One platform. Endless possibilities.
Get compliant with multiple frameworks simultaneously. Reduce repetitive effort to map controls with Unified Controls Framework (UCF™)
Trusted by 1000+ customers
All frameworks available on SmartGRC™
-
All
-
Security
SOC 2
Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.PCI DSS V 4.0
Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.ISO 27001:2022
Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.DORA
Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.ISO 27001:2013
Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.NIS 2 Directive
EU directive enhancing the security of network and information systems across member states.NIST CSF v1.1
Provides guidelines for managing and reducing cybersecurity risks through a structured framework.NIST CSF 2.0
Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.CSA STAR
Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.ISO 9001:2015
Sets standards for a quality management system to ensure consistent quality of products and services.ISO 2000-1:2018
Sets standards for an organization to establish, implement, maintain and continually improve a service management system (SMS).NYDFS 23 NYCRR 500
Requires financial institutions to implement robust cybersecurity programs to protect customer information.MAS TRM 2021
Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in SingaporeISR V2
Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.NYDFS NCRR 500
Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.RBI CSF
Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.RBI PA/PG
Sets security requirements and operational standards for entities facilitating online payments.ISO 27017:2015
Provides guidelines for information security controls applicable to the provision and use of cloud services.SAMA Minimum Verification Controls
Baseline cybersecurity controls required for financial institutions in Saudi ArabiaTISAX V5.1
Trusted Information Security Assessment Exchange standard for information security in the automotive industry.Privacy
GDPR
European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.ISO 27701
Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processorsHIPAA
Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.CCPA
California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.PIPEDA
Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.PDPA Singapore
Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.NIST 800-171A
Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.NIST 800-171 Revision 2
Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.NIST 800-53 Revision 5
Provides a catalog of security and privacy controls for federal information systems and organizations.RBI DPSC
Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.DPDPA
Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.Other
Custom Frameworks
Use Scrut SmartGRC™ to create custom frameworks to meet your unique compliance requirements.NIST AI RMF
Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.ISO 42001:2023
Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.CIS
Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacksISO 22301:2019 BCMS
Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.ISO 13485:2016
Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulationsEssential Cybersecurity Controls
Basic measures to protect IT systems and data against common cyber threats.CMMC 2.0 Level 1
Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.CMMC 2.0 Level 2
Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.Saudi Arabia PDPL
Personal Data Protection Law governs the processing of personal data in Saudi Arabia.SAMA Cyber Resilience Fundamentals
Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.ISO 27018:2019
Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management -
Security
-
Security
SOC 2
Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.PCI DSS V 4.0
Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.ISO 27001:2022
Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.DORA
Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.ISO 27001:2013
Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.NIS 2 Directive
EU directive enhancing the security of network and information systems across member states.NIST CSF v1.1
Provides guidelines for managing and reducing cybersecurity risks through a structured framework.NIST CSF 2.0
Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.CSA STAR
Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.ISO 9001:2015
Sets standards for a quality management system to ensure consistent quality of products and services.ISO 2000-1:2018
Sets standards for an organization to establish, implement, maintain and continually improve a service management system (SMS).NYDFS 23 NYCRR 500
Requires financial institutions to implement robust cybersecurity programs to protect customer information.MAS TRM 2021
Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in SingaporeISR V2
Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.NYDFS NCRR 500
Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.RBI CSF
Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.RBI PA/PG
Sets security requirements and operational standards for entities facilitating online payments.ISO 27017:2015
Provides guidelines for information security controls applicable to the provision and use of cloud services.SAMA Minimum Verification Controls
Baseline cybersecurity controls required for financial institutions in Saudi ArabiaTISAX V5.1
Trusted Information Security Assessment Exchange standard for information security in the automotive industry. -
Privacy
-
Privacy
GDPR
European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.ISO 27701
Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processorsHIPAA
Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.CCPA
California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.PIPEDA
Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.PDPA Singapore
Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.NIST 800-171A
Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.NIST 800-171 Revision 2
Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.NIST 800-53 Revision 5
Provides a catalog of security and privacy controls for federal information systems and organizations.RBI DPSC
Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.DPDPA
Data Protection and Privacy Act mandates the protection and proper handling of personal data in India. -
Others
-
Other
Custom Frameworks
Use Scrut SmartGRC™ to create custom frameworks to meet your unique compliance requirements.NIST AI RMF
Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.ISO 42001:2023
Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.CIS
Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacksISO 22301:2019 BCMS
Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.ISO 13485:2016
Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulationsEssential Cybersecurity Controls
Basic measures to protect IT systems and data against common cyber threats.CMMC 2.0 Level 1
Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.CMMC 2.0 Level 2
Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.Saudi Arabia PDPL
Personal Data Protection Law governs the processing of personal data in Saudi Arabia.SAMA Cyber Resilience Fundamentals
Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.ISO 27018:2019
Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management
Security
SOC 2
Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
PCI DSS V 4.0
Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
ISO 27001:2022
Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
DORA
Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
ISO 27001:2013
Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
NIS 2 Directive
EU directive enhancing the security of network and information systems across member states.
NIST CSF v1.1
Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
NIST CSF 2.0
Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
CSA STAR
Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
ISO 9001:2015
Sets standards for a quality management system to ensure consistent quality of products and services.
ISO 2000-1:2018
Sets standards for an organization to establish, implement, maintain and continually improve a service management system (SMS).
NYDFS 23 NYCRR 500
Requires financial institutions to implement robust cybersecurity programs to protect customer information.
MAS TRM 2021
Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
ISR V2
Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
NYDFS NCRR 500
Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
RBI CSF
Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
RBI PA/PG
Sets security requirements and operational standards for entities facilitating online payments.
ISO 27017:2015
Provides guidelines for information security controls applicable to the provision and use of cloud services.
SAMA Minimum Verification Controls
Baseline cybersecurity controls required for financial institutions in Saudi Arabia
TISAX V5.1
Trusted Information Security Assessment Exchange standard for information security in the automotive industry.
Privacy
GDPR
European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
ISO 27701
Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
HIPAA
Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
CCPA
California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
PIPEDA
Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
PDPA Singapore
Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
NIST 800-171A
Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
NIST 800-171 Revision 2
Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
NIST 800-53 Revision 5
Provides a catalog of security and privacy controls for federal information systems and organizations.
RBI DPSC
Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
DPDPA
Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.
Other
Custom Frameworks
Use Scrut SmartGRC™ to create custom frameworks to meet your unique compliance requirements.
NIST AI RMF
Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
ISO 42001:2023
Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
CIS
Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
ISO 22301:2019 BCMS
Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
ISO 13485:2016
Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
Essential Cybersecurity Controls
Basic measures to protect IT systems and data against common cyber threats.
CMMC 2.0 Level 1
Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
CMMC 2.0 Level 2
Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
Saudi Arabia PDPL
Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
SAMA Cyber Resilience Fundamentals
Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
ISO 27018:2019
Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management
Security
SOC 2
Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
PCI DSS V 4.0
Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
ISO 27001:2022
Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
DORA
Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
ISO 27001:2013
Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
NIS 2 Directive
EU directive enhancing the security of network and information systems across member states.
NIST CSF v1.1
Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
NIST CSF 2.0
Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
CSA STAR
Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.
ISO 9001:2015
Sets standards for a quality management system to ensure consistent quality of products and services.
ISO 2000-1:2018
Sets standards for an organization to establish, implement, maintain and continually improve a service management system (SMS).
NYDFS 23 NYCRR 500
Requires financial institutions to implement robust cybersecurity programs to protect customer information.
MAS TRM 2021
Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore
ISR V2
Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
NYDFS NCRR 500
Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
RBI CSF
Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
RBI PA/PG
Sets security requirements and operational standards for entities facilitating online payments.
ISO 27017:2015
Provides guidelines for information security controls applicable to the provision and use of cloud services.
SAMA Minimum Verification Controls
Baseline cybersecurity controls required for financial institutions in Saudi Arabia
TISAX V5.1
Trusted Information Security Assessment Exchange standard for information security in the automotive industry.
Privacy
GDPR
European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.
ISO 27701
Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors
HIPAA
Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.
CCPA
California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.
PIPEDA
Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.
PDPA Singapore
Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.
NIST 800-171A
Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.
NIST 800-171 Revision 2
Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.
NIST 800-53 Revision 5
Provides a catalog of security and privacy controls for federal information systems and organizations.
RBI DPSC
Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
DPDPA
Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.
Other
Custom Frameworks
Use Scrut SmartGRC™ to create custom frameworks to meet your unique compliance requirements.
NIST AI RMF
Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
ISO 42001:2023
Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
CIS
Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks
ISO 22301:2019 BCMS
Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
ISO 13485:2016
Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations
Essential Cybersecurity Controls
Basic measures to protect IT systems and data against common cyber threats.
CMMC 2.0 Level 1
Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
CMMC 2.0 Level 2
Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
Saudi Arabia PDPL
Personal Data Protection Law governs the processing of personal data in Saudi Arabia.
SAMA Cyber Resilience Fundamentals
Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.
ISO 27018:2019
Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management
Multiply impact. Subtract effort.
Getting started with Scrut is easy
STEP 1
Plug Scrut into your tech stack with easy integrations
STEP 2
Lean back as Scrut experts drive gap assessment and pen-testing
STEP 3
Quickly address gaps and deploy controls with our content libraries
STEP 4
Enjoy continuous control monitoring and 24/7 audit readiness