securitora

Security Frameworks & Compliance Standards

Browse 20+ security frameworks and compliance standards — filter by industry, purpose, geography or audience.

Filter by Industry

Filter by Industry

Filter by Purpose

Risk Management

NIST Cybersecurity Framework 2.0

The go-to framework for managing cybersecurity risk across all organisation types — updated in 2024 with a new Govern function.

NIST · USA · Voluntary · 3 templates

Compliance

ISO 27001:2022

International standard for information security management systems. Certifiable, globally recognised and widely adopted.

ISO · Global · Voluntary · 5 templates

Privacy

GDPR

The EU’s comprehensive data protection regulation — mandatory for any organisation handling EU resident data.

EU · European Union · Mandatory · 4 templates

Compliance

PCI DSS v4.0

Payment Card Industry Data Security Standard — required for all organisations that handle cardholder data.

PCI SSC · Global · Mandatory · 3 templates

Healthcare

HIPAA

US federal law protecting sensitive patient health information. Applies to covered entities and business associates.

HHS · USA · Mandatory · 2 templates

Cloud Security

SOC 2 Type II

Trust Services Criteria audit for service organisations — the standard for demonstrating security to enterprise customers.

AICPA · USA · Voluntary · 3 templates

Government

NIST SP 800-53 Rev 5

Comprehensive security and privacy controls catalogue for US federal systems — the most detailed controls framework available.

NIST · USA · Mandatory · 3 templates

IT Governance

COBIT 2019

Leading framework for IT governance and management — bridges business requirements, technical issues and control risks.

ISACA · Global · Voluntary · 2 templates

Privacy

CCPA / CPRA

California’s comprehensive consumer privacy law giving residents rights over their personal data — strengthened by CPRA in 2023.

California · USA · Mandatory · 2 templates

Cloud Security

CSA Cloud Controls Matrix v4

197 cloud-specific security controls across 17 domains — the definitive framework for cloud security assurance.

CSA · Global · Voluntary · 2 templates

Compliance

SOX — Sarbanes-Oxley Act

US federal law requiring strict financial reporting and internal controls for publicly traded companies.

SEC · USA · Mandatory · 2 templates

Risk Management

COSO Internal Control Framework

The primary framework for designing and evaluating internal controls — foundation of SOX Section 404 compliance.

COSO · Global · Voluntary · 2 templates

Risk Management

CIS Controls v8

18 prioritised cybersecurity actions organised into implementation groups — the most practical starting point for any organisation.

CIS · Global · Voluntary · 3 templates

Healthcare

HITRUST CSF

Certifiable framework integrating HIPAA, NIST, ISO 27001 and PCI DSS — the de facto standard for US healthcare vendors.

HITRUST · USA · Voluntary · 2 templates

Compliance

ISO 27002:2022

Implementation guidance for ISO 27001 Annex A controls — the how to ISO 27001’s what.

ISO · Global · Voluntary · 3 templates

Healthcare

ISO 27799

Healthcare-specific guidance for implementing ISO 27002 controls — covers personal health information and clinical systems security.

ISO · Global · Voluntary · 1 template

AI Governance

ISO 42001:2023

The world’s first certifiable AI management system standard — aligned with the EU AI Act.

ISO · Global · Voluntary · 2 templates

Finance

NYDFS 23 NYCRR 500

Mandatory cybersecurity regulation for DFS-licensed financial entities — amended and strengthened in 2023.

NYDFS · USA · Mandatory · 2 templates

Government

Qatar NIA Policy

National information assurance framework for Qatar government entities and critical infrastructure operators.

MOTC · Qatar · Mandatory · 1 template

Finance

SAMA Cyber Security Framework

Mandatory cybersecurity framework for all SAMA-regulated financial institutions in Saudi Arabia.

SAMA · Saudi Arabia · Mandatory · 2 templates

Finance

SEBI CSCRF

Mandatory cybersecurity framework for India’s capital markets — brokers, AMCs, exchanges and depositories.

SEBI · India · Mandatory · 1 template

IT Governance

SOC 1

AICPA audit standard for internal controls over financial reporting — required by payroll processors and financial data centres.

AICPA · USA · Voluntary · 2 templates

Government

UAE Information Assurance

National information security framework for UAE federal government entities — aligned with ISO 27001 and NIST.

TDRA · UAE · Mandatory · 1 template

IT Governance

ITIL 4

World’s most widely adopted IT service management framework — 34 practices across the Service Value System.

AXELOS · Global · Voluntary · 2 templates

Finance

DORA

EU regulation for digital operational resilience in the financial sector — in force January 2025.

EU · European Union · Mandatory · 2 templates

Government

NIS2 Directive

EU cybersecurity directive covering 18 critical sectors — personal management liability, effective October 2024.

EU · European Union · Mandatory · 2 templates

Showing 26 of 40+ frameworks — more to be added soon.