From ba5ab649d0730a5c9d85b180c93d8b79f65483a8 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Mon, 29 Dec 2025 13:58:54 -0700 Subject: [PATCH 1/3] Add new rows and links --- .../supported_frameworks.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 14eeedb6c23..1708947d9c4 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -25,7 +25,11 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|--------------------------------|-------------------------------------|--------------------------| | [AICPA SOC 2][7] | | `soc-2` | Cloud | +| [Australia APRA CPS 234][39] | 2019 | `cps234` | TBD | +| [Australia ASD Essential 8][40] | 2024 | `essential8` | TBD | | [AWS Foundational Security Best Practices][13] | v1.0.0 | `aws-fsbp` | Cloud | +| [Brazil LGPD][44] | 2018 | `lgpd` | TBD | +| [California CCPA/CPRA][38] | Nov 2022 | `ccpa` | TBD | | [CIS AlmaLinux 9][16] | v2.0.0 | `cis-almalinux9` | Infrastructure | | [CIS Amazon Linux 2023][25] | v1.0.0 | `cis-al2023` | Infrastructure | | [CIS Amazon Linux 2][25] | v3.0.0 | `cis-amzn2` | Infrastructure | @@ -43,9 +47,13 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | [CIS Ubuntu 20.04][23] | v1.0.0 | `cis-ubuntu2004` | Infrastructure | | [CIS Ubuntu 22.04][23] | v2.0.0 | `cis-ubuntu2204` | Infrastructure | | [CIS Ubuntu 24.04][23] | v1.0.0 | `cis-ubuntu2404` | Infrastructure | +| [CMMC][37] | v2.0 | `cmmc-level-2` | TBD | | [Digital Operational Resilience Act (DORA)][35] | C(2024) 1532 | `dora` | Cloud | | [Essential Cloud Security Controls][33] | v2 | `essential-cloud-security-controls` | Cloud | +| [EU Cyber Resilience Act][43] | 2024 | `cyber-resilience-act` | TBD | | [FedRAMP High][36] (Preview) | v5 | `fedramp-high` | Cloud | +| [FedRAMP Moderate][36] (Preview) | v5 | `fedramp-moderate` | Cloud | +| [FedRAMP Low][36] (Preview) | v5 | `fedramp-low` | Cloud | | [GDPR][10] | | `gdpr` | Cloud | | [HIPAA][9] | | `hipaa` | Cloud | | [ISO/IEC 27001][8] | 2022, 2013 | `iso-27001` | Cloud | @@ -55,6 +63,8 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | [NIST AI Risk Management Framework][15] | v1.0 | `nist-ai-rmf` | Cloud | | [NIST Cybersecurity Framework][32] | v2.0, v1.1 | `nist-csf` | Cloud | | [PCI DSS][6] | v4.0 | `pci-dss` | Cloud | +| [UK Cyber Essentials][42] | 2024 | `cyber-essentials` | TBD | +| [Singapore MAS TRM][41] | 2021 | `mas-trm` | TBD | *To pass the Monitoring Section of the [CIS AWS Foundations benchmark][2], you **must** enable [Cloud SIEM][11] and forward [CloudTrail logs to Datadog][12]. @@ -97,3 +107,11 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl [34]: https://www.cisecurity.org/benchmark/kubernetes [35]: https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en [36]: https://www.fedramp.gov/ +[37]: https://dowcio.war.gov/CMMC/About/ +[38]: https://oag.ca.gov/privacy/ccpa +[39]: https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf +[40]: https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/essential-eight +[41]: https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines +[42]: https://www.ncsc.gov.uk/cyberessentials/overview +[43]: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act +[44]: https://www.gov.br/anpd/pt-br/centrais-de-conteudo/outros-documentos-e-publicacoes-institucionais/lgpd-en-lei-no-13-709-capa.pdf \ No newline at end of file From c0bcf9f94d5ba8163461681b9102bbdf1fb06de0 Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Mon, 29 Dec 2025 14:20:51 -0700 Subject: [PATCH 2/3] Add versions from UI --- .../frameworks_and_benchmarks/supported_frameworks.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index 1708947d9c4..c3619aec612 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -24,7 +24,7 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|--------------------------------|-------------------------------------|--------------------------| -| [AICPA SOC 2][7] | | `soc-2` | Cloud | +| [AICPA SOC 2][7] | 2017 TSC w/ rev POF - 2022 | `soc-2` | Cloud | | [Australia APRA CPS 234][39] | 2019 | `cps234` | TBD | | [Australia ASD Essential 8][40] | 2024 | `essential8` | TBD | | [AWS Foundational Security Best Practices][13] | v1.0.0 | `aws-fsbp` | Cloud | @@ -54,8 +54,8 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | [FedRAMP High][36] (Preview) | v5 | `fedramp-high` | Cloud | | [FedRAMP Moderate][36] (Preview) | v5 | `fedramp-moderate` | Cloud | | [FedRAMP Low][36] (Preview) | v5 | `fedramp-low` | Cloud | -| [GDPR][10] | | `gdpr` | Cloud | -| [HIPAA][9] | | `hipaa` | Cloud | +| [GDPR][10] | 2016/679 | `gdpr` | Cloud | +| [HIPAA][9] | 800-66-r2 | `hipaa` | Cloud | | [ISO/IEC 27001][8] | 2022, 2013 | `iso-27001` | Cloud | | [NIS2 Directive (EU)][14] | 2022/2555 | `nis2` | Cloud | | [NIST 800-171][31] | v2 | `nist-800-171` | Cloud | From 6d7da06fd7dc1877b14bfb6629d20cd7e509973b Mon Sep 17 00:00:00 2001 From: Janine Chan <64388808+janine-c@users.noreply.github.com> Date: Tue, 30 Dec 2025 10:15:34 -0700 Subject: [PATCH 3/3] Update framework types --- .../supported_frameworks.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md index c3619aec612..47d03fdd0de 100644 --- a/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md +++ b/content/en/security/cloud_security_management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md @@ -25,11 +25,11 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | Framework | Supported Versions | Framework Tag | Rule Type | |-------------------------------------------------|--------------------------------|-------------------------------------|--------------------------| | [AICPA SOC 2][7] | 2017 TSC w/ rev POF - 2022 | `soc-2` | Cloud | -| [Australia APRA CPS 234][39] | 2019 | `cps234` | TBD | -| [Australia ASD Essential 8][40] | 2024 | `essential8` | TBD | +| [Australia APRA CPS 234][39] | 2019 | `cps234` | Cloud | +| [Australia ASD Essential 8][40] | 2024 | `essential8` | Cloud | | [AWS Foundational Security Best Practices][13] | v1.0.0 | `aws-fsbp` | Cloud | -| [Brazil LGPD][44] | 2018 | `lgpd` | TBD | -| [California CCPA/CPRA][38] | Nov 2022 | `ccpa` | TBD | +| [Brazil LGPD][44] | 2018 | `lgpd` | Cloud | +| [California CCPA/CPRA][38] | Nov 2022 | `ccpa` | Cloud | | [CIS AlmaLinux 9][16] | v2.0.0 | `cis-almalinux9` | Infrastructure | | [CIS Amazon Linux 2023][25] | v1.0.0 | `cis-al2023` | Infrastructure | | [CIS Amazon Linux 2][25] | v3.0.0 | `cis-amzn2` | Infrastructure | @@ -47,10 +47,10 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | [CIS Ubuntu 20.04][23] | v1.0.0 | `cis-ubuntu2004` | Infrastructure | | [CIS Ubuntu 22.04][23] | v2.0.0 | `cis-ubuntu2204` | Infrastructure | | [CIS Ubuntu 24.04][23] | v1.0.0 | `cis-ubuntu2404` | Infrastructure | -| [CMMC][37] | v2.0 | `cmmc-level-2` | TBD | +| [CMMC][37] | v2.0 | `cmmc-level-2` | Cloud | | [Digital Operational Resilience Act (DORA)][35] | C(2024) 1532 | `dora` | Cloud | | [Essential Cloud Security Controls][33] | v2 | `essential-cloud-security-controls` | Cloud | -| [EU Cyber Resilience Act][43] | 2024 | `cyber-resilience-act` | TBD | +| [EU Cyber Resilience Act][43] | 2024 | `cyber-resilience-act` | Cloud | | [FedRAMP High][36] (Preview) | v5 | `fedramp-high` | Cloud | | [FedRAMP Moderate][36] (Preview) | v5 | `fedramp-moderate` | Cloud | | [FedRAMP Low][36] (Preview) | v5 | `fedramp-low` | Cloud | @@ -63,8 +63,8 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl | [NIST AI Risk Management Framework][15] | v1.0 | `nist-ai-rmf` | Cloud | | [NIST Cybersecurity Framework][32] | v2.0, v1.1 | `nist-csf` | Cloud | | [PCI DSS][6] | v4.0 | `pci-dss` | Cloud | -| [UK Cyber Essentials][42] | 2024 | `cyber-essentials` | TBD | -| [Singapore MAS TRM][41] | 2021 | `mas-trm` | TBD | +| [UK Cyber Essentials][42] | 2024 | `cyber-essentials` | Cloud | +| [Singapore MAS TRM][41] | 2021 | `mas-trm` | Cloud | *To pass the Monitoring Section of the [CIS AWS Foundations benchmark][2], you **must** enable [Cloud SIEM][11] and forward [CloudTrail logs to Datadog][12].