Home / Frameworks

● Framework Intelligence Layer

Map once. Satisfy many.

Eight core frameworks seeded and fully cross-mapped, plus the financial-services and healthcare sets your auditors and regulators expect. Evidence collected against one control credits every mapped control in all the others.

See the matrix → Start with SOC 2

core frameworks seeded

1000s

of mapped control pairs

∞

tenant-private frameworks

1×

assess once, satisfy all

Seeded & cross-mapped

Eight core frameworks, ready on day one.

No setup. Seeded, version-pinned, and cross-mapped the moment your tenant goes live.

NIST CSF

v2.0 · 2024

6 functions · 22 categories · 108 subcategories

ISO 27001

2022

4 themes · 93 Annex A controls

SOC 2

TSC 2017 (rev.)

5 Trust Services Criteria · 61 criteria

NIST 800-53

Rev 5 + FedRAMP

20 families · 500+ controls · L/M/H baselines

PCI DSS

v4.0 · 2022

12 requirements · 78 sub-requirements

CIS Controls

v18

18 controls · 153 safeguards

GDPR / UK GDPR

2018

Articles 5–47 as control objectives

HIPAA

Security & Privacy

Administrative · physical · technical safeguards

Cross-framework propagation

One assessment establishes posture everywhere.

Rate a control in one framework; equivalent ratings surface in every mapped framework for reviewer acceptance. Non-destructive — it surfaces candidates, never auto-writes across frameworks.

Sector framework sets

The regulations your industry actually faces.

Beyond the core eight, the framework library covers the financial-services and healthcare regimes mid-market regulated companies are held to.

Financial Services

DORA

EU FinServ

ICT & third-party risk · Article 28

GLBA

US Banking

Safeguards Rule

FFIEC

US Banking

IT examination handbook

NYDFS

23 NYCRR 500

Cybersecurity regulation

SWIFT CSP

Payments

Annual customer security self-attestation

OCC Third-Party

US Banking

OCC 2013-29 / 2023-1

Healthcare

HITRUST CSF

Healthcare

117 control requirements · assurance levels

HIPAA Security Rule

Healthcare

Admin / physical / technical safeguards

FDA Cyber

Med-device

2023 premarket cybersecurity guidance

Compliance operations

The intelligence layer that keeps it honest.

Cross-mapping is only useful if it stays current. These operations keep your framework coverage live, auditable, and reusable.

◆

Cross-Framework Propagation

Assess once; equivalent ratings surface across mapped frameworks for reviewer acceptance — never auto-written.

◆

Tenant-Private Frameworks

Add your own internal standards alongside the seeded catalog, cross-mapped to the rest.

◆

Drift Report

A weekly digest of divergence between mapped control pairs, so posture never silently rots.

◆

Evidence Reuse Engine

One piece of evidence credits every mapped control across every framework — collect once, satisfy many.

Collect evidence once. Satisfy every framework.

Your SOC 2 work pays forward to ISO 27001, NIST CSF, HIPAA, and the rest. Add your own internal standards and the engine cross-maps those too.

Start with SOC 2 → Start free →