Find the frameworks that apply to you
Identify the compliance frameworks applicable to your organization in 60 seconds.
Answer 4 questions to get your personalized recommendations.
Your industry?
Framework combinations tailored to your regional and sector challenges.
EU Pack
4 frameworksNIS2 + DORA + GDPR + EU AI Act
~300 articlesMorocco Pack
4 frameworksDNSSI v2 + Law 05-20 + ISO 27001 + DGSSI Approval
~350 requirementsFinance Pack
4 frameworksPCI DSS + SOC 2 + DORA + SWIFT CSP
~400 controlsFull Catalog
Browse all 35 frameworks natively supported by Zaxyr.
ISO 27001:2022
ISO/IEC
93 controlsInformation security management system. Requirements and Annex A controls.
View detailsISO 27002:2022
ISO/IEC
93 controlsBest practices for information security controls. Detailed implémentation guide.
View detailsISO 27005
ISO/IEC
12 clausesInformation security risk management. Risk analysis methodology.
View detailsISO 22301
ISO/IEC
10 clausesBusiness continuity management system. BCP/DRP requirements.
View detailsSOC 2 Type II
AICPA
5 criteriaTrust Services Criteria: security, availability, integrity, confidentiality, privacy.
View detailsNIST CSF 2.0
NIST
6 functionsNIST cybersecurity framework. Govern, Identify, Protect, Detect, Respond, Recover.
View detailsNIST 800-53
NIST
1000+ controlsSecurity and privacy controls catalog for federal information systems.
View detailsPCI DSS v4.0
PCI SSC
12 requirementsPayment card industry data security standard.
View detailsEBIOS RM
ANSSI
5 workshopsANSSI risk analysis methodology. Threat scenario approach.
View detailsLooking for a personalized recommendation?
CIS Controls v8
CIS
18 controls18 prioritized critical security controls. Universal defensive best practices.
View detailsCOBIT
ISACA
40 objectivesISACA IT governance and management framework for the enterprise.
View detailsSWIFT CSP
SWIFT
32 controlsCustomer Security Programme. Mandatory security controls for the SWIFT network.
View detailsHIPAA
HHS
18 standardsHealth Insurance Portability and Accountability Act. Health data protection.
View detailsMITRE ATT&CK
MITRE
200+ techniquesKnowledge base of adversary tactics and techniques observed in the real world.
View detailsNIS2
EU
46 articlesEU directive on network and information systems security. Extended obligations for essential entities.
View detailsDORA
EU
64 articlesDigital Operational Resilience Act. Digital resilience for the European financial sector.
View detailsRGPD / GDPR
EU
99 articlesGeneral Data Protection Regulation. Individual rights and controller obligations.
View detailsEU AI Act
EU
113 articlesEU regulation on artificial intelligence. Risk classification and category-based obligations.
View detailsLooking for a personalized recommendation?
Cyber Resilience Act
EU
71 articlesCybersecurity requirements for products with digital elements. Manufacturer and importer obligations.
View detailseIDAS 2.0
EU
50+ articlesElectronic identification and trust services for transactions within the internal market.
View detailsCyber Essentials
NCSC UK
5 controlsUK basic certification scheme. 5 essential technical cybersecurity controls.
View detailsLPM
ANSSI
20 rulesMilitary programming law. Security obligations for operators of vital importance (OIV).
View detailsRGS
ANSSI
14 rulesGeneral Security Framework. Security rules for French administrations and public services.
View detailsDNSSI v2.0
DGSSI
104 requirementsNational Directive on Information System Security. Mandatory requirements in Morocco.
View detailsLoi 05-20
DGSSI
52 articlesMoroccan cybersecurity law. Legal framework for information system protection.
View detailsHomologation DGSSI
DGSSI
4 phasesSecurity approval process for IS in public organizations and critical infrastructure.
View detailsNCA ECC
NCA Saudi
108 controlsEssential Cybersecurity Controls from the Saudi National Cybersecurity Authority.
View detailsLooking for a personalized recommendation?
PDPL Saudi
SDAIA
43 articlesSaudi Personal Data Protection Law (PDPL). Supervised by SDAIA, effective since September 2023.
View detailsPDPPL Qatar
CDA Qatar
72 articlesQatar Personal Data Privacy Protection Law (PDPPL, Law 13/2016). Applicable to any organization processing data in Qatar.
View detailsNESA
NESA UAE
188 controlsNational Electronic Security Authority. UAE electronic security standards.
View detailsNIA Qatar
NCSA
80+ controlsNational Information Assurance Policy (NIA v3). Mandatory security controls for government entities and critical infrastructure in Qatar.
View detailsIEC 62443
IEC
7 requirementsIndustrial control system and SCADA security. Security levels and zones.
View detailsTS 50701
CENELEC
4 levelsRailway cybersecurity. Security levels for signaling and control systems.
View detailsNERC CIP
NERC
11 standardsCritical Infrastructure Protection. Standards for North American electric grids.
View detailsNIST SP 800-82
NIST
6 chaptersGuide to Industrial Control Systems (ICS) security. SCADA and DCS recommendations.
View detailsAutomatic Cross-Mapping
Zaxyr automatically maps controls between frameworks to eliminate duplicates. One implemented control covers multiple requirements simultaneously.
ISO 27001 controls automatically cover NIST, SOC 2, DNSSI
Each control is linked to all applicable frameworks
AI identifies gaps and proposes prioritized action plans