Framework library

Compliance Frameworks Mapped to One Shared Control Library

167 frameworks mapped to one shared control library. Add the next framework without rebuilding your program. Evidence stays linked, current, and ready to share.

Browse the Library Request a Walkthrough

Platform depth

Pre-Built Depth in Every Framework

Each framework ships with mapped controls, evidence definitions, and automated compliance checks. Add a framework and reuse the same proof across all of them.

167

Frameworks in the library

31,722 requirements mapped to shared controls

155,087

Automated compliance checks

Across 198 shared controls

Evidence automation

Frameworks Are Only as Good as the Evidence Behind Them

Every framework in this library connects to 1083 production integrations that automatically collect evidence. Connect once and feed proof into every framework that shares those controls.

Browse All Integrations

Framework library

167 Frameworks. Search Yours.

Every framework, regulation, and state overlay your reviewers already ask about - mapped to controls with evidence specifications.

167

frameworks

Security and privacy frameworks used in audits, certifications, and customer diligence.

Adobe Common Controls Framework (Adobe CCF)Framework

317reqs

98controls

Anecdotes AI Framework (AAIF)Framework

24reqs

26controls

ASD Essential EightFramework

304reqs

15controls

Aurora Essentials (Baseline Control Set)Framework

29reqs

88controls

Australian Energy Sector Cyber Security Framework (AESCSF)Framework

354reqs

60controls

AWS Well-Architected FrameworkFramework

307reqs

32controls

BSI IT Grundschutz (Grundschutz and and )Framework

994reqs

107controls

China Multi-Level Protection Scheme (MLPS) 2.0Framework

124reqs

63controls

CIS Controls v8Framework

153reqs

64controls

CMS MARS-E v2.2 – Minimum Acceptable Risk Standards for ExchangesFramework

377reqs

97controls

COBIT 2019 Framework: Governance and Management ObjectivesFramework

40reqs

77controls

CSA Cloud Controls Matrix (CCM) v4.0.12Framework

197reqs

112controls

CSA Cloud Controls Matrix (CCM) v4.1Framework

207reqs

113controls

Cyber EssentialsFramework

68reqs

17controls

Cyber Risk Institute Profile (CRI)Framework

318reqs

91controls

Cybersecurity Capability Maturity ModelFramework

356reqs

64controls

Cybersecurity Code of Practice for Critical Information InfrastructureFramework

189reqs

73controls

Cybersecurity Maturity Model Certification (CMMC) 2.0 – Level 1 (Foundational)Framework

17reqs

20controls

Fair Credit Reporting Act (FCRA) / Regulation V / FTC FCRA Subchapter FFramework

58reqs

18controls

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5Framework

410reqs

75controls

FedRAMP Security Controls Baseline (Low) - NIST SP 800-53 Rev. 5Framework

156reqs

73controls

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5Framework

323reqs

83controls

FFIEC Cybersecurity Assessment Tool (CAT)Framework

536reqs

42controls

FFIEC IT Examination Handbook – Information Security BookletFramework

ICH E6(R3) Good Clinical PracticeFramework

69reqs

54controls

IRS Publication 4812 Contractor Security & Privacy ControlsFramework

299reqs

113controls

ISO/IEC 17024 – Conformity assessment – General requirements for bodies operating certification of personsFramework

52reqs

31controls

Mastercard Terminal Quality Management (TQM)Framework

204reqs

24controls

Nacha Operating RulesFramework

27reqs

19controls

NCSC Cyber Assessment Framework (CAF)Framework

69reqs

72controls

NERC Critical Infrastructure Protection (CIP) Reliability Standards – Current Effective U.S. FERC-Applicable U.S. BaselineFramework

236reqs

51controls

NERC Rules of ProcedureFramework

127reqs

38controls

NIST AI Risk Management Framework (AI RMF)Framework

72reqs

15controls

NIST Cybersecurity Framework (CSF) 2.0Framework

134reqs

88controls

NIST Privacy FrameworkFramework

100reqs

77controls

NIST Secure Software Development Framework (SSDF)Framework

42reqs

35controls

NIST SP 800-161 Rev. 1 Update 1 – Cybersecurity Supply Chain Risk Management Practices for Systems and OrganizationsFramework

385reqs

76controls

NIST SP 800-171 (Protecting CUI in Nonfederal Systems)Framework

97reqs

65controls

NIST SP 800-218A: Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community ProfileFramework

48reqs

47controls

NIST SP 800-53 Rev. 5Framework

1,196reqs

126controls

OSFI Guideline B-13 – Technology and Cyber Risk ManagementFramework

57reqs

86controls

OWASP Minimum Viable Secure Product (MVSP)Framework

25reqs

37controls

PCI PIN Security Requirements and Testing ProceduresFramework

33reqs

19controls

RBI Cyber Security Framework in BanksFramework

151reqs

51controls

SAMA Cyber Resilience Fundamental Requirements (CRFR)Framework

36reqs

38controls

SAMA Cyber Security FrameworkFramework

521reqs

48controls

SAMA Minimum Verification ControlsFramework

47reqs

27controls

SEBI Cybersecurity and Cyber Resilience Framework (CSCRF)Framework

182reqs

71controls

Secure Controls Framework (SCF)Framework

1,451reqs

76controls

Secure Controls Framework (SCF) – EU GDPR mapping / STRMFramework

SOC 3 – SOC for Service Organizations: Trust Services Criteria for General Use ReportFramework

18reqs

62controls

SOX IT General Controls (ITGC)Framework

21reqs

39controls

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate)Framework

472reqs

77controls

SWIFT Customer Security Controls Framework (CSCF)Framework

32reqs

36controls

Task Force on Climate-related Financial Disclosures (TCFD)Framework

31reqs

6controls

TISAX (VDA ISA 6.0.3)Framework

80reqs

75controls

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5)Framework

680reqs

66controls

US Data Privacy (USDP) – Core Multi-State BundleFramework

14reqs

21controls

USA PATRIOT Act – Title III / FinCEN Operational Requirements for Covered Financial InstitutionsFramework

24reqs

13controls

WebTrust for Certification AuthoritiesFramework

46reqs

61controls

How it works

Map Once. Reuse Across Every Framework.

Five steps from framework selection to reviewer handoff. Evidence links to controls, controls map to requirements, and every new framework reuses the same proof.

Choose Frameworks

Select the frameworks that apply to your next review cycle. Add more as your program grows.

Framework scope and ownership

Map to Controls

Link external requirements to one control library. Evidence stays reusable across frameworks.

Control-to-requirement mapping

Link Evidence

Attach evidence to controls with owners and freshness expectations. Set cadence and reminders.

Evidence with freshness tracking

Keep Current

Track approvals, changes, and cadence over time. Automate collection where integrations support it.

Freshness and change history

Share When Asked

Give reviewers structured access through Trust Center. Export organized files on demand.

Controlled reviewer access

Aurora workspace showing AC-2 Account Management mapped across 3 frameworks with 4 linked evidence items.

1/3

AC-2 Account Management · 4 linked items

SOC 2 CC6.1, ISO A.9.2.1, CMMC AC.L2-3.1.1 stay attached to the same shared control instead of splitting into separate framework trackers.

Request a Walkthrough Explore Capabilities

What customers get

Evidence, Training, and Lifecycle Built into Every Framework

Aurora maps requirements to operational evidence, training programs, and lifecycle signals across 26 control domains so your team stays ahead of reviewers, not chasing them.

Automated Evidence Collection

21,213 evidence specifications across all public frameworks, collected from 33 integration sources including BC/DR Program Owner, GRC, Operations, Risk Management, and more.

BC/DR Program OwnerGRCOperationsRisk ManagementService OwnersAWSAzureAzure Monitor Logs Pull+25 more

Training Tied to Controls

Training requirements linked to framework controls with module assignments, cadence tracking, and completion evidence. Assessment question banks mapped to reviewer expectations.

Training modules tied to controls

Assessment questions with approved answers

Cadence and completion tracking

Audience-targeted assignments

Proactive Alerts and Remediation

Automated gap detection, deadline tracking, and remediation workflows across every framework. Stay ahead of review windows instead of reacting to them.

Evidence freshness alerts

Automation gap detection

Calendar deadline tracking

Remediation workflows

What reviewers ask

Different Frameworks, Same Six Questions

Reviewers ask the same six things regardless of framework. Aurora organizes your evidence so you respond consistently every time.

Access Control and Identity

What you can show

Evidence linked with source and timestamp

Governance and Approvals

What you can show

Policy versions, approval history, and decision trails

Incident Readiness

What you can show

Tabletop records, playbooks, and after-action items

Training Completion

What you can show

Assignment and completion records with dates

Vendor and Supplier Risk

What you can show

Due diligence records with follow-ups and decisions

Freshness and Timing

What you can show

Freshness tracking and change history between cycles

Ready to simplify?

See How Your Frameworks Map to One Control Library

Share the frameworks on your calendar. We will show how Aurora keeps the same evidence reusable across all of them.

Request a Walkthrough View Pricing

Common questions

Framework Questions, Answered Plainly

Clear answers about framework coverage, evidence reuse, and reviewer handoffs.

Can I manage multiple frameworks at once?

Yes. Map multiple frameworks to one control library. Evidence linked to controls is designed to be reusable across overlapping frameworks. Plan limits apply.

Do I have to remap controls for each framework?

No. Mapping is designed to be reused and updated instead of rebuilt. Add new frameworks or review cycles without starting over.

How do you prevent evidence from going stale?

Every evidence item has an owner, a freshness cadence, and automated reminders. Aurora flags what is expiring before reviewers notice.

What happens when a reviewer asks for something new?

Give reviewers structured access through Trust Center, or export organized evidence packages when someone needs offline documents.

Does Aurora guarantee compliance outcomes?

No. Aurora runs and documents compliance work. It does not guarantee certification, audit outcomes, or reviewer decisions.

Aurora does not guarantee certification, audit outcomes, or reviewer decisions. It organizes, tracks, and shares the evidence and mappings your team maintains.

Live walkthrough

Start with the Frameworks You Need This Quarter

Tell us the frameworks, renewals, or security reviews already on your calendar. We will show how Aurora reuses the same proof across all of them.

Request a Walkthrough

Preview a Reviewer Package

15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)

Compliance Frameworks Mapped to One Shared Control Library

Pre-Built Depth in Every Framework

Frameworks Are Only as Good as the Evidence Behind Them

167 Frameworks. Search Yours.

Map Once. Reuse Across Every Framework.

AC-2 Account Management · 4 linked items

IR-4 Incident Handling · 3 linked items

RA-5 Vulnerability Scanning · 5 linked items

AC-2 Account Management · 4 linked items

Evidence, Training, and Lifecycle Built into Every Framework

Automated Evidence Collection

Training Tied to Controls

Proactive Alerts and Remediation

Different Frameworks, Same Six Questions

Access Control and Identity

Governance and Approvals

Incident Readiness

Training Completion

Vendor and Supplier Risk

Freshness and Timing

See How Your Frameworks Map to One Control Library

Framework Questions, Answered Plainly