hero-three-bg
icon

Streamline and follow the most rigorous security and privacy standards

Secureframe enables compliance with the most in-demand frameworks to accelerate sales cycles and make it easy to prove your security posture. Each supported framework includes control mapping to framework requirements, automated control testing that collects compliance evidence from integrated technologies, and built-in Secureframe tools such as policy management as required by each framework.

Commercial security frameworks

icon

SOC 2

SOC 2 is a cybersecurity compliance framework developed for service and technology providers that handle customer data. SOC 2 drives organizations to build strong, continuous security processes to protect their customer data.

icon

ISO 27001:2022

ISO 27001 is a universal standard built for organizations around the globe to establish, maintain, and continually improve their information security management system (ISMS).

icon

PCI DSS

Merchants or service providers that process, store, transmit, or impact credit card data need to meet the 300+ PCI DSS requirements to safeguard cardholder data.

icon

Cyber Essentials

Cyber Essentials is a certificate required for organizations working with the UK government to protect against common online threats by implementing a baseline of five essential security controls and best practices.

icon

NYDFS NYCRR 500

The New York Department of Financial Services (NYDFS) requires covered entities to uphold cybersecurity requirements related to protecting sensitive customer data and the overall security of systems and personnel within your NYDFS scope.

icon

FTC Safeguards Rule

Financial institutions that are under the jurisdiction of the Federal Trade Commission (FTC) need to meet the Safeguards Rule to protect the security of customer data.

icon

Microsoft SSPA

Suppliers that are part of Microsoft's information supply chain need to comply with Microsoft’s Supplier Privacy and Assurance Standards (SSPA) and complete an assessment against Microsoft’s Data Protection Requirements (DPR).

Federal security frameworks

icon

NIST 800-53 - High

NIST 800-53 - High includes the greatest amount of controls to help federal agencies and their supporting contractors protect their data and systems and comply with the Federal Information Security Modernization Act (FISMA). Organizations should comply with NIST 800-53 - High if the loss of sensitive data would have a severe or catastrophic impact on their business.

NIST 800-53 - Moderate

NIST 800-53 - Moderate includes controls to help federal agencies and their supporting contractors protect their data and systems and comply with the Federal Information Security Modernization Act (FISMA). Organizations should comply with NIST 800-53 - Moderate if the loss of sensitive data would have a sufficient, but not catastrophic, impact on their business.

NIST 800-53 - Low

NIST 800-53 - low includes the least amount of controls to help federal agencies and their supporting contractors protect their data and systems and comply with the Federal Information Security Modernization Act (FISMA). Organizations should comply with NIST 800-53 - Low if the loss of sensitive data would have a minor impact on their business. 

icon

NIST 800-171

Contractors and subcontractors working with federal or state agencies that handle Controlled Unclassified Information (CUI) must comply with NIST 800-171.

icon

NIST CSF

The NIST Cybersecurity Framework (NIST CSF) is required for any organization that works with the US federal government, institutions supported by federal grants, or within the supply chain for a federal agency. NIST CSF helps organizations understand risk and improve their cybersecurity programs.

CJIS

The Criminal Justice Information Services (CJIS) framework is for government entities that access or manage sensitive information from the US Justice Department. CJIS is designed to ensure data security in law enforcement. 

CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is an evolving model that contractors working with the Department of Defense (DoD) and other federal agencies must meet. 

Data privacy frameworks

icon

HIPAA

Modern healthcare plans, providers, insurers, clearinghouses, biotech organizations, and pharmaceutical organizations must achieve and maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA).

ISO 27701

ISO 27701 is the data privacy extension of ISO 27001. ISO 27001 is for organizations around the globe to establish, maintain, and continually improve their information security management system (ISMS).

icon

GDPR

Organizations that handle European Union (EU) and United Kingdom (UK) customer data must uphold the various privacy and security requirements to comply with the General Data Protection Regulation (GDPR).

icon

CCPA

Businesses that target or collect the personal data of California residents need to achieve and maintain compliance with the California Consumer Protection Act (CCPA).

CPRA

The California Privacy Rights Act (CPRA) amends CCPA's consumer rights by introducing new requirements for businesses to protect customer data and includes an enforcement agency, the California Privacy Protection Agency (CPPA).

Additional frameworks

icon

Custom

Use Secureframe to create custom frameworks based on your unique requirements, industry standards, and regulatory obligations and achieve your compliance goals. Map our pre-built controls and tests to your custom frameworks using our control library and test library to save time on evidence collection and control monitoring.

iso-9001

ISO 9001

ISO 9001 is an international standard built to provide a structured framework for organizations to establish and maintain a Quality Management System (QMS).

stream

“Secureframe was instrumental in helping us get SOC 2 and ISO 27001 certified. We always felt like we were talking to experts in the field. Compared to other competitors, choosing Secureframe is a no brainer.”

Tommaso BarbugliCo-Founder and CTO

Secureframe Resources

Explore our blog, hubs, and compliance resources to get insights, curated best practices, and tools that will help you understand and comply with the most rigorous security and privacy standards.

Blog

Blog

Get expert insights, best practices, and the latest news for achieving and maintaining privacy and security compliance.

Compliance Hubs

Compliance Hubs

Find everything you need to know about achieving and maintaining compliance with major security frameworks.

Resource Library

Resource Library

Browse our library of ebooks, policy templates, audit readiness checklists, and more free tools to simplify and streamline compliance.