Skip to content

Coverage at a glance

Every Framework Mapped. Every Control Connected.

179 compliance frameworks mapped to one control library, verified by 860 automated tests, updated every build.

0Frameworks
0Requirements
0Controls
0Integrations
0Tests
0Evidence Specs

Integrations

Integration Landscape

Every integration verified, categorized, and mapped to controls.

By Module Type

163Total
Continuous Compliance131
Command32

By Category

Network Infrastructure32
Identity & Access Management13
Payments & PCI13
Banking & Fintech11
Wealth & RIA/BD Supervision7
Insurance Agency Management7
Logging & SIEM7
Ticketing & Incident Management7
HR & Payroll6
Auto Dealership & DMS6
General6
Communications & UCaaS5
Code & DevOps4
Evidence Ingest4
Cloud Infrastructure3
Mortgage & Title3
Device & Endpoint Management2
Cloud Security2
Edge & Network Security2
Security & Threat Intelligence2

Controls

Control Domain Distribution

24 control domains, each linked to integrations that feed evidence automatically.

Governance

44 controls

1 integration feed evidence

Privacy

21 controls

1 integration feed evidence

AI Governance

16 controls

1 integration feed evidence

Data Protection

15 controls

7 integrations feed evidence

IT Service Management

12 controls

5 integrations feed evidence

Quality Management

10 controls

1 integration feed evidence

Access Control

9 controls

11 integrations feed evidence

Secure Development

9 controls

3 integrations feed evidence

Application Controls

7 controls

1 integration feed evidence

Business Continuity

7 controls

2 integrations feed evidence

Monitoring

7 controls

8 integrations feed evidence

Endpoint Security

6 controls

8 integrations feed evidence

Incident Response

6 controls

5 integrations feed evidence

Vendor Management

5 controls

1 integration feed evidence

Network Security

4 controls

35 integrations feed evidence

Risk Management

4 controls

1 integration feed evidence

Configuration Management

3 controls

1 integration feed evidence

Physical Security

3 controls

1 integration feed evidence

Training & Awareness

3 controls

2 integrations feed evidence

Vulnerability Management

3 controls

5 integrations feed evidence

Cloud Security

2 controls

4 integrations feed evidence

Asset Management

1 controls

4 integrations feed evidence

Change Management

1 controls

1 integration feed evidence

HR Security

1 controls

1 integration feed evidence

Cross-Reference

How It All Connects

Integrations feed evidence to controls. Controls map to framework requirements. One library, every framework.

IntegrationsControlsFrameworksRequirements
1.1

Avg controls per framework

108

Avg evidence specs per framework

5.3

Avg tests per integration

24

Control domains

Jurisdictions

Global Jurisdiction Coverage

Frameworks span regulatory regimes worldwide.

13

International

11

US Federal

7

US State

6

Asia-Pacific

1

Latin America

1

Canada

1

Africa

Catalog

All Frameworks

Search and explore all 179 frameworks in the Aurora control library.

Showing 30 of 178 frameworks

HITRUST CSF

HITRUST CSF – Our Cybersecurity Framework

Control coverage0%
2735 req3 ctrl20 tests

Secure Controls Framework (SCF)

Secure Controls Framework – SCF 2025.4 workbook

Control coverage5%
1451 req76 ctrl277 tests

CMS Acceptable Risk Safeguards (ARS)

Acceptable Risk Safeguards 5.1x

Control coverage8%
1381 req110 ctrl381 tests

CMS Information Systems Security & Privacy Policy (IS2P2) + CMS Acceptable Risk Safeguards (ARS)

CMS IS2P2 + CMS ARS current policy-and-standards source family

Control coverage5%
1381 req65 ctrl221 tests

EU AI Act (Regulation (EU) 2024/1689)

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)

Control coverage1%
1206 req17 ctrl84 tests

NIST SP 800-53 Rev. 5

Electronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures

Control coverage11%
1196 req126 ctrl443 tests

Australian ISM for IRAP and ASD

Information security manual (March 2026)

Control coverage9%
1176 req109 ctrl378 tests

Australian Information Security Manual (ISM)

Information security manual (March 2026)

Control coverage10%
1130 req108 ctrl374 tests

BSI IT Grundschutz (Grundschutz++)

Bundesamt für Sicherheit in der Informationstechnik (BSI)

Control coverage11%
994 req107 ctrl348 tests

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5)

Texas Department of Information Resources (DIR)

Control coverage10%
680 req66 ctrl209 tests

IRS Publication 1075 – Tax Information Security Guidelines for Federal, State and Local Agencies

Internal Revenue Service

Control coverage17%
611 req106 ctrl352 tests

FFIEC Cybersecurity Assessment Tool (CAT)

Federal Financial Institutions Examination Council (FFIEC)

Control coverage8%
536 req42 ctrl130 tests
US

SAMA Cyber Security Framework

SAMA Cyber Security Framework official PDF (Version 1.0, May 2017) with live SAMA rulebook in-force verification

Control coverage9%
521 req48 ctrl162 tests

Secure Controls Framework (SCF) – EU GDPR mapping / STRM

NIST IR 8477-Based Set Theory Relationship Mapping (STRM) – Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR)

Control coverage8%
499 req41 ctrl196 tests

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate)

GovRAMP (formerly StateRAMP)

Control coverage16%
472 req77 ctrl251 tests

CMS ARC-AMPE – ACA Administering Entity Mandatory Baseline

ARC-AMPE Volume II System Security and Privacy Plan for ACA Administering Entities

Control coverage16%
416 req68 ctrl224 tests

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5

FedRAMP (U.S. General Services Administration)

Control coverage18%
410 req75 ctrl230 tests

CMS MARS-E v2.2 – Minimum Acceptable Risk Standards for Exchanges

Centers for Medicare & Medicaid Services

Control coverage26%
377 req97 ctrl342 tests

Cybersecurity Capability Maturity Model

U.S. Department of Energy

Control coverage18%
356 req64 ctrl216 tests

Australian Energy Sector Cyber Security Framework (AESCSF)

Australian Energy Sector Cyber Security Framework – current official program page with operative V2 Full Assessment requirement corpus

Control coverage17%
354 req60 ctrl203 tests

OWASP Application Security Verification Standard (ASVS)

OWASP Foundation

Control coverage9%
345 req31 ctrl66 tests
global

EASA Part-IS

Easy Access Rules for Information Security (Regulations (EU) 2023/203 and 2022/1645)

Control coverage8%
328 req25 ctrl100 tests

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5

FedRAMP (U.S. General Services Administration)

Control coverage26%
323 req83 ctrl242 tests

ETSI EN 319 401

ETSI EN 319 401 V3.2.1 (2026-01) – Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers

Control coverage14%
321 req44 ctrl128 tests

Cyber Risk Institute Profile (CRI)

Cyber Risk Institute

Control coverage29%
318 req91 ctrl268 tests

Adobe Common Controls Framework (Adobe CCF)

Adobe Common Controls Framework (Adobe CCF) trust center source set

Control coverage31%
317 req98 ctrl341 tests

AWS Well-Architected Framework

AWS Well-Architected Framework core source family

Control coverage10%
307 req32 ctrl106 tests

ASD Essential Eight

Essential Eight Maturity Model (November 2023)

Control coverage5%
304 req15 ctrl40 tests

IRS Publication 4812 Contractor Security & Privacy Controls

Internal Revenue Service

Control coverage38%
299 req113 ctrl401 tests

Dubai Information Security Regulation (ISR)

Information Security Regulation (ISR)

Control coverage32%
272 req86 ctrl304 tests
Live walkthrough
See Your Coverage. Start a Free Assessment.
Map your first framework in minutes. Add more as your program grows.
Start Free Assessment
Explore Frameworks
15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)