Compliance
Ensure compliance with applicable cybersecurity requirements.
8 of 9 frameworks cover this control
Framework Mappings
How Compliance maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | GV.OC-02 |
| ISO 27001 | Covered | A.5.31 A.5.36 |
| CIS v8 | Not Covered | — |
| SOC 2 | Covered | CC2.1 CC4.1 CC4.2 |
| PCI DSS | Covered | 12.1.1 12.4.2 12.8.5 |
| CMMC | Covered | CA.L2-3.12.1 |
| 800-53 | Covered | CA-2 CA-7 PM-4 |
| HIPAA | Covered | §164.308(a)(8) §164.316(b)(1) |
| GDPR | Covered | Art.5(2) Art.58(1) Art.83(1) |
About Compliance
Compliance is a cybersecurity control in the Govern domain. Ensure compliance with applicable cybersecurity requirements. Compliance management involves identifying all applicable legal, regulatory, contractual, and industry-specific cybersecurity requirements and implementing controls to satisfy them. This includes tracking obligations under frameworks like GDPR, HIPAA, PCI DSS, and SOX, maintaining evidence of compliance through documentation and audit trails, and conducting periodic internal audits or gap assessments. A mature compliance program shifts from reactive checkbox exercises to proactive integration of regulatory requirements into everyday security operations.
This control is recognized by 8 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It is not covered by CIS v8, representing a potential gap for organizations relying solely on that framework.