securitora

Security Frameworks & Compliance Standards

Browse 20+ security frameworks and compliance standards — filter by industry, purpose, geography or audience.

Filter by Industry

Filter by Industry

Filter by Purpose

Risk Management

NIST Cybersecurity Framework 2.0

The go-to framework for managing cybersecurity risk across all organisation types — updated in 2024 with a new Govern function.

NIST · USA · Voluntary · 3 templates

Compliance

ISO 27001:2022

International standard for information security management systems. Certifiable, globally recognised and widely adopted.

ISO · Global · Voluntary · 5 templates

Privacy

GDPR

The EU’s comprehensive data protection regulation — mandatory for any organisation handling EU resident data.

EU · European Union · Mandatory · 4 templates

Compliance

PCI DSS v4.0

Payment Card Industry Data Security Standard — required for all organisations that handle cardholder data.

PCI SSC · Global · Mandatory · 3 templates

Healthcare

HIPAA

US federal law protecting sensitive patient health information. Applies to covered entities and business associates.

HHS · USA · Mandatory · 2 templates

Cloud Security

SOC 2 Type II

Trust Services Criteria audit for service organisations — the standard for demonstrating security to enterprise customers.

AICPA · USA · Voluntary · 3 templates

Government

NIST SP 800-53 Rev 5

Comprehensive security and privacy controls catalogue for US federal systems — the most detailed controls framework available.

NIST · USA · Mandatory · 3 templates

IT Governance

COBIT 2019

Leading framework for IT governance and management — bridges business requirements, technical issues and control risks.

ISACA · Global · Voluntary · 2 templates

Privacy

CCPA / CPRA

California’s comprehensive consumer privacy law giving residents rights over their personal data — strengthened by CPRA in 2023.

California · USA · Mandatory · 2 templates

Cloud Security

CSA Cloud Controls Matrix v4

197 cloud-specific security controls across 17 domains — the definitive framework for cloud security assurance.

CSA · Global · Voluntary · 2 templates

Compliance

SOX — Sarbanes-Oxley Act

US federal law requiring strict financial reporting and internal controls for publicly traded companies — critical for IT and audit teams.

SEC · USA · Mandatory · 2 templates

Showing 11 of 20+ frameworks — more to be added soon.