List of Mandates
We support the following mandates for report generation. The mandates are categorized by region or sector for your quick reference.
Mandates by Region
Australia
- APRA Prudential Practice Guide (PPG): CPG 234 - Management of Security Risk in IT v1.0
- The Australian Signals Directorate - The Essential 8 Strategies (ASD 8) (Nov 2023)
- Australian Signals Directorate Information Security Manual (ISM) (Jun 2024)
European Union
- General Data Protection Regulation (GDPR), (EU) 2016/679
- The Network and Information Systems (NIS 2 Directive) (EU) 2022/2555
France
ANSSI 40 Essential Measures for a Healthy Network v1.0
Global
- California Consumer Privacy Act of 2018 (SB-1121) (Jan 1, 2020)
- CIS Controls v8.0
- CIS Controls v8.1
- Cloud Controls Matrix (CCM) v3.0.1
- ISO/IEC 27001:2022 Third Edition 2022-10
- Microsoft Cloud Security Benchmark (MCSB) v1.0
- Payment Card Industry Data Security Standard (PCI-DSS) v4.0
- SWIFT Customer Security Controls Framework - Customer Security Programme v2024
India
- IRDAI Guidelines On Information and Cyber Security for Insurers v1.0
- Reserve Bank of India (RBI) - Baseline Cyber Security and Resilience Requirements (Annex 1) v1.0 (June 2, 2016)
New Zealand
New Zealand Information Security Manual (NZISM) v3.2
North America
NERC Critical Infrastructure Protection (CIP) v5.0
Singapore
- Monetary Authority of Singapore (MAS) - Notice 834: Cyber Hygiene Practices (Issue date: Aug 6, 2019)
- Technology Risk Management (TRM) Guidelines, Jan-2021
United Arab Emirates (UAE)
NESA UAE Information Assurance Standards (IAS) v1.0
United Kingdom
NCSC Basic Cyber Security Controls (BCSC) v1.0 (Aug 2017)
United States
- 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
- Criminal Justice Information Services (CJIS) Security Policy v5.9
- Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline, Rev. 5
- Gramm-Leach-Bliley Act (GLBA), version 2004
- Health Insurance Portability and Accountability (HIPAA) Security Rule 45 CFR Parts 160/164, Subparts A/C:1996, v2.0 Rev 3, 2007
- IRS Publication 1075, Rev. 11-2016
- Minimum Acceptable Risk Standards for Exchanges (MARS-E) v2.0
- NIST 800-53 (Special Publication), Rev 5
- NIST Special Publication 800-171, Rev 3
- Sarbanes-Oxley Act: IT Security v2002
- US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2
- The NIST Cybersecurity Framework (CSF) v2.0
- US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1
Mandates by Sector
General
- 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
- ANSSI 40 Essential Measures for a Healthy Network v1.0
- The Australian Signals Directorate - The Essential 8 Strategies (ASD 8) (Nov 2023)
- Australian Signals Directorate Information Security Manual (ISM) (Jun 2024)
- California Consumer Privacy Act of 2018 (SB-1121) (Jan 1, 2020)
- CIS Controls v8.0
- CIS Controls v8.1
- General Data Protection Regulation (GDPR), (EU) 2016/679
- ISO/IEC 27001:2022 Third Edition 2022-10
- Microsoft cloud security benchmark (MCSB) v1.0
- NCSC Basic Cyber Security Controls (BCSC) v1.0 (Aug 2017)
- The Network and Information Systems (NIS 2 Directive) (EU) 2022/2555
- NESA UAE Information Assurance Standards (IAS) v1.0
- NIST 800-53 (Special Publication), Rev 5
- NIST Special Publication 800-171, Rev 3
- The NIST Cybersecurity Framework (CSF) v2.0
Banking
Reserve Bank of India (RBI) - Baseline Cyber Security and Resilience Requirements (Annex 1) v1.0 (June 2, 2016)
Cloud
Cloud Controls Matrix (CCM) v3.0.1
Defense
- US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1
- US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2
Energy
NERC Critical Infrastructure Protection (CIP) v5.0
Financial Services
- APRA Prudential Practice Guide (PPG): CPG 234 - Management of Security Risk in IT v1.0
- Gramm-Leach-Bliley Act (GLBA), version 2004
- Monetary Authority of Singapore (MAS) - Notice 834: Cyber Hygiene Practices (Issue date: Aug 6, 2019)
- SWIFT Customer Security Controls Framework - Customer Security Programme v2024
- Technology Risk Management (TRM) Guidelines, Jan-2021
Government
- Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline, Rev. 5
- Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline, Rev. 5
- IRS Publication 1075, Rev. 11-2016
- New Zealand Information Security Manual (NZISM) v3.2
Healthcare
- Health Insurance Portability and Accountability (HIPAA) Security Rule 45 CFR Parts 160/164, Subparts A/C:1996, v2.0 Rev 3, 2007
- Minimum Acceptable Risk Standards for Exchanges (MARS-E) v2.0
Insurance
IRDAI Guidelines On Information and Cyber Security for Insurers v1.0
Law Enforcement
Criminal Justice Information Services (CJIS) Security Policy v5.9
Payment Card
- Payment Card Industry Data Security Standard (PCI-DSS) v4.0
Public Companies
Sarbanes-Oxley Act: IT Security v2002