Every framework you need. One workspace.
Asurvo ships prebuilt coverage for 16 frameworks, all live today — with one-to-many control mapping so you don't re-do work.
ISO 27001
The international standard for information security management systems.
SOC 2
The de facto standard for SaaS companies serving North American enterprises.
NIST CSF
A voluntary framework for reducing cybersecurity risk across any organization.
HIPAA
US regulation for the protection of health information.
GDPR
The EU regulation governing data protection and privacy for individuals in the EU and EEA.
PCI DSS
The security standard for organizations that handle branded payment cards.
NIST 800-53
The federal catalog of security and privacy controls for information systems.
NIST 800-171
Security requirements for protecting Controlled Unclassified Information (CUI).
CMMC 2.0
The DoD certification framework for protecting sensitive unclassified information.
CIS Controls
A prioritized set of defensive actions to stop the most common attacks.
ISO 27701
The standard for a Privacy Information Management System (PIMS).
CCPA/CPRA
California's consumer privacy law and its CPRA amendments.
CSA CCM
The cybersecurity control framework purpose-built for cloud computing.
HITRUST
A certifiable framework that harmonizes healthcare and security standards.
NESA IA
The UAE national standard for information assurance across critical entities.
SAMA CSF
The Saudi Central Bank framework for cyber security in financial institutions.
Need a framework we don't list?
Asurvo supports custom frameworks and internal control libraries out of the box. Tell us what you need.