Compliance Framework Encyclopedia
Comprehensive, free reference for every compliance framework. Understand requirements, controls, and implementation guidance.
GDPR
General Data Protection Regulation
EU regulation on data protection and privacy for individuals within the European Union and European Economic Area.
HIPAA
Health Insurance Portability and Accountability Act
US law providing data privacy and security provisions for safeguarding medical information.
SOC 2
Service Organization Control 2
Auditing procedure ensuring service providers securely manage data to protect interests and privacy of clients.
ISO 27001
Information Security Management System
International standard for managing information security with a systematic approach to managing sensitive information.
PCI DSS
Payment Card Industry Data Security Standard
Security standard for organizations handling branded credit cards from major card schemes.
NIST CSF
NIST Cybersecurity Framework
Framework for improving critical infrastructure cybersecurity with guidelines and best practices.
CCPA/CPRA
California Consumer Privacy Act
State statute enhancing privacy rights and consumer protection for California residents.
SOX
Sarbanes-Oxley Act
Federal law setting standards for public company boards, management, and accounting firms.
FedRAMP
Federal Risk and Authorization Management Program
Government-wide program for security assessment and authorization of cloud products.
CMMC
Cybersecurity Maturity Model Certification
DoD certification for defense contractors to protect controlled unclassified information.
CIS Controls
Center for Internet Security Controls
Prioritized set of actions to protect organizations from known cyber attack vectors.
DORA
Digital Operational Resilience Act
EU regulation on digital operational resilience for the financial sector.
Framework Comparison Tool
Compare requirements and controls across different frameworks.