Coverage at a glance

Every Framework Mapped.
Every Control Connected.

173 compliance frameworks mapped to one control library, verified by 938 automated tests, updated every build.

0Frameworks

0Requirements

0Controls

0Integrations

0Tests

0Evidence Specs

Integrations

Integration Landscape

Every integration verified, categorized, and mapped to controls.

By Module Type

1083Total

Continuous Compliance884

Command199

By Category

Command197

Banking & Fintech140

Idp105

Export / File-Based Evidence77

Security Operations63

Collaboration & Productivity52

Cloud Security Posture50

Compliance & GRC40

Privileged Access Management33

Zero Trust Network Access33

Itsm33

Cmdb30

Cloud Infrastructure29

Logging & SIEM26

Vulnerability Management25

Vertical App24

Endpoint21

Code & DevOps20

Endpoint Detection & Response18

Communications & UCaaS18

Controls

Control Domain Distribution

40 control domains, each linked to integrations that feed evidence automatically.

Governance

44 controls

1 integration feed evidence

Privacy

21 controls

1 integration feed evidence

OPS

17 controls

53 integrations feed evidence

AI Governance

16 controls

1 integration feed evidence

Data Protection

15 controls

8 integrations feed evidence

IDP

15 controls

10 integrations feed evidence

IT Service Management

12 controls

5 integrations feed evidence

Quality Management

10 controls

1 integration feed evidence

Access Control

9 controls

11 integrations feed evidence

Secure Development

9 controls

3 integrations feed evidence

Application Controls

7 controls

1 integration feed evidence

Business Continuity

7 controls

2 integrations feed evidence

Integration

7 controls

0 integrations feed evidence

Monitoring

7 controls

9 integrations feed evidence

Endpoint Security

6 controls

8 integrations feed evidence

Incident Response

6 controls

5 integrations feed evidence

ZTNA

6 controls

1 integration feed evidence

Vendor Management

5 controls

1 integration feed evidence

Configuration Management

4 controls

1 integration feed evidence

DP

4 controls

0 integrations feed evidence

Network Security

4 controls

4 integrations feed evidence

Operations

4 controls

0 integrations feed evidence

Risk Management

4 controls

1 integration feed evidence

EP

3 controls

1 integration feed evidence

GRC

3 controls

6 integrations feed evidence

LM

3 controls

5 integrations feed evidence

Physical Security

3 controls

1 integration feed evidence

Training & Awareness

3 controls

2 integrations feed evidence

Vulnerability Management

3 controls

5 integrations feed evidence

AC

2 controls

0 integrations feed evidence

Cloud Security

2 controls

4 integrations feed evidence

NS

2 controls

0 integrations feed evidence

SA

2 controls

0 integrations feed evidence

Asset Management

1 controls

5 integrations feed evidence

BC

1 controls

0 integrations feed evidence

Change Management

1 controls

1 integration feed evidence

HR Security

1 controls

1 integration feed evidence

IR

1 controls

0 integrations feed evidence

TP

1 controls

0 integrations feed evidence

VM

1 controls

0 integrations feed evidence

Cross-Reference

How It All Connects

Integrations feed evidence to controls. Controls map to framework requirements. One library, every framework.

IntegrationsControlsFrameworksRequirements

1.3

Avg controls per framework

130

Avg evidence specs per framework

0.9

Avg tests per integration

Control domains

Jurisdictions

Global Jurisdiction Coverage

Frameworks span regulatory regimes worldwide.

International

US Federal

Asia-Pacific

US State

Latin America

Canada

Europe

Africa

Catalog

All Frameworks

Search and explore all 173 frameworks in the Aurora control library.

Showing 30 of 153 frameworks

HITRUST CSF

HITRUST CSF – Our Cybersecurity Framework

Control coverage1%

2735 req32 ctrl1068 tests

Secure Controls Framework (SCF)

Secure Controls Framework – SCF 2025.4 workbook

Control coverage5%

1451 req76 ctrl1359 tests

CMS Acceptable Risk Safeguards (ARS)

Acceptable Risk Safeguards 5.1x

Control coverage8%

1381 req110 ctrl1710 tests

CMS Information Systems Security & Privacy Policy (IS2P2) + CMS Acceptable Risk Safeguards (ARS)

CMS IS2P2 + CMS ARS current policy-and-standards source family

Control coverage5%

1381 req65 ctrl525 tests

EU AI Act (Regulation (EU) 2024/1689)

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)

Control coverage1%

1206 req17 ctrl848 tests

NIST SP 800-53 Rev. 5

Electronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures

Control coverage11%

1196 req126 ctrl1785 tests

Australian ISM for IRAP and ASD

Information security manual (March 2026)

Control coverage10%

1176 req117 ctrl1602 tests

Australian Information Security Manual (ISM)

Information security manual (March 2026)

Control coverage10%

1130 req108 ctrl698 tests

BSI IT Grundschutz (Grundschutz++)

Bundesamt für Sicherheit in der Informationstechnik (BSI)

Control coverage11%

994 req107 ctrl1464 tests

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5)

Texas Department of Information Resources (DIR)

Control coverage10%

680 req66 ctrl1299 tests

IRS Publication 1075 – Tax Information Security Guidelines for Federal, State and Local Agencies

Internal Revenue Service

Control coverage17%

611 req106 ctrl1679 tests

FFIEC Cybersecurity Assessment Tool (CAT)

Federal Financial Institutions Examination Council (FFIEC)

Control coverage8%

536 req42 ctrl1128 tests

SAMA Cyber Security Framework

SAMA Cyber Security Framework official PDF (Version 1.0, May 2017) with live SAMA rulebook in-force verification

Control coverage11%

521 req55 ctrl1228 tests

Secure Controls Framework (SCF) – EU GDPR mapping / STRM

NIST IR 8477-Based Set Theory Relationship Mapping (STRM) – Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR)

Control coverage8%

499 req41 ctrl1148 tests

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate)

GovRAMP (formerly StateRAMP)

Control coverage16%

472 req77 ctrl1337 tests

CMS ARC-AMPE – ACA Administering Entity Mandatory Baseline

ARC-AMPE Volume II System Security and Privacy Plan for ACA Administering Entities

Control coverage16%

416 req68 ctrl1303 tests

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5

FedRAMP (U.S. General Services Administration)

Control coverage18%

410 req75 ctrl738 tests

CMS MARS-E v2.2 – Minimum Acceptable Risk Standards for Exchanges

Centers for Medicare & Medicaid Services

Control coverage26%

377 req97 ctrl1453 tests

Cybersecurity Capability Maturity Model

U.S. Department of Energy

Control coverage18%

356 req64 ctrl1281 tests

Australian Energy Sector Cyber Security Framework (AESCSF)

Australian Energy Sector Cyber Security Framework – current official program page with operative V2 Full Assessment requirement corpus

Control coverage17%

354 req60 ctrl1182 tests

OWASP Application Security Verification Standard (ASVS)

OWASP Foundation

Control coverage9%

345 req31 ctrl280 tests

global

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5

FedRAMP (U.S. General Services Administration)

Control coverage26%

323 req83 ctrl618 tests

ETSI EN 319 401

ETSI EN 319 401 V3.2.1 (2026-01) – Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers

Control coverage14%

321 req44 ctrl1179 tests

Cyber Risk Institute Profile (CRI)

Cyber Risk Institute

Control coverage29%

318 req91 ctrl1392 tests

Adobe Common Controls Framework (Adobe CCF)

Adobe Common Controls Framework (Adobe CCF) trust center source set

Control coverage31%

317 req98 ctrl899 tests

AWS Well-Architected Framework

AWS Well-Architected Framework core source family

Control coverage10%

307 req32 ctrl303 tests

ASD Essential Eight

Australian Signals Directorate (ASD) / Australian Cyber Security Centre (ACSC)

Control coverage5%

304 req15 ctrl181 tests

IRS Publication 4812 Contractor Security & Privacy Controls

Internal Revenue Service

Control coverage38%

299 req113 ctrl1729 tests

Dubai Information Security Regulation (ISR)

Information Security Regulation (ISR)

Control coverage32%

272 req86 ctrl1416 tests

FedRAMP 20x Phase 2 Pilot

FedRAMP (GSA)

Control coverage18%

271 req50 ctrl599 tests

Live walkthrough

See Your Coverage. Start a Free Assessment.

Map your first framework in minutes. Add more as your program grows.

Start Free Assessment

Explore Frameworks

15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)

Every Framework Mapped. Every Control Connected.

Integration Landscape

By Module Type

By Category

Control Domain Distribution

Governance

Privacy

OPS

AI Governance

Data Protection

IDP

IT Service Management

Quality Management

Access Control

Secure Development

Application Controls

Business Continuity

Integration

Monitoring

Endpoint Security

Incident Response

ZTNA

Vendor Management

Configuration Management

DP

Network Security

Operations

Risk Management

EP

GRC

LM

Physical Security

Training & Awareness

Vulnerability Management

AC

Cloud Security

NS

SA

Asset Management

BC

Change Management

HR Security

IR

TP

VM

How It All Connects

Global Jurisdiction Coverage

All Frameworks

HITRUST CSF

Secure Controls Framework (SCF)

CMS Acceptable Risk Safeguards (ARS)

CMS Information Systems Security & Privacy Policy (IS2P2) + CMS Acceptable Risk Safeguards (ARS)

EU AI Act (Regulation (EU) 2024/1689)

NIST SP 800-53 Rev. 5

Australian ISM for IRAP and ASD

Australian Information Security Manual (ISM)

BSI IT Grundschutz (Grundschutz++)

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5)

IRS Publication 1075 – Tax Information Security Guidelines for Federal, State and Local Agencies

FFIEC Cybersecurity Assessment Tool (CAT)

SAMA Cyber Security Framework

Secure Controls Framework (SCF) – EU GDPR mapping / STRM

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate)

CMS ARC-AMPE – ACA Administering Entity Mandatory Baseline

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5

CMS MARS-E v2.2 – Minimum Acceptable Risk Standards for Exchanges

Cybersecurity Capability Maturity Model

Australian Energy Sector Cyber Security Framework (AESCSF)

OWASP Application Security Verification Standard (ASVS)

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5

ETSI EN 319 401

Cyber Risk Institute Profile (CRI)

Adobe Common Controls Framework (Adobe CCF)

AWS Well-Architected Framework

ASD Essential Eight

IRS Publication 4812 Contractor Security & Privacy Controls

Dubai Information Security Regulation (ISR)

FedRAMP 20x Phase 2 Pilot

Every Framework Mapped.
Every Control Connected.