ControlMap

SOC 2 Type II

SOC 2 is an auditing framework developed by the AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II reports assess the operational effectiveness of these controls over a period of time.

100%
Coverage
49
Controls Covered
0
Gaps
49
Total Controls

Covered Controls

Controls that have explicit mappings to SOC 2 requirements.

Govern (6 controls)

Gp Governance Policy
CC1.1, CC1.2, CC1.3
 Rm Risk Management
CC3.1, CC3.2, CC3.3
 Sc Supply Chain Risk
CC9.2
 Rr Roles & Responsibilities
CC1.3, CC1.4
 Cm Compliance
CC2.1, CC4.1, CC4.2
 Vr Vendor Risk Mgmt
CC9.2, CC3.2

Identify (6 controls)

Am Asset Management
CC6.1
 Ra Risk Assessment
CC3.2, CC3.4
 Be Business Environment
CC1.1, CC1.2
 Da Data Classification
CC6.1, CC6.5
 Vn Vulnerability Mgmt
CC7.1
 Ti Threat Intelligence
CC7.2

Protect (21 controls)

Aw Awareness & Training
CC1.4, CC2.2
 Ac Access Control
CC6.1, CC6.2, CC6.3
 Mf Multi-Factor Auth
CC6.1
 En Encryption
CC6.1, CC6.7
 Dp Data Protection
CC6.1, CC6.5, CC6.7
 Bk Backup & Recovery
A1.2, CC7.5
 Pa Privileged Access
CC6.1, CC6.2, CC6.3
 Fw Firewall / Net Seg
CC6.1, CC6.6
 Ep Endpoint Protection
CC6.8, CC7.1
 Pm Patch Management
CC7.1
 Cf Secure Config
CC6.1, CC7.1
 Sd Secure Development
CC8.1
 Ml Email Security
CC6.8
 Ws Web Security
CC6.6, CC6.8
 Zt Zero Trust
CC6.1, CC6.3
 Mb Mobile Security
CC6.7
 Cl Cloud Security
CC6.1, CC6.7, CC7.1
 Ds DNS Security
CC6.6
 Wf WAF
CC6.6
 Dl DLP
CC6.5, CC6.7
 Ap API Security
CC6.1, CC6.6, CC8.1

Detect (6 controls)

Sm Cont. Monitoring
CC7.1, CC7.2
 Lg Logging & Audit
CC7.2, CC7.3
 Id Intrusion Detection
CC7.2
 An Anomaly Detection
CC7.2
 Sg SIEM / SOC
CC7.2, CC7.3
 It Insider Threat
CC6.2, CC6.3, CC7.2

Respond (5 controls)

Ir Incident Response
CC7.3, CC7.4, CC7.5
 Fn Forensics
CC7.4
 Co Communication
CC2.3, CC7.4
 Mt Mitigation
CC7.4, CC7.5
 Rp Reporting
CC2.3, CC7.3

Recover (5 controls)

Rc Recovery Planning
A1.2, A1.3
 Bc Business Continuity
A1.1, A1.2, A1.3
 Ll Lessons Learned
CC4.2, CC7.5
 Cr Comms & Restore
CC2.3, A1.2
 Dr Disaster Recovery
A1.2, A1.3

SOC 2 vs Other Frameworks

SOC 2 provides 100% coverage of the 49 cybersecurity controls tracked by ControlMap. NIST CSF 2.0 covers 100%, ISO 27001 covers 100%, CIS v8 covers 90%, PCI DSS covers 100%, CMMC covers 94%, 800-53 covers 100%, HIPAA covers 94%, GDPR covers 96%. For maximum coverage, organizations often combine SOC 2 with complementary frameworks to address gaps in areas like niche domains.

Other Frameworks

NIST CSF 2.0 ISO 27001 CIS v8 PCI DSS CMMC 800-53 HIPAA GDPR
View SOC 2 in Interactive Dashboard