List of Mandates 

We support the following mandates for report generation.

  • ISO/IEC 27001:2013 

  • Cloud Controls Matrix (CCM) 

  • NERC Critical Infrastructure Protection (CIP) 

  • Health Insurance Portability and Accountability (HIPAA) Security Rule 45 CFR Parts 160/164, Subparts A/C:1996 

  • ANSSI 40 Essential Measures for a Healthy Network 

  • Reserve Bank of India (RBI) - Baseline Cyber Security and Resilience Requirements (Annex 1) 

  • NESA UAE Information Assurance Standards (IAS) 

  • APRA Prudential Practice Guide (PPG): CPG 234 - Management of Security Risk in Information and Information Technology 

  • IRDAI Guidelines On Information and Cyber Security for Insurers 

  • General Data Protection Regulation (GDPR) 

  • Minimum Acceptable Risk Standards for Exchanges (MARS-E) 

  • NCSC Basic Cyber Security Controls (BCSC) 

  • IRS Publication 1075 

  • Sarbanes-Oxley Act: IT Security 

  • Monetary Authority of Singapore (MAS) - Notice 834: Cyber Hygiene Practices 

  • NIST Special Publication 800-171 

  • CIS Controls Version 8 

  • Criminal Justice Information Services (CJIS) Security Policy 

  • Cybersecurity Maturity Model Certification (CMMC) Level 1 

  • Cybersecurity Maturity Model Certification (CMMC) Level 2 

  • Cybersecurity Maturity Model Certification (CMMC) Level 4 

  • Cybersecurity Maturity Model Certification (CMMC) Level 5 

  • Cybersecurity Maturity Model Certification (CMMC) Level 3 

  • Payment Card Industry Data Security Standard (PCI-DSS) v3.2.1 

  • SWIFT Customer Security Controls Framework - Customer Security Programme v2021

  • NIST 800-53 (Special Publication)

  • New Zealand Information Security Manual (NZISM)

  • 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

  • Australian Signals Directorate - Essential Eight Maturity Model

  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1

  • US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2

  • Technology Risk Management (TRM) Guidelines

  • Payment Card Industry Data Security Standard (PCI-DSS) v4.0

  • Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline

  • Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline

  • Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline

  • Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline

  • ISO/IEC 27001:2022

  • The NIST Cybersecurity Framework (CSF)

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.