List of Mandates 

We support the following mandates for report generation. The mandates are categorized by region or sector for your quick reference.

Mandates by Region

Australia

  • APRA Prudential Practice Guide (PPG): CPG 234 - Management of Security Risk in IT
  • Australian Signals Directorate - Essential Eight Maturity Model
  • European Union
  • General Data Protection Regulation (GDPR)

France

ANSSI 40 Essential Measures for a Healthy Network

Global

  • CIS Controls Version 8
  • Cloud Controls Matrix (CCM)
  • ISO/IEC 27001:2013
  • ISO/IEC 27001:2022
  • Payment Card Industry Data Security Standard (PCI-DSS) v3.2.1
  • Payment Card Industry Data Security Standard (PCI-DSS) v4.0
  • SWIFT Customer Security Controls Framework - Customer Security Programme v2021

India

  • IRDAI Guidelines On Information and Cyber Security for Insurers
  • Reserve Bank of India (RBI) - Baseline Cyber Security and Resilience Requirements (Annex 1)

New Zealand

New Zealand Information Security Manual (NZISM)

North America

NERC Critical Infrastructure Protection (CIP)

Singapore

  • MAS - Notice 834: Cyber Hygiene Practices
  • Technology Risk Management (TRM) Guidelines

United Arab Emirates (UAE)

NESA UAE Information Assurance Standards (IAS)

United Kingdom

NCSC Basic Cyber Security Controls (BCSC)

United States

  • 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
  • CJIS Security Policy
  • Cybersecurity Maturity Model Certification (CMMC) Level 1
  • Cybersecurity Maturity Model Certification (CMMC) Level 2
  • Cybersecurity Maturity Model Certification (CMMC) Level 3
  • Cybersecurity Maturity Model Certification (CMMC) Level 4
  • Cybersecurity Maturity Model Certification (CMMC) Level 5
  • Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline
  • HIPAA Security Rule 45 CFR Parts 160/164, Subparts A/C:1996
  • IRS Publication 1075
  • Minimum Acceptable Risk Standards for Exchanges (MARS-E)
  • NIST 800-53 (Special Publication)
  • NIST Special Publication 800-171
  • Sarbanes-Oxley Act: IT Security
  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2
  • The NIST Cybersecurity Framework (CSF)
  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1

Mandates by Sector

General

  • 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
  • ANSSI 40 Essential Measures for a Healthy Network
  • Australian Signals Directorate - Essential Eight Maturity Model
  • CIS Controls Version 8
  • General Data Protection Regulation (GDPR)
  • ISO/IEC 27001:2013
  • ISO/IEC 27001:2022
  • NCSC Basic Cyber Security Controls (BCSC)
  • NESA UAE Information Assurance Standards (IAS)
  • NIST 800-53 (Special Publication)
  • NIST Special Publication 800-171
  • The NIST Cybersecurity Framework (CSF)

Banking

Reserve Bank of India (RBI) - Baseline Cyber Security and Resilience Requirements (Annex 1)

Cloud

Cloud Controls Matrix (CCM)

Defense

  • Cybersecurity Maturity Model Certification (CMMC) Level 1
  • Cybersecurity Maturity Model Certification (CMMC) Level 2
  • Cybersecurity Maturity Model Certification (CMMC) Level 3
  • Cybersecurity Maturity Model Certification (CMMC) Level 4
  • Cybersecurity Maturity Model Certification (CMMC) Level 5
  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1
  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2

Energy

NERC Critical Infrastructure Protection (CIP)

Financial Services

  • APRA Prudential Practice Guide (PPG): CPG 234 - Management of Security Risk in IT
  • MAS - Notice 834: Cyber Hygiene Practices
  • SWIFT Customer Security Controls Framework - Customer Security Programme v2021
  • Technology Risk Management (TRM) Guidelines

Government

  • Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline
  • Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline
  • IRS Publication 1075
  • New Zealand Information Security Manual (NZISM)

Healthcare

  • HIPAA Security Rule 45 CFR Parts 160/164, Subparts A/C:1996
  • Minimum Acceptable Risk Standards for Exchanges (MARS-E)

Insurance

IRDAI Guidelines On Information and Cyber Security for Insurers

Law Enforcement

CJIS Security Policy

Payment Card

  • Payment Card Industry Data Security Standard (PCI-DSS) v3.2.1
  • Payment Card Industry Data Security Standard (PCI-DSS) v4.0

Public Companies

Sarbanes-Oxley Act: IT Security

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.