Frameworks¶
Path: /frameworks

Browse the compliance frameworks loaded in the system. Each framework contains a set of controls your organization must implement.
Supported Frameworks¶
Control counts below are pulled from the live /api/v1/frameworks response —
they reflect exactly what the backend ships.
| Framework | Controls | Description |
|---|---|---|
| SOC 2 Type II | 61 | Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy |
| ISO/IEC 27001:2022 | 93 | Information Security Management System (ISMS) requirements and Annex A controls |
| CMMC Level 2 | 110 | Cybersecurity Maturity Model Certification for defense contractors |
| NIST Cybersecurity Framework 2.0 | 83 | Identify–Protect–Detect–Respond–Recover–Govern subcategories |
| HIPAA Security Rule | 25 | Administrative, physical, and technical safeguards for ePHI (§ 164.308–316) |
| PCI DSS v4.0.1 | 63 | Payment-card industry data security requirements |
| GDPR | 30 | EU data-protection obligations (Articles 25–34) |
NIST 800-53 Rev 5
The NIST 800-53 Rev 5 baseline ships as a content pack under
src/backend/content/builtin/ and is usable for control-to-control mapping,
but it is not yet exposed through /api/v1/frameworks or this UI.
Targeted for v2.1.
How to Explore a Framework¶
- Click View Controls on any framework card.
- Browse controls by category/family.
- Use the search bar to find specific controls (e.g., "encryption", "access control").
- Each control shows its ID, title, description, and category.