Compliance Framework Overlap


 SOC 2: Service Organization Control 2 

ISO 27001: International Organization for Standardization 27001 

HIPAA: Health Insurance Portability and Accountability Act 

GDPR: General Data Protection Regulation 

TBL ESSENTIALS: Tugboat Logic Essentials 

NIST CSF: The National Institute of Standards and Technology’s Cybersecurity Framework 

CCPA: California Consumer Privacy Act 

PCI DSS: Payment Card Industry Data Security Standard 

CMMC: Cybersecurity Maturity Model Certification 

ITGC: Information Technology General Controls 

FFIEC: Federal Financial Institutions Examination Council’s Maturity Assessment 

NIST 800-171: The National Institute of Standards and Technology Special Publication 800-171 

MICROSOFT SSPA: Microsoft Supplier Security and Privacy Assurance 

Where does it come from?

Contrary to popular belief