>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Home / All Frameworks

All Frameworks & Risk Lists

Complete listing of all security frameworks and risk lists. 20,614 total items across 101 frameworks and 4 risk lists.

U.S. Federal AI & ML Enterprise OWASP Public Domain Proprietary Open License

> Frameworks (101)

v5.2.0 Federal Public Domain 1,196 controls

NIST SP 800-53

Security and Privacy Controls for Information Systems and Organizations

149 Low 287 Moderate 370 High 96 Privacy
v5 Federal Public Domain 410 controls

FedRAMP Rev 5

Federal Risk and Authorization Management Program Security Baselines

156 Low 323 Moderate 410 High 138 LI-SaaS
v0.9.0-beta Federal Public Domain 60 indicators

FedRAMP 20x KSI

Key Security Indicators for FedRAMP 20x authorization

55 Low 60 Moderate
vRev 5 Federal Public Domain 622 controls

DoD SRG

DoD Cloud Computing Security Requirements Guide - FedRAMP+ controls by Impact Level

v4.0.1 Proprietary 204 requirements

PCI DSS

Payment Card Industry Data Security Standard

12 Requirements
v8.1.2 Open License 153 safeguards

CIS Controls

Critical Security Controls for Effective Cyber Defense

56 IG1 130 IG2 153 IG3
v2022 Proprietary 93 controls

ISO 27001

ISO 27001:2022 Annex A control references with NIST CSF 2.0 mappings

4 Themes
v2017 Proprietary 62 criteria

SOC 2

Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

20 Principles
v2.0 Public Domain 106 outcomes

NIST CSF

Cybersecurity Framework 2.0 for improving critical infrastructure security

6 Functions
vV2R4 Federal Public Domain 94 findings

Kubernetes STIG

DoD Security Technical Implementation Guide for Kubernetes container orchestration

9 Components
v1.0 Federal AI Public Domain 72 actions

NIST AI RMF

AI Risk Management Framework Playbook - Suggested actions for trustworthy AI

4 Functions
v2023 AI Proprietary 65 clauses

ISO/IEC 42001

AI Management System - Requirements with guidance for use (placeholder framework)

8 Clauses
v2023 AI Proprietary 28 clauses

ISO/IEC 23894

AI - Guidance on risk management (placeholder framework)

5 Clauses
v2024/1689 AI Public Domain 21 requirements

EU AI Act

European Union Artificial Intelligence Act - Risk-based regulatory framework for AI systems

8 Chapters
v2014 Federal Open License 922 controls

ITSG-33

IT Security Risk Management - Canadian Government Security Control Catalogue

v1.1 Federal Public Domain 42 tasks

NIST SSDF

Secure Software Development Framework - Practices for integrating security into SDLC

4 Groups
vRev 2 Federal Public Domain 110 requirements

NIST SP 800-171

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

14 Families
v2.0 Federal Public Domain 110 practices

CMMC

Cybersecurity Maturity Model Certification for DoD contractors

14 Domains
v5 Open License 317 controls

Adobe CCF

Adobe Common Controls Framework - Open-source unified control framework mapping to 20+ compliance standards

25 Domains
v3.2 Open License 30 requirements

Cyber Essentials

UK NCSC Cyber Essentials certification - 5 technical controls to protect against common cyber attacks

5 Controls
v2020 Open License 121 criteria

BSI C5

Cloud Computing Compliance Criteria Catalogue - German Federal Office for Information Security

17 Areas
v2.0 Public Domain 223 controls

TX-RAMP

Texas Risk and Authorization Management Program - Security assessment and certification for cloud computing services used by Texas state agencies

17 Families
v2025.4 Open License 1,451 controls

SCF

Secure Controls Framework - A comprehensive meta-framework harmonizing 100+ security standards

33 Domains
v2024 Public Domain 131 requirements

HIPAA Security Rule

Health Insurance Portability and Accountability Act - Security safeguards for electronic protected health information (ePHI)

6 Sections
v2016/679 Public Domain 499 articles

GDPR

General Data Protection Regulation - EU regulation on data protection and privacy

12 Chapters
v2022/2555 Public Domain 473 requirements

NIS2 Directive

Network and Information Security Directive 2 - EU cybersecurity legislation

2 Chapters
v2026 Public Domain 825 requirements

CCPA

California Consumer Privacy Act - California state privacy regulation

11 Articles
v10.171 382 controls

Canada ITSP 10.171

Canadian IT Security Publication

1 Categories
v2022 81 controls

OSFI B-13

Canadian OSFI Technology and Cyber Risk Management

4 Categories
v2024 24 controls

Australia Essential Eight

Australian Essential Eight Maturity Model

3 Strategies
vJune 2024 912 controls

Australia ISM

Australian Information Security Manual

1 Categories
v2017 93 requirements

China Cybersecurity Law

Chinese Cybersecurity Law

1 Chapters
v2023 292 requirements

India DPDPA

India Digital Personal Data Protection Act

292 Chapters
v2024 129 controls

India SEBI Guidelines

SEBI Cybersecurity Guidelines

7 Categories
v2025 239 controls

New Zealand HISF

New Zealand Health Information Security Framework

239 Domains
v2025 69 controls

New Zealand HISF Suppliers

NZ HISF Supplier Requirements

69 Domains
v2024 AI 973 requirements

EU AI Act (Detailed)

EU AI Act Detailed Requirements

94 Articles
v2024 337 requirements

EU Cyber Resilience Act

EU Cyber Resilience Act

43 Articles
v2024 156 requirements

EU CRA Annexes

EU Cyber Resilience Act Annexes

11 Annexs
v2022 311 requirements

EU DORA

Digital Operational Resilience Act

24 Chapters
v2024 108 controls

Saudi Arabia IoT Guidelines

Saudi Arabia IoT Cybersecurity Guidelines

4 Categories
v2024 139 requirements

Saudi Arabia PDPL

Saudi Arabia Personal Data Protection Law

26 Chapters
v2022 175 controls

Spain ENS

Spanish National Security Scheme

28 Categories
v2024 16 controls

UAE NIAF

UAE National Information Assurance Framework

1 Domains
v4.0 66 controls

UK CAF

UK Cyber Assessment Framework

14 Objectives
v2024 147 controls

UK DEF STAN 05-138

UK Defence Standard 05-138

147 Categories
v2017 400 criteria

SOC 2 TSC (Detailed)

SOC 2 Trust Services Criteria Detailed

20 Principles
v2015 31 principles

APEC Privacy Framework

APEC Privacy Framework

24 Categories
v8.1 166 safeguards

CIS Controls v8.1 (Detailed)

CIS Controls Detailed Safeguards

18 Controls
vRev 5 Federal Open License 419 controls

GovRAMP

Government Risk and Authorization Management Program - Security Baselines for State and Local Government Cloud Services

133 Low 283 Moderate High
v2024 43 requirements

IEC TR 60601-4-5

Medical Device Security

28 Categories
v2024 37 requirements

IMO Maritime Cyber Risk

IMO Maritime Cyber Risk Management

1 Elements
v2022 161 controls

ISO 27001:2022 (Detailed)

ISO 27001 Detailed Controls

10 Themes
v2022 99 controls

ISO 27002:2022

ISO 27002 Security Controls

8 Themes
v2025 104 controls

ISO 27701

ISO Privacy Information Management

11 Clauses
v2024 11 principles

ISO 29100

ISO Privacy Framework

1 Categories
v2023 AI 155 controls

ISO 42001:2023 (Detailed)

ISO AI Management System Detailed

11 Clauses
v2024 126 requirements

NAIC Model Law 668

NAIC Insurance Data Security Model Law

13 Sections
vRev 1 Federal 307 controls

NIST SP 800-161

Supply Chain Risk Management

20 Families
vRev 3 Federal 382 requirements

NIST SP 800-171 Rev 3

CUI Protection Requirements Rev 3

17 Families
vRev 3 Federal 638 requirements

NIST SP 800-171A Rev 3

Assessing CUI Security Rev 3

17 Families
vRev 2 Federal 407 requirements

NIST SP 800-171A

Assessing CUI Security Requirements

14 Families
v2021 Federal 35 requirements

NIST SP 800-172

Enhanced Security for CUI

10 Families
v2020 Federal 7 requirements

NIST SP 800-207 Zero Trust

Zero Trust Architecture

1 Tenets
v1.1 Federal 60 practices

NIST SP 800-218 SSDF

Secure Software Development Framework

4 Groups
v1.0 Federal AI 261 requirements

NIST AI 600-1

Artificial Intelligence Risk Management

19 Functions
v2013 18 principles

OECD Privacy Principles

OECD Privacy Guidelines

18 Categories
v2024 91 requirements

SPARTA

Space Cybersecurity Standards

91 Categories
v6.0.3 113 requirements

TISAX

Trusted Information Security Assessment Exchange

9 Modules
v2024 83 principles

Data Privacy Management Principles

Data Privacy Management Principles

11 Categories
v2024 Federal 59 requirements

45 CFR 155.260

CMS Privacy and Security Standards

1 Sections
v5.9.3 Federal 232 requirements

FBI CJIS

Criminal Justice Information Services Security Policy

10 Policy Areas
v2023 Federal 214 principles

US Data Privacy Framework

US-EU Data Privacy Framework

3 Categories
v3.0 Federal 117 capabilities

DHS TIC 3.0

Trusted Internet Connections

2 Use Cases
v2024 Federal 38 goals

CISA CPG

Cross-Sector Cybersecurity Performance Goals

5 Categories
v2024 Federal 15 requirements

CISA SSDAF

Secure Software Development Attestation Form

4 Sections
v2.0 Federal 16 practices

CMMC 2.0 Level 1

Cybersecurity Maturity Model Certification Level 1

7 Domains
v2.0 Federal 59 objectives

CMMC 2.0 Level 1 AOS

CMMC Level 1 Assessment Objectives

6 Domains
v2024 Federal 202 activities

DoD Zero Trust Roadmap

DoD Zero Trust Strategy Roadmap

7 Pillars
v2.0 Federal 58 capabilities

DoD ZTA Reference Architecture

DoD Zero Trust Reference Architecture

8 Pillars
v2021 Federal 16 requirements

Executive Order 14028

Improving the Nations Cybersecurity

16 Sections
v2024 Federal 38 requirements

FCA CRM

Farm Credit Administration Cyber Risk Management

1 Sections
v2024 Federal 8 principles

FIPPs

Fair Information Practice Principles

8 Categories
v2024 Federal 57 requirements

GLBA (16 CFR 314)

Gramm-Leach-Bliley Act Safeguards Rule

1 Sections
v2013 Federal 1,114 requirements

HIPAA Simplification 2013

HIPAA Administrative Simplification

1 Subparts
v2024 Federal 249 requirements

NERC CIP

Critical Infrastructure Protection Standards

49 Standards
v2023 Federal 17 requirements

SEC Cybersecurity Rule

SEC Cybersecurity Risk Management Rule

2 Sections
v2024 13 requirements

Nevada Regulation 5

Nevada Insurance Cybersecurity Regulation

1 Sections
vAmendment 2 228 requirements

NY DFS 23 NYCRR 500

NY Department of Financial Services Cybersecurity Regulation

1 Sections
v2024 165 requirements

Oregon CPA

Oregon Consumer Privacy Act

1 Sections
v2024 88 requirements

Tennessee IPA

Tennessee Information Protection Act

1 Sections
v2024 175 requirements

Texas CDPA

Texas Data Privacy and Security Act

1 Sections
v2024 43 requirements

Texas SB 2610

Texas Cybersecurity Requirements

1 Sections
v2024 103 requirements

Virginia CDPA

Virginia Consumer Data Protection Act

1 Sections
vTBD Proprietary 1 controls

Unified Compliance

The "Rosetta Stone" of compliance - harmonizes hundreds of regulatory requirements into a unified control framework

1 Domains
vTBD Proprietary 1 controls

HITRUST CSF

Health Information Trust Alliance Common Security Framework - comprehensive framework mapping to HIPAA, PCI, NIST, and more

1 Domains
vTBD Open License 1 controls

CSA CCM

Cloud Security Alliance Cloud Controls Matrix - cloud security meta-framework with mappings to major standards

1 Domains
vTBD Proprietary 1 objectives

COBIT

ISACA Control Objectives for Information Technologies - IT governance framework with extensive cross-mappings

1 Domains
vTBD Open License 1 classes

OCSF

Open Cybersecurity Schema Framework - open standard for security data normalization across tools and vendors

1 Categories
vTBD Open License 1 factors

FAIR

Factor Analysis of Information Risk - quantitative risk analysis framework for measuring and managing cyber risk

1 Stages
vTBD Open License 1 techniques

MITRE ATT&CK

Adversarial Tactics, Techniques & Common Knowledge - attack taxonomy that maps across security frameworks

1 Tactics

> Risk Lists (4)

v2.0 AI Public Domain 10 risks

OWASP Top 10 for LLMs

Security risks for Large Language Model applications

10 Risk Categories
v2025 Web Public Domain 10 risks

OWASP Top 10

The OWASP Top 10 is a standard awareness document for web application security risks

10 Risk Categories
v2023 API Public Domain 10 risks

OWASP API Security Top 10

The OWASP API Security Top 10 represents the most critical security risks to APIs

8 Risk Categories
v2024 Mobile Public Domain 10 risks

OWASP Mobile Top 10

The OWASP Mobile Top 10 represents the most critical security risks to mobile applications

10 Risk Categories