Skip to content

Add new security compliance frameworks #33608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
janine-c wants to merge 3 commits into
base: master
Choose a base branch
from
+21 −3
Open

Add new security compliance frameworks #33608

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ba5ab64
Add new rows and links
janine-c Dec 29, 2025
c0bcf9f
Add versions from UI
janine-c Dec 29, 2025
6d7da06
Update framework types
janine-c Dec 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 21 additions & 3 deletions ..._management/misconfigurations/frameworks_and_benchmarks/supported_frameworks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,12 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl

| Framework | Supported Versions | Framework Tag | Rule Type |
|-------------------------------------------------|--------------------------------|-------------------------------------|--------------------------|
| [AICPA SOC 2][7] | | `soc-2` | Cloud |
| [AICPA SOC 2][7] | 2017 TSC w/ rev POF - 2022 | `soc-2` | Cloud |
| [Australia APRA CPS 234][39] | 2019 | `cps234` | Cloud |
| [Australia ASD Essential 8][40] | 2024 | `essential8` | Cloud |
| [AWS Foundational Security Best Practices][13] | v1.0.0 | `aws-fsbp` | Cloud |
| [Brazil LGPD][44] | 2018 | `lgpd` | Cloud |
| [California CCPA/CPRA][38] | Nov 2022 | `ccpa` | Cloud |
| [CIS AlmaLinux 9][16] | v2.0.0 | `cis-almalinux9` | Infrastructure |
| [CIS Amazon Linux 2023][25] | v1.0.0 | `cis-al2023` | Infrastructure |
| [CIS Amazon Linux 2][25] | v3.0.0 | `cis-amzn2` | Infrastructure |
Expand All @@ -43,18 +47,24 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl
| [CIS Ubuntu 20.04][23] | v1.0.0 | `cis-ubuntu2004` | Infrastructure |
| [CIS Ubuntu 22.04][23] | v2.0.0 | `cis-ubuntu2204` | Infrastructure |
| [CIS Ubuntu 24.04][23] | v1.0.0 | `cis-ubuntu2404` | Infrastructure |
| [CMMC][37] | v2.0 | `cmmc-level-2` | Cloud |
| [Digital Operational Resilience Act (DORA)][35] | C(2024) 1532 | `dora` | Cloud |
| [Essential Cloud Security Controls][33] | v2 | `essential-cloud-security-controls` | Cloud |
| [EU Cyber Resilience Act][43] | 2024 | `cyber-resilience-act` | Cloud |
| [FedRAMP High][36] (Preview) | v5 | `fedramp-high` | Cloud |
| [GDPR][10] | | `gdpr` | Cloud |
| [HIPAA][9] | | `hipaa` | Cloud |
| [FedRAMP Moderate][36] (Preview) | v5 | `fedramp-moderate` | Cloud |
| [FedRAMP Low][36] (Preview) | v5 | `fedramp-low` | Cloud |
| [GDPR][10] | 2016/679 | `gdpr` | Cloud |
| [HIPAA][9] | 800-66-r2 | `hipaa` | Cloud |
| [ISO/IEC 27001][8] | 2022, 2013 | `iso-27001` | Cloud |
| [NIS2 Directive (EU)][14] | 2022/2555 | `nis2` | Cloud |
| [NIST 800-171][31] | v2 | `nist-800-171` | Cloud |
| [NIST 800-53][30] | v5 | `nist-800-53` | Cloud |
| [NIST AI Risk Management Framework][15] | v1.0 | `nist-ai-rmf` | Cloud |
| [NIST Cybersecurity Framework][32] | v2.0, v1.1 | `nist-csf` | Cloud |
| [PCI DSS][6] | v4.0 | `pci-dss` | Cloud |
| [UK Cyber Essentials][42] | 2024 | `cyber-essentials` | Cloud |
| [Singapore MAS TRM][41] | 2021 | `mas-trm` | Cloud |

*To pass the Monitoring Section of the [CIS AWS Foundations benchmark][2], you **must** enable [Cloud SIEM][11] and forward [CloudTrail logs to Datadog][12].

Expand Down Expand Up @@ -97,3 +107,11 @@ Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compl
[34]: https://www.cisecurity.org/benchmark/kubernetes
[35]: https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
[36]: https://www.fedramp.gov/
[37]: https://dowcio.war.gov/CMMC/About/
[38]: https://oag.ca.gov/privacy/ccpa
[39]: https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf
[40]: https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/essential-eight
[41]: https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines
[42]: https://www.ncsc.gov.uk/cyberessentials/overview
[43]: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
[44]: https://www.gov.br/anpd/pt-br/centrais-de-conteudo/outros-documentos-e-publicacoes-institucionais/lgpd-en-lei-no-13-709-capa.pdf
Loading