Frameworks Mapped to Your Controls

Aurora’s opinionated baseline of essential security, privacy, resilience, and SDLC controls. Intended to cover common requirements across major security/privacy frameworks and customer due diligence.

Practical mapping of CIS Controls v8 to Aurora controls. This template tracks the 18 CIS Controls at an implementation-ready level. It maps them to canonical Aurora controls so evidence can be collected once and reused across audits.

High-level mapping of CMMC 2.0 Level 1 practices to Aurora controls. Designed for operational readiness with clear, implementable requirements. Mapped to canonical Aurora controls so evidence can be collected once and reused across frameworks.

Mapping of the COBIT 2019 Core Model governance and management objectives (EDM/APO/BAI/DSS/MEA) to Aurora controls.

Cloud security control framework (CCM) with 17 domains and 197 control objectives.

Template for authoring customer-defined or internal frameworks in Aurora. Replace the example requirements with your own statements, IDs, and mappings to Aurora controls.

The CRI Profile provides diagnostic statements aligned to the NIST Cybersecurity Framework (CSF) for financial services and other regulated organizations. CRI Profile v2.1 diagnostic statements mapped to Aurora controls.

FedRAMP High baseline security controls aligned to NIST SP 800-53 Rev. 5, sourced from the official FedRAMP Security Controls Baseline workbook. Includes NIST control statements and FedRAMP parameters/guidance where provided.

FedRAMP Low baseline security controls aligned to NIST SP 800-53 Rev. 5, sourced from the official FedRAMP Security Controls Baseline workbook. Includes NIST control statements and FedRAMP parameters/guidance where provided.

FedRAMP Moderate baseline security controls aligned to NIST SP 800-53 Rev. 5, sourced from the official FedRAMP Security Controls Baseline workbook. Includes NIST control statements and FedRAMP parameters/guidance where provided.

FFIEC Cybersecurity Assessment Tool (CAT), May 2017 edition. The FFIEC announced the CAT sunset effective August 31, 2025. This mapping preserves the May 2017 requirements for reference and legacy assessment support.

FFIEC IT Examination Handbook (IT Handbook) – Information Security Booklet. Requirements are represented using the booklet's table of contents entries to ensure full topical coverage.

High-level mapping of NIST SP 800-171 families to Aurora controls. This template helps operationalize major requirement families, from access control to incident response. It is designed for auditor-ready evidence.

Open-source baseline of minimum security requirements for software products and services (MVSP v3.0-20231109, CC0).

High-level mapping of the SOC 2 Trust Services Criteria to Aurora controls. This template is designed for operational readiness (security reviews, SOC 2 Type II programs, and continuous evidence). It focuses on what auditors expect to see in practice: governance, risk management, access controls, monitoring, change management, incident response, availability, and vendor oversight.

High-level mapping of common requirements across US state insurance cybersecurity regulations (informed by the NAIC Insurance Data Security Model Law).

Baseline security controls for GovRAMP/StateRAMP Authorization aligned to NIST SP 800-53 Rev. 5. Includes Authorized Low Impact (153 controls) and Authorized Moderate Impact (319 controls).

Mapping of VDA Information Security Assessment (ISA) questionnaire v6.0.3 requirements (Information Security and Prototype Protection and Data Protection) used by the TISAX assessment scheme to Aurora controls.

TX-RAMP Control Baselines v2.0 including Level 1 (117 controls) and Level 2 (223 controls) requirements.

Internal Aurora bundle of common requirements across major US state consumer privacy laws (VCDPA, Colorado CPA, CTDPA, and UCPA).