Framework Coverage

Comprehensive support for major compliance frameworks including NIST CSF, GDPR, POPIA, COBIT 2019, ITIL 4, Zero Trust Architecture, PCI DSS, and CIS AWS/Azure/GCP Benchmarks with pre-loaded controls, automated assessment questions, and intelligent cross-framework mapping capabilities.

NIST CSF

Version 2.0

Cybersecurity Framework for managing cybersecurity risk across organizational systems.

Framework Coverage

  • All 6 Functions (Govern, Identify, Protect, Detect, Respond, Recover)
  • Complete control mappings and subcategories
  • Assessment questions with weighted scoring
  • Cross-mapping to other frameworks

Use Cases

  • Cybersecurity risk management
  • Regulatory compliance (CMMC, FedRAMP)
  • Third-party risk assessments
  • Security program maturity evaluation

GDPR

Version Current

General Data Protection Regulation for EU data privacy and protection compliance.

Framework Coverage

  • All 99 Articles mapped to controls
  • Data subject rights management
  • Data breach notification requirements
  • Privacy by design and default

Use Cases

  • EU data protection compliance
  • Privacy impact assessments
  • Data processing agreements
  • Consent management tracking

POPIA

Version Current

Protection of Personal Information Act for South African data protection compliance.

Framework Coverage

  • All 8 Conditions for Lawful Processing
  • Information Officer responsibilities
  • Data subject rights and access requests
  • Cross-border data transfer requirements

Use Cases

  • South African data protection compliance
  • Personal information processing assessments
  • Data breach incident management
  • Compliance reporting to Regulator

COBIT

Version 2019

Control Objectives for Information and Related Technologies for IT governance and management.

Framework Coverage

  • All 5 Domains (EDM, APO, BAI, DSS, MEA)
  • 40 Governance and Management Objectives
  • Design factors and focus areas
  • Maturity model assessments

Use Cases

  • IT governance framework implementation
  • IT audit and assurance
  • IT risk management
  • IT service management alignment

ITIL

Version 4

IT Infrastructure Library for IT service management and operations excellence.

Framework Coverage

  • All 4 Dimensions of Service Management
  • 34 Management Practices
  • Service Value System (SVS)
  • Guiding principles and continual improvement

Use Cases

  • IT service management maturity
  • Service delivery optimization
  • Incident and problem management
  • Change management processes

Zero Trust Architecture

Version NIST SP 800-207

Zero Trust Architecture (ZTA) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.

Framework Coverage

  • 7 core domains (Identity, Devices, Networks, Applications, Data, Infrastructure, Policies)
  • Continuous verification and authentication
  • Micro-segmentation controls
  • Least privilege access enforcement

Use Cases

  • Zero trust implementation and assessment
  • Continuous verification and monitoring
  • Micro-segmentation strategy
  • Identity and access management maturity

PCI DSS

Version 4.0

Payment Card Industry Data Security Standard controls for protecting cardholder data across people, processes, and technologies.

Framework Coverage

  • 12 requirement categories
  • Secure network and system configuration
  • Cardholder data protection
  • Access control and monitoring

Use Cases

  • Payment card data protection
  • Merchant compliance assessments
  • PCI audit preparation
  • Cardholder data environment security

CIS AWS Foundations Benchmark

Version 1.5.0

Security best practices for AWS cloud infrastructure following CIS benchmark recommendations.

Framework Coverage

  • Identity and Access Management controls
  • Logging and Monitoring
  • Networking and security groups
  • Cloud infrastructure hardening

Use Cases

  • AWS security hardening
  • Cloud compliance assessments
  • AWS security posture evaluation
  • Cloud infrastructure security audits

CIS Azure Foundations Benchmark

Version 1.5.0

Security best practices for Azure cloud infrastructure following CIS benchmark recommendations.

Framework Coverage

  • Identity and Access Management (Azure AD)
  • Role-Based Access Control (RBAC)
  • Security monitoring and logging
  • Azure resource security configuration

Use Cases

  • Azure security hardening
  • Cloud compliance assessments
  • Azure security posture evaluation
  • Cloud infrastructure security audits

CIS GCP Foundations Benchmark

Version 1.3.0

Security best practices for Google Cloud Platform infrastructure following CIS benchmark recommendations.

Framework Coverage

  • Identity and Access Management (IAM)
  • Service account security
  • Network security and firewall rules
  • GCP resource security configuration

Use Cases

  • GCP security hardening
  • Cloud compliance assessments
  • GCP security posture evaluation
  • Cloud infrastructure security audits

Cross-Framework Mapping

Understand relationships between different compliance frameworks and identify overlapping controls to streamline your compliance efforts. Our AI-powered mapping engine automatically identifies control relationships across NIST, GDPR, POPIA, COBIT, ITIL, Zero Trust, PCI DSS, and CIS cloud benchmarks.

Interactive Framework Matrix

Visualize control relationships and gaps across multiple frameworks

Control Mapping Interface - Framework control mapping and cross-framework analysis

Custom Framework Support

Import your own compliance frameworks or build custom frameworks from scratch. Support for JSON and CSV imports with full control mappings and assessment question builders.

Framework Import

Import frameworks from JSON or CSV files with full control mappings

Framework Builder

Create custom frameworks with categories, controls, and assessment questions

Dynamic Detection

Automatically detect frameworks from imported security scan data