+80&nbsp;Frameworks, regulations &amp;&nbsp;standards

National Institute of Standards and Technology

ISO 27001 is an international standard for information security management. It provides a structured framework to identify risks, implement controls, and protect sensitive data. By following its guidelines, organizations can ensure the confidentiality, integrity, and availability of their information.

NIS2

NIS2 Directive

The NIS2 Directive is an EU regulation focused on strengthening cybersecurity across critical sectors. It sets requirements for risk management, incident reporting, and governance to improve resilience and protect essential services from cyber threats.

CyberFundamentals

CCB Cyberfundamentals

The Belgian Cyber Fundamentals Framework is a national guideline developed by the Centre for Cybersecurity Belgium (CCB). It outlines essential cybersecurity measures tailored to Belgian organizations, focusing on practical steps to reduce cyber risks and improve overall resilience.

NIST CSF

The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It helps organizations manage and reduce cybersecurity risks through five core functions: Identify, Protect, Detect, Respond, and Recover.

CIS Controls

Center for Internet Security

The CIS Controls are a set of prioritized cybersecurity best practices developed by the Center for Internet Security. They help organizations strengthen their security posture by focusing on practical, high-impact actions to prevent common cyber threats.

ISO/IEC 42001:2023

General Data Protection Regulation

ISO/IEC 42001 is the first international standard for managing AI systems responsibly. It provides a framework for establishing, implementing, and improving an Artificial Intelligence Management System (AIMS), focusing on transparency, accountability, and risk management.

GDPR

The GDPR is the EU’s data protection regulation that sets strict rules for how personal data is collected, processed, and stored. It aims to give individuals more control over their data and holds organizations accountable for protecting privacy.

AI Act

EU's AI Act

The AI Act is the EU’s upcoming regulation for artificial intelligence, aiming to ensure AI systems are safe, transparent, and respect fundamental rights. It introduces risk-based rules, with stricter requirements for high-risk AI applications.

PCI-DSS

PCI Security Standards Council

PCI DSS is a global security standard for organizations that handle credit card data. It outlines technical and operational requirements to protect cardholder information and reduce the risk of fraud and data breaches.

Cybersecurity Act

EU Cybersecurity Act

The EU Cybersecurity Act strengthens Europe’s cybersecurity framework by establishing a certification scheme for ICT products and services. It also reinforces the role of ENISA, the EU’s cybersecurity agency, in supporting member states and coordinating response efforts.

SCF

Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive set of cybersecurity and privacy controls designed to support multiple compliance requirements. It helps organizations build a robust security program by mapping controls across various standards and regulations.

HIPAA

Health Insurance Portability and Accountability Act

HIPAA is a U.S. regulation that protects the privacy and security of individuals’ health information. It sets rules for how healthcare organizations handle, store, and share medical data, with strict safeguards to prevent unauthorized access.

SOC2

System and Organization Controls

SOC 2 is a compliance standard for service organizations that handle customer data. It focuses on five trust principles: security, availability, processing integrity, confidentiality, and privacy—to ensure effective data protection and operational controls.

ITIL

Information Technology Infrastructure Library

ITIL is a framework for IT service management that helps organizations deliver high-quality IT services. It focuses on aligning IT processes with business needs through best practices in areas like incident management, change control, and continuous improvement.

CCPA

California Consumer Privacy Act

The CCPA is a California privacy law that gives consumers more control over their personal data. It requires businesses to disclose data practices, allow opt-outs from data sales, and ensure proper data protection and transparency.

HDS

Hébergement de Données de Santé

HDS (Hébergement de Données de Santé) is a French certification required for hosting health data. It ensures that service providers meet strict security, privacy, and compliance standards for storing and processing sensitive medical information.

Cyber Essentials

National Cyber Security Center

Cyber Essentials is a UK government-backed certification that outlines basic cybersecurity measures. It helps organizations protect against common threats by implementing key controls like firewalls, secure configurations, and access management.

IT-Grundschutz

Bundesamt für Sicherheit in der Informationstechnik

BSI IT-Grundschutz is a German cybersecurity framework developed by the Federal Office for Information Security (BSI). It provides a comprehensive approach to managing information security through standardized controls, risk assessments, and best practices tailored to various IT environments.

RGS

ANSSI

RGS (Référentiel Général de Sécurité) is a French regulatory framework that sets security requirements for digital services in the public sector. It ensures trust, data integrity, and authentication through certified processes and secure electronic communications.

Data Governance Act

EU Data Governance Act

The Data Governance Act is an EU regulation aimed at fostering data sharing across sectors while ensuring trust and privacy. It creates a framework for data intermediaries and reuse of public sector data, promoting transparency and innovation in the digital economy.

SecNumCloud

ANSSI

SecNumCloud is a French cybersecurity certification issued by ANSSI for cloud service providers. It ensures high levels of security and compliance with national requirements, particularly for handling sensitive or government-related data in the cloud.

ÖNORM A 2700 series

Austrian Standards

The ÖNORM A 2700 series is an Austrian standard focused on information security and data protection. It provides guidelines for establishing secure IT processes and aligning with legal and regulatory requirements, supporting both technical and organizational measures.

KRITIS

The KRITIS Regulation is a German framework that mandates cybersecurity measures for operators of critical infrastructure. It ensures essential services like energy, water, and healthcare are protected against cyber threats through risk management, reporting duties, and regular audits.

CMMC

Cybersecurity Maturity Model Certification

CMMC (Cybersecurity Maturity Model Certification) is a U.S. framework designed to protect sensitive government data in the defense supply chain. It sets cybersecurity requirements for contractors, with maturity levels that reflect the strength of their security practices.

AIRCYBER

BoostAeroSpace

AIRCYBER is a French cybersecurity framework for the aerospace and defense sectors, developed by GIFAS. It sets security requirements for suppliers, focusing on protecting sensitive information and ensuring resilience across the aerospace industry's supply chain.

ICT Minimum Standard

Confédération Suisse

The Swiss ICT Minimum Standard is a national cybersecurity guideline developed by the Swiss government. It provides baseline security requirements for organizations operating critical infrastructures, aiming to improve resilience and protect against cyber threats through practical, risk-based controls.

BIO

Baseline Informatiebeveilig Overheid

BIO (Baseline Informatiebeveiliging Overheid) is the Dutch government’s standard for information security. It provides a unified framework for public sector organizations to protect data, manage risks, and ensure compliance with laws like the GDPR and WBB.

ISO/IEC 27002:2022

ISO/IEC 27002 is a complementary standard to ISO 27001 that provides detailed guidance on selecting and implementing information security controls. It offers best practices for managing risks and protecting information assets across various domains.

ISO/IEC 27005:2022

ISO/IEC 27005 is a standard that provides guidelines for information security risk management. It supports ISO 27001 by offering a structured approach to identifying, assessing, and treating risks to ensure effective protection of information assets.

PART-IS

EASA

Part-IS is an EU aviation regulation that sets cybersecurity requirements for aviation organizations. It ensures critical systems and data are protected through risk management, incident reporting, and security controls within an Information Security Management System (ISMS).

NIST AI Risk Management Framework

International Traffic of Arms Regulations

The NIST AI Risk Management Framework is a U.S. guideline for managing risks associated with artificial intelligence. It helps organizations design, develop, and deploy AI systems responsibly by focusing on trustworthiness, fairness, transparency, and accountability.

Cyber Assessment Framework

NCSC

The Cyber Assessment Framework (CAF) is a UK government tool used to assess the cybersecurity of essential services. It helps organizations measure how well they manage cyber risks across four key objectives: managing security risk, protecting systems, detecting incidents, and minimizing impact.

MASVS

OWASP

The Mobile Application Security Verification Standard (MASVS) is a framework developed by OWASP for assessing the security of mobile apps. It provides a set of baseline security requirements covering areas like data storage, authentication, cryptography, and code integrity to ensure secure mobile development and testing.

LPM

République française

The Loi de Programmation Militaire (LPM) is a French law that outlines national defense and security priorities. It includes cybersecurity requirements for operators of vital importance (OIV), mandating risk management, incident reporting, and coordination with ANSSI to protect critical infrastructure.

ITAR

The International Traffic in Arms Regulations (ITAR) is a U.S. regulation that controls the export and import of defense-related articles and services. It restricts access to military technologies to protect national security, requiring organizations to register and comply with strict handling and transfer rules.

Guide d'hygiène informatique

ANSSI

The Guide d’hygiène informatique is a cybersecurity guide published by ANSSI (France’s national cybersecurity agency). It provides practical recommendations for securing information systems, focusing on basic security measures like access control, updates, backups, and user awareness to reduce common cyber risks.

GLBA

Gramm-Leach-Billey Act

The Gramm-Leach-Bliley Act (GLBA) is a U.S. law that requires financial institutions to protect the privacy and security of consumers’ personal financial information. It includes rules on data sharing, customer notices, and safeguards to prevent unauthorized access to sensitive data.

FADP

Federal Act on Data Protection

The Federal Act on Data Protection (FADP) is Switzerland’s main data protection law. It governs how personal data is processed, ensuring transparency, individual rights, and security. The updated version aligns more closely with the GDPR to protect privacy and facilitate cross-border data flows.

ISO 9001:2015

ISO 9001 is an international standard for quality management systems. It helps organizations ensure consistent quality in their products and services by focusing on customer satisfaction, continuous improvement, and efficient processes.

ISO 22301:2019

ISO 22301 is an international standard for business continuity management. It helps organizations prepare for, respond to, and recover from disruptions by establishing a framework to maintain critical operations during emergencies.

eIDAS

eIDAS is an EU regulation that sets standards for electronic identification, authentication, and trust services. It ensures secure and seamless electronic transactions across EU member states by recognizing digital signatures, seals, and certificates with legal validity.

5G Security Controls Matrix

ENISA

The 5G Security Controls Matrix is a framework developed by the GSM Association (GSMA) to guide secure deployment and operation of 5G networks. It outlines security controls across areas like network architecture, access management, encryption, and threat detection to help telecom operators manage risks and protect critical infrastructure.

ISO 37001:2025

ISO 37001 is an international standard for anti-bribery management systems. It helps organizations prevent, detect, and respond to bribery by implementing policies, controls, and procedures that promote integrity and compliance with anti-corruption laws.

CROE

ECB

The Cyber Resilience Oversight Expectations (CROE) by the European Central Bank (ECB) provide guidance for financial market infrastructures (FMIs) to enhance their cyber resilience. It outlines expectations across key domains such as governance, identification, protection, detection, response, recovery, testing, and learning.

CRA

Cyber Resilience Act

The Cyber Resilience Act is an upcoming EU regulation aimed at improving the cybersecurity of digital products and software. It sets mandatory requirements for manufacturers to ensure products are secure by design, regularly updated, and transparent about vulnerabilities throughout their lifecycle.

ISO 37301:2021

ISO 37301 is an international standard for compliance management systems. It helps organizations establish a culture of integrity and accountability by setting up policies, procedures, and controls to meet legal, regulatory, and ethical obligations.

COBIT

ISACA

COBIT (Control Objectives for Information and Related Technologies) is a framework for IT governance and management. Developed by ISACA, it helps organizations align IT strategy with business goals, manage risks, and ensure effective use of technology through structured processes and controls.

CCF

Adobe

The Common Controls Framework (CCF) by Adobe is an internal cybersecurity and compliance framework that maps multiple regulatory and industry standards into a unified set of controls.

ASVS

OWASP

The Application Security Verification Standard (ASVS) is a framework developed by OWASP to define security requirements for web applications. It provides a baseline for designing, developing, and testing secure apps across different assurance levels, covering areas like authentication, access control, and data protection.

ISO 45001:2018

ISO 45001 is an international standard for occupational health and safety management systems. It helps organizations provide safe and healthy workplaces by identifying risks, preventing injuries, and promoting employee well-being through structured processes and continuous improvement.

TIBER-EU

TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) is an EU framework for testing the cyber resilience of financial institutions. It simulates real-world cyberattacks using threat intelligence and red teaming to identify vulnerabilities and improve detection, response, and defense capabilities.

TISAX

ENX

TISAX (Trusted Information Security Assessment Exchange) is a cybersecurity standard developed for the automotive industry. Managed by the ENX Association, it enables companies to assess and exchange information security assessments, focusing on data protection, prototype handling, and third-party risk management.

ISO 14001:2015

International Organization for Standardization

ISO 14001 is an international standard for environmental management systems. It helps organizations reduce their environmental impact by setting up processes for sustainable resource use, waste management, and continuous environmental improvement.

SSDF

The Secure Software Development Framework (SSDF) by NIST provides guidelines to help organizations integrate security into every phase of the software development lifecycle. It includes practices for secure design, coding, testing, and release to reduce vulnerabilities and improve software trustworthiness.

Privacy Framework

International Society of Automation

The NIST Privacy Framework is a voluntary tool that helps organizations manage privacy risks. It provides a structured approach to identifying, protecting, and managing personal data while supporting compliance and building customer trust through transparent and ethical data practices.

ISA/IEC 62443

IEC 62443 is a series of international standards for cybersecurity in industrial automation and control systems (IACS). It provides frameworks and technical requirements to protect critical infrastructure from cyber threats, covering both system and component levels.

IT-Sicherheitsgesetz

BSI

The IT-Sicherheitsgesetz is a German law aimed at strengthening cybersecurity for critical infrastructure and digital services. It requires operators to implement robust security measures, report significant incidents, and work with the BSI (Federal Office for Information Security) to protect national digital infrastructure.

CSSF Circular 20/750

CSSF

CSSF Circular 20/750 sets ICT and security risk management requirements for Luxembourg’s financial sector. It covers governance, risk assessments, incident response, and third-party oversight to strengthen cyber resilience in regulated entities.

ISO 50001:2018

ISO 50001 is an international standard for energy management systems. It helps organizations improve energy efficiency, reduce consumption, and lower environmental impact through structured energy planning and performance monitoring.

CSRD

The CSRD (Corporate Sustainability Reporting Directive) is an EU regulation that requires companies to report on environmental, social, and governance (ESG) factors. It aims to increase transparency, accountability, and comparability in corporate sustainability disclosures.

Public Procurement Directive

Directive 2014/24/EU on public procurement is an EU law that sets rules for how public sector bodies purchase goods, services, and works. It aims to ensure transparency, competition, and equal treatment across member states, while also allowing for strategic goals like innovation, environmental protection, and social responsibility in the procurement process.

ISO 31000:2018

ISO 31000 is an international standard for risk management. It provides principles and guidelines to help organizations identify, assess, and manage risks effectively, supporting better decision-making and resilience across all areas of operation.

NEN 7510

NEN

NEN 7510 is a Dutch standard for information security in healthcare. It provides requirements for protecting patient data and ensuring confidentiality, integrity, and availability of health information within care institutions and their service providers.

PSD2

ECB

PSD2 (Payment Services Directive 2) is an EU regulation that aims to make electronic payments more secure and competitive. It introduces strong customer authentication (SCA), enhances consumer protection, and enables third-party access to payment data with user consent, fostering innovation in financial services.

ISO 19600:2014

ISO 19600 is a guideline for compliance management systems. It helps organizations establish a culture of integrity and meet legal, regulatory, and ethical obligations through effective compliance policies, risk assessments, and continuous improvement.

BASEL III

BIS

Basel III is an international regulatory framework developed by the Basel Committee on Banking Supervision. It aims to strengthen the stability of the banking system by setting stricter capital requirements, introducing liquidity standards, and reducing systemic risk through better risk management practices.

ISO 27701:2019

ISO/IEC 27701 is an international standard for privacy information management. It extends ISO 27001 and 27002 to include requirements and guidelines for managing personal data, helping organizations demonstrate compliance with privacy regulations like the GDPR.

FISMA

CISA

FISMA (Federal Information Security Modernization Act) is a U.S. law that requires federal agencies and their contractors to implement information security programs. It sets standards for protecting government data and systems, emphasizing risk management, continuous monitoring, and compliance with NIST guidelines.

HITRUST CSF

HITRUST

The HITRUST CSF (Common Security Framework) is a certifiable framework that combines requirements from standards like HIPAA, ISO, NIST, and GDPR into a single, comprehensive approach to information risk management. It’s widely used in healthcare and other regulated industries to demonstrate strong security and compliance practices.

SWIFT CSP

SWIFT

The SWIFT Customer Security Programme (CSP) is a global initiative by SWIFT to strengthen the cybersecurity of its member institutions. It requires users to implement mandatory security controls, regularly assess their environments, and report compliance to protect against fraud and cyber threats in financial messaging.

AS9100

SAE

AS9100 is a quality management standard for the aerospace and defense industry, based on ISO 9001 with additional requirements specific to aviation, space, and defense. It ensures consistent product quality, safety, and regulatory compliance across the aerospace supply chain.

ISO 55001:2024

ISO 55001 is an international standard for asset management systems. It provides a framework for managing the lifecycle of assets efficiently and sustainably, helping organizations improve performance, reduce risk, and maximize value from physical and intangible assets.

SOX

US

The Sarbanes-Oxley Act (SOX) is a U.S. law that sets financial reporting and internal control requirements for public companies. It aims to protect investors by improving corporate transparency, preventing fraud, and ensuring the accuracy of financial disclosures.

ENS

ENS Spain

Spain's Esquema Nacional de Seguridad (ENS) is a national cybersecurity framework that sets security requirements for public sector organizations and their service providers. It ensures the protection of information systems and data through risk management, access control, incident response, and continuous monitoring, aligning with EU standards.

ISO 28000:2022

ISO 28000 is an international standard for security management systems in the supply chain. It helps organizations assess and manage security risks related to people, goods, infrastructure, and information, ensuring safe and resilient supply chain operations.

APPI

Japan

APPI (Act on the Protection of Personal Information) is Japan’s main data protection law. It sets rules for how organizations collect, use, and share personal data, requiring consent, transparency, and safeguards to protect individuals' privacy rights.

Essential Eight

ACSC

The Essential Eight is an Australian cybersecurity framework with eight key strategies to prevent cyber threats. It covers areas like patching, access control, backups, and multi-factor authentication to strengthen system defenses.

NIST SP 800-37

NIST SP 800-37 is a U.S. guideline for applying the Risk Management Framework (RMF) to federal information systems. It provides a structured approach to selecting, implementing, and monitoring security controls based on risk.

ISO 41000:2018