Frameworks

Security framework

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB).

DORA

The Digital Operational Resilience Act (DORA) establishes guidelines for managing and mitigating ICT risks in the financial sector. It ensures financial entities can withstand and recover from cyber threats, emphasizing testing, third-party risk management, and incident reporting.

FedRamp

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment and monitoring for cloud products used by federal agencies. It emphasizes transparency, automation, and continuous monitoring to ensure cloud solutions remain secure.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law designed to safeguard the privacy and security of protected health information (PHI).

HITRUST

The Health Information Trust Alliance (HITRUST) developed the Common Security Framework (CSF) to provide organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.

ISO 27001

ISO 27001 is a globally recognized standard for establishing, implementing, and maintaining an effective Information Security Management System (ISMS).

NIST 800-53

The National Institute of Standards and Technology (NIST) develops comprehensive guidelines and frameworks, including the NIST Cybersecurity Framework (CSF) and NIST 800-53, to enhance cybersecurity and risk management.

NYDFS

The NYDFS Cybersecurity Regulation (23 NYCRR Part 500) sets comprehensive requirements to protect financial institutions and their customers.

PCI

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by major credit card companies to ensure that all entities that process, store, or transmit credit card information maintain a secure environment.

SOC 2

SOC 2 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).

SOX

Trustero AI is the AI for GRC platform that delivers control assurance and always-on monitoring for SOX compliance programs.

SWIFT

SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global financial messaging network. The SWIFT Customer Security Programme (CSP) governs how financial institutions and service providers must protect interactions with the SWIFT network.