With compliance, there’s no time for the scenic route.

There are thousands of steps between you and your cybersecurity compliance goals. Let ControlMap be your guide.

Features

Cross-mapped frameworks

Why do double, triple, or 25x the work when automation makes it easy? Let ControlMap apply matching evidence to multiple top frameworks:

• SOC 2
• ISO 27001
• NIST CSF

Integrations

Collect evidence and keep it updated without manual checks. Automatically gather and sort the details you need from 40+ integrations including:

• Amazon Web Services (AWS)
• Microsoft 365
• Google Workspace, Cloud, and Drive
• Salesforce

Common assessments

Get to know your clients’ compliance status with this Q&A assessment. You’ll get a single view (and report) to see the status of several key frameworks, including:

• ISO-27001 (2018)
• NIST CSF
• CMMC 2.0
• CIS Controls v8
• HIPAA

Ready-to-use documents and templates

Skip starting from scratch. Access 50+ pre-made policies, procedures, and governance documents. What sort of policies?

• Onboarding and offboarding checklists
• Laptop and endpoint compliance
• Track MFA for high-risk systems
• Vulnerability management policy

SOC 2 Type I & II

The five trust services criteria

Developed by The American Institute of Certified Public Accountants (AICPA), SOC 2 helps organizations safeguard customer data.

It includes five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

ISO 27001 (2022)

Implement and maintain an ISMS

ISO 27001 is the internationally recognized standard for implementing and managing an Information Security Management System (ISMS). Not to be confused with ISO 27701, ISO 27017, or ISO 27018.

This standard is used to pass an audit, guaranteeing that a business’s security protocols are up-to-date.

HIPAA

Securing personal health info

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal standard specifically for protected health information (PHI).

Regulated by the Office for Civil Rights, HIPAA outlines the permissible use and disclosure of PHI in the USA as set forth by HHS guidelines.

GDPR

The European mega-mandate

Working in the EU? You need to know about GDPR. With 99 distinct articles, this set of data protection regulations is one of the world’s most comprehensive frameworks.

It’s designed to give people full control over information associated with them by limiting how organizations can use personal data.

CIS Controls

Cybersecurity best practices

The CIS Critical Security Controls (CIS Controls) are a globally implemented set of best practices used to boost an organization’s cybersecurity.

They’re continually updated as these controls prioritize and simplify the steps needed for a strong cybersecurity defense.

NIST CSF 2.0

The flexible add on

Updated in 2024, the National Institute of Standards and Technology (NIST) Cybersecurity 2.0 Framework is a comprehensive — yet flexible — set of standards, guidelines, and best practices.

It is meant to be implemented alongside existing security processes in any industry.

CMMC 2.0

For defense contractors

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) was introduced to ensure that all defense contractors use security protocols to protect sensitive defense information.

Companies responsible for handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) must meet the CMMC requirements to remain compliant.

FTC Safeguards Rule

Rules for financial institutions

The FTC Safeguards Rule ensures that entities covered by the Rule maintain safeguards to protect customer information.

It applies to financial institutions subject to the FTC’s jurisdiction that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805.