRR Part 500 Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nydfs-part-500-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nydfs-part-500-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>NYDFS covered entities, with obligations determined by covered-entity and class-A status and the amendment&#39;s phased effective dates.</description></item><item><title>SEC Cybersecurity Disclosure Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/sec-cybersecurity-disclosure-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/sec-cybersecurity-disclosure-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>SEC reporting companies preparing evidence for material cybersecurity incident and annual risk-management, strategy, and governance disclosures.</description></item><item><title>OWASP ASVS 5.0.0 Application Verification Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/owasp-asvs-5-0-0-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/owasp-asvs-5-0-0-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Teams specifying or verifying web application security requirements against an explicitly selected ASVS level and version.</description></item><item><title>OWASP API Security Top 10:2023 Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/owasp-api-security-top-10-2023-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/owasp-api-security-top-10-2023-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>API owners using the 2023 risk categories to drive threat review, testing, and remediation; it is not a certification standard.</description></item><item><title>OWASP MASVS 2.1.0 Mobile Application Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/owasp-masvs-2-1-0-mobile-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/owasp-masvs-2-1-0-mobile-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Native and cross-platform mobile application teams verifying security and privacy properties against MASVS 2.1.0.</description></item><item><title>OWASP SAMM 2.1 Software Assurance Maturity Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/owasp-samm-2-1-program-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/owasp-samm-2-1-program-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations measuring and improving a software security program using the OWASP SAMM maturity model.</description></item><item><title>OpenSSF OSPS Baseline Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/openssf-osps-baseline-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/openssf-osps-baseline-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Open source projects and downstream consumers evaluating baseline security practices at an explicitly selected OSPS level.</description></item><item><title>EU Cyber Resilience Act Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/eu-cyber-resilience-act-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/eu-cyber-resilience-act-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Manufacturers, importers, and distributors of products with digital elements placed on the EU market, subject to role, product, and exception analysis.</description></item><item><title>NISTIR 8259 Rev. 1 IoT Product Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-iot-8259-rev1-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-iot-8259-rev1-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>IoT product manufacturers and integrators establishing product cybersecurity capabilities and manufacturer supporting activities.</description></item><item><title>FDA Medical Device Cybersecurity Premarket Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/fda-medical-device-cybersecurity-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/fda-medical-device-cybersecurity-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Medical device manufacturers preparing premarket cybersecurity documentation; the February 2026 final guidance supersedes the June 2025 version.</description></item><item><title>IEC 62443 Industrial Security Program Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/iec-62443-industrial-security-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/iec-62443-industrial-security-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Asset owners and product suppliers evaluating industrial automation and control system security programs against organization-licensed IEC 62443 parts.</description></item><item><title>NERC CIP Applicable Standards Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nerc-cip-applicable-standards-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nerc-cip-applicable-standards-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Registered entities with Bulk Electric System Cyber Systems; applicability and effective versions must be established from the current NERC standards and implementation plans.</description></item><item><title>NIST AI Risk Management Framework 1.0 Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-ai-rmf-1-0-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-ai-rmf-1-0-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations governing, mapping, measuring, and managing AI risks using AI RMF 1.0 while NIST develops a revision.</description></item><item><title>ISO/IEC 42001:2023 AI Management System Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/iso42001-ai-management-system-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/iso42001-ai-management-system-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations establishing, operating, or preparing to certify an AI management system against ISO/IEC 42001:2023.</description></item><item><title>EU AI Act Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/eu-ai-act-evidence-readiness-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/eu-ai-act-evidence-readiness-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>AI providers, deployers, importers, distributors, and product manufacturers after role, system classification, exclusions, and current phased dates are verified with official Commission guidance.</description></item><item><title>FedRAMP 2026 Rev. 5 Authorization Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/fedramp-2026-rev5-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/fedramp-2026-rev5-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Cloud service offerings pursuing or maintaining a FedRAMP authorization under the 2026 consolidated rules and Rev. 5 control baseline.</description></item><item><title>CMMC 2.0 Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/cmmc-2-0-evidence-readiness-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/cmmc-2-0-evidence-readiness-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Defense contractors and subcontractors whose solicitations or contracts specify a CMMC level and assessment requirement for FCI or CUI.</description></item><item><title>CJIS Security Policy v6.1 Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/cjis-security-policy-6-1-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/cjis-security-policy-6-1-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Criminal justice agencies, noncriminal justice agencies, and service providers handling Criminal Justice Information under applicable agreements.</description></item><item><title>CISA Cross-Sector Cybersecurity Performance Goals Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/cisa-cross-sector-cpg-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/cisa-cross-sector-cpg-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Critical infrastructure owners and operators prioritizing a voluntary baseline of high-impact cybersecurity practices while CISA updates the CPGs for CSF 2.0.</description></item><item><title>EU Digital Operational Resilience Act Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/eu-dora-evidence-readiness-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/eu-dora-evidence-readiness-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>EU financial entities and relevant ICT third-party service relationships after entity, proportionality, and exemption analysis.</description></item><item><title>EU NIS2 Directive Evidence Readiness Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/eu-nis2-evidence-readiness-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/eu-nis2-evidence-readiness-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Entities potentially classified as essential or important under NIS2 and the applicable member-state implementing law.</description></item><item><title>NIST Privacy Framework 1.0 Profile Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/nist-privacy-framework-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/nist-privacy-framework-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations using Privacy Framework 1.0 to manage privacy risk; version 1.1 remains an Initial Public Draft and must not be treated as final.</description></item><item><title>ISO/IEC 27701:2025 Privacy Information Management Evidence Check</title><link>https://security-recipes.ai/recipes/general/compliance-standards/iso27701-2025-privacy-management-evidence-check/</link><guid>https://security-recipes.ai/recipes/general/compliance-standards/iso27701-2025-privacy-management-evidence-check/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Organizations establishing, operating, or preparing to certify a privacy information management system against ISO/IEC 27701:2025.</description></item></channel></rss>