Skip to content

Frameworks

Path: /frameworks

Frameworks

Browse the compliance frameworks loaded in the system. Each framework contains a set of controls your organization must implement.

Supported Frameworks

Control counts below are pulled from the live /api/v1/frameworks response — they reflect exactly what the backend ships.

Framework Controls Description
SOC 2 Type II 61 Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy
ISO/IEC 27001:2022 93 Information Security Management System (ISMS) requirements and Annex A controls
CMMC Level 2 110 Cybersecurity Maturity Model Certification for defense contractors
NIST Cybersecurity Framework 2.0 83 Identify–Protect–Detect–Respond–Recover–Govern subcategories
HIPAA Security Rule 25 Administrative, physical, and technical safeguards for ePHI (§ 164.308–316)
PCI DSS v4.0.1 63 Payment-card industry data security requirements
GDPR 30 EU data-protection obligations (Articles 25–34)

NIST 800-53 Rev 5

The NIST 800-53 Rev 5 baseline ships as a content pack under src/backend/content/builtin/ and is usable for control-to-control mapping, but it is not yet exposed through /api/v1/frameworks or this UI. Targeted for v2.1.

How to Explore a Framework

  1. Click View Controls on any framework card.
  2. Browse controls by category/family.
  3. Use the search bar to find specific controls (e.g., "encryption", "access control").
  4. Each control shows its ID, title, description, and category.