Get compliant with multiple frameworks simultaneously. Reduce repetitive effort to map controls with Unified Controls Framework (UCF™)
Trusted by 1000+ customers

All frameworks available on SmartGRC™

  • All

  • Security

    SOC2

    SOC 2

    Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
    PCI

    PCI DSS V 4.0

    Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
    ISO

    ISO 27001:2022

    Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
    DORA

    DORA

    Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
    ISO

    ISO 27001:2013

    Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
    NIS

    NIS 2 Directive

    EU directive enhancing the security of network and information systems across member states.
    NIST CSF v1.1

    NIST CSF v1.1

    Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
    NIST CSF v1.1

    NIST CSF 2.0

    Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
    NIST CSF v1.1

    CSA STAR

    Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
    ISO

    ISO 9001:2015

    Sets standards for a quality management system to ensure consistent quality of products and services.
    ISO

    ISO 2000-1:2018

    Sets standards for an organization to  establish, implement, maintain and continually improve a service management system (SMS).
    NYDFC

    NYDFS 23 NYCRR 500

    Requires financial institutions to implement robust cybersecurity programs to protect customer information.
    MAS-TRM

    MAS TRM 2021

    Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
    ISR-V2

    ISR V2

    Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
    NYDFC

    NYDFS NCRR 500

    Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
    RBI

    RBI CSF

    Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
    RBI

    RBI PA/PG

    Sets security requirements and operational standards for entities facilitating online payments.
    ISO

    ISO 27017:2015

    Provides guidelines for information security controls applicable to the provision and use of cloud services.
    SAMA

    SAMA Minimum Verification Controls

    Baseline cybersecurity controls required for financial institutions in Saudi Arabia
    TISAX

    TISAX V5.1

    Trusted Information Security Assessment Exchange standard for information security in the automotive industry.

    Privacy

    GDPR

    GDPR

    European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
    ISO-27001-data

    ISO 27701

    Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
    HIPAA

    HIPAA

    Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
    CCPA

    CCPA

    California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
    PIPEDA

    PIPEDA

    Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
    PDPA

    PDPA Singapore

    Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
    NIST

    NIST 800-171A

    Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
    NIST

    NIST 800-171 Revision 2

    Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
    NIST

    NIST 800-53 Revision 5

    Provides a catalog of security and privacy controls for federal information systems and organizations.
    RBI

    RBI DPSC

    Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
    DPDPA

    DPDPA

    Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.

    Other

    Custom-Frameworks

    Custom Frameworks

    Use Scrut SmartGRC™  to create custom frameworks to meet your unique compliance requirements.
    NIST

    NIST AI RMF

    Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
    ISO 42001:2023

    ISO 42001:2023

    Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
    CIS

    CIS

    Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
    ISO

    ISO 22301:2019 BCMS

    Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
    ISO

    ISO 13485:2016

    Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
    NCA

    Essential Cybersecurity Controls

    Basic measures to protect IT systems and data against common cyber threats.
    CMMC

    CMMC 2.0 Level 1

    Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
    CMMC

    CMMC 2.0 Level 2

    Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
    PDPL

    Saudi Arabia PDPL

    Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
    SAMA Cyber Resilience Fundamentals

    SAMA Cyber Resilience Fundamentals

    Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
    ISO

    ISO 27018:2019

    Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management
  • Security

  • Security

    SOC2

    SOC 2

    Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
    PCI

    PCI DSS V 4.0

    Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
    ISO

    ISO 27001:2022

    Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
    DORA

    DORA

    Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
    ISO

    ISO 27001:2013

    Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
    NIS

    NIS 2 Directive

    EU directive enhancing the security of network and information systems across member states.
    NIST CSF v1.1

    NIST CSF v1.1

    Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
    NIST CSF v1.1

    NIST CSF 2.0

    Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
    NIST CSF v1.1

    CSA STAR

    Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
    ISO

    ISO 9001:2015

    Sets standards for a quality management system to ensure consistent quality of products and services.
    ISO

    ISO 2000-1:2018

    Sets standards for an organization to  establish, implement, maintain and continually improve a service management system (SMS).
    NYDFC

    NYDFS 23 NYCRR 500

    Requires financial institutions to implement robust cybersecurity programs to protect customer information.
    MAS-TRM

    MAS TRM 2021

    Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
    ISR-V2

    ISR V2

    Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
    NYDFC

    NYDFS NCRR 500

    Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
    RBI

    RBI CSF

    Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
    RBI

    RBI PA/PG

    Sets security requirements and operational standards for entities facilitating online payments.
    ISO

    ISO 27017:2015

    Provides guidelines for information security controls applicable to the provision and use of cloud services.
    SAMA

    SAMA Minimum Verification Controls

    Baseline cybersecurity controls required for financial institutions in Saudi Arabia
    TISAX

    TISAX V5.1

    Trusted Information Security Assessment Exchange standard for information security in the automotive industry.
  • Privacy

  • Privacy

    GDPR

    GDPR

    European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
    ISO-27001-data

    ISO 27701

    Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
    HIPAA

    HIPAA

    Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
    CCPA

    CCPA

    California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
    PIPEDA

    PIPEDA

    Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
    PDPA

    PDPA Singapore

    Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
    NIST

    NIST 800-171A

    Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
    NIST

    NIST 800-171 Revision 2

    Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
    NIST

    NIST 800-53 Revision 5

    Provides a catalog of security and privacy controls for federal information systems and organizations.
    RBI

    RBI DPSC

    Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
    DPDPA

    DPDPA

    Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.
  • Others

  • Other

    Custom-Frameworks

    Custom Frameworks

    Use Scrut SmartGRC™  to create custom frameworks to meet your unique compliance requirements.
    NIST

    NIST AI RMF

    Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
    ISO 42001:2023

    ISO 42001:2023

    Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
    CIS

    CIS

    Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
    ISO

    ISO 22301:2019 BCMS

    Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
    ISO

    ISO 13485:2016

    Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
    NCA

    Essential Cybersecurity Controls

    Basic measures to protect IT systems and data against common cyber threats.
    CMMC

    CMMC 2.0 Level 1

    Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
    CMMC

    CMMC 2.0 Level 2

    Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
    PDPL

    Saudi Arabia PDPL

    Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
    SAMA Cyber Resilience Fundamentals

    SAMA Cyber Resilience Fundamentals

    Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
    ISO

    ISO 27018:2019

    Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management

Security

SOC2

SOC 2

Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
PCI

PCI DSS V 4.0

Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
ISO

ISO 27001:2022

Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
DORA

DORA

Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
ISO

ISO 27001:2013

Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
NIS

NIS 2 Directive

EU directive enhancing the security of network and information systems across member states.
NIST CSF v1.1

NIST CSF v1.1

Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
NIST CSF v1.1

NIST CSF 2.0

Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
NIST CSF v1.1

CSA STAR

Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
ISO

ISO 9001:2015

Sets standards for a quality management system to ensure consistent quality of products and services.
ISO

ISO 2000-1:2018

Sets standards for an organization to  establish, implement, maintain and continually improve a service management system (SMS).
NYDFC

NYDFS 23 NYCRR 500

Requires financial institutions to implement robust cybersecurity programs to protect customer information.
MAS-TRM

MAS TRM 2021

Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
ISR-V2

ISR V2

Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
NYDFC

NYDFS NCRR 500

Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
RBI

RBI CSF

Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
RBI

RBI PA/PG

Sets security requirements and operational standards for entities facilitating online payments.
ISO

ISO 27017:2015

Provides guidelines for information security controls applicable to the provision and use of cloud services.
SAMA

SAMA Minimum Verification Controls

Baseline cybersecurity controls required for financial institutions in Saudi Arabia
TISAX

TISAX V5.1

Trusted Information Security Assessment Exchange standard for information security in the automotive industry.

Privacy

GDPR

GDPR

European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
ISO-27001-data

ISO 27701

Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
HIPAA

HIPAA

Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
CCPA

CCPA

California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
PIPEDA

PIPEDA

Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
PDPA

PDPA Singapore

Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
NIST

NIST 800-171A

Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
NIST

NIST 800-171 Revision 2

Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
NIST

NIST 800-53 Revision 5

Provides a catalog of security and privacy controls for federal information systems and organizations.
RBI

RBI DPSC

Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
DPDPA

DPDPA

Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.

Other

Custom-Frameworks

Custom Frameworks

Use Scrut SmartGRC™  to create custom frameworks to meet your unique compliance requirements.
NIST

NIST AI RMF

Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
ISO 42001:2023

ISO 42001:2023

Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
CIS

CIS

Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
ISO

ISO 22301:2019 BCMS

Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
ISO

ISO 13485:2016

Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
NCA

Essential Cybersecurity Controls

Basic measures to protect IT systems and data against common cyber threats.
CMMC

CMMC 2.0 Level 1

Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
CMMC

CMMC 2.0 Level 2

Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
PDPL

Saudi Arabia PDPL

Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
SAMA Cyber Resilience Fundamentals

SAMA Cyber Resilience Fundamentals

Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
ISO

ISO 27018:2019

Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management

Security

SOC2

SOC 2

Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
PCI

PCI DSS V 4.0

Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
ISO

ISO 27001:2022

Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
DORA

DORA

Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
ISO

ISO 27001:2013

Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
NIS

NIS 2 Directive

EU directive enhancing the security of network and information systems across member states.
NIST CSF v1.1

NIST CSF v1.1

Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
NIST CSF v1.1

NIST CSF 2.0

Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
NIST CSF v1.1

CSA STAR

Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
ISO

ISO 9001:2015

Sets standards for a quality management system to ensure consistent quality of products and services.
ISO

ISO 2000-1:2018

Sets standards for an organization to  establish, implement, maintain and continually improve a service management system (SMS).
NYDFC

NYDFS 23 NYCRR 500

Requires financial institutions to implement robust cybersecurity programs to protect customer information.
MAS-TRM

MAS TRM 2021

Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
ISR-V2

ISR V2

Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
NYDFC

NYDFS NCRR 500

Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
RBI

RBI CSF

Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
RBI

RBI PA/PG

Sets security requirements and operational standards for entities facilitating online payments.
ISO

ISO 27017:2015

Provides guidelines for information security controls applicable to the provision and use of cloud services.
SAMA

SAMA Minimum Verification Controls

Baseline cybersecurity controls required for financial institutions in Saudi Arabia
TISAX

TISAX V5.1

Trusted Information Security Assessment Exchange standard for information security in the automotive industry.

Privacy

GDPR

GDPR

European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
ISO-27001-data

ISO 27701

Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
HIPAA

HIPAA

Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
CCPA

CCPA

California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
PIPEDA

PIPEDA

Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
PDPA

PDPA Singapore

Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
NIST

NIST 800-171A

Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
NIST

NIST 800-171 Revision 2

Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
NIST

NIST 800-53 Revision 5

Provides a catalog of security and privacy controls for federal information systems and organizations.
RBI

RBI DPSC

Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
DPDPA

DPDPA

Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.

Other

Custom-Frameworks

Custom Frameworks

Use Scrut SmartGRC™  to create custom frameworks to meet your unique compliance requirements.
NIST

NIST AI RMF

Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
ISO 42001:2023

ISO 42001:2023

Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
CIS

CIS

Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
ISO

ISO 22301:2019 BCMS

Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
ISO

ISO 13485:2016

Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
NCA

Essential Cybersecurity Controls

Basic measures to protect IT systems and data against common cyber threats.
CMMC

CMMC 2.0 Level 1

Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
CMMC

CMMC 2.0 Level 2

Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
PDPL

Saudi Arabia PDPL

Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
SAMA Cyber Resilience Fundamentals

SAMA Cyber Resilience Fundamentals

Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
ISO

ISO 27018:2019

Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management

Multiply impact. Subtract effort.

Getting started with Scrut is easy

step1
STEP 1
Plug Scrut into your tech stack with easy integrations
step2
STEP 2
Lean back as Scrut experts drive gap assessment and pen-testing
step3
STEP 3
Quickly address gaps and deploy controls with our content libraries
step4
STEP 4
Enjoy continuous control monitoring and 24/7 audit readiness

See Scrut in action!