Skip to content
Framework library

Every Framework Your Reviewers Will Ask for. One Control Library.

134+ frameworks mapped to one shared control library. Add the next framework for $1,500 instead of rebuilding your entire program. Evidence stays linked, current, and ready to share.
Browse the libraryRequest a walkthrough
134 frameworks134 published versions$1,500 to add the next oneUpdated Dec 27, 2025

Framework library

134 Frameworks. Search Yours.

Every framework, regulation, and state overlay your reviewers already ask about - mapped to controls with evidence specifications.

134
frameworks

Security and privacy frameworks used in audits, certifications, and customer diligence.

Framework

Adobe Common Controls Framework (Adobe CCF)

Adobe Common Controls Framework (Adobe CCF) trust center source set.

1versionAdobe Common Controls Framework (Adobe CCF) trust center source set
Framework

Anecdotes AI Framework (AAIF)

The Anecdotes AI GRC Toolkit (official public PDF).

1versionThe Anecdotes AI GRC Toolkit (official public PDF)
Framework

ASD Essential Eight

Essential Eight Maturity Model (November 2023).

1versionEssential Eight Maturity Model (November 2023)
Framework

Aurora Essentials (Baseline Control Set)

Aurora’s opinionated baseline of essential security, privacy, resilience, and SDLC controls.

1versionAurora
Framework

Australian Energy Sector Cyber Security Framework (AESCSF)

Australian Energy Sector Cyber Security Framework – current official program page with operative V2 Full Assessment requirement corpus.

1versionAustralian Energy Sector Cyber Security Framework – current official program page with operative V2 Full Assessment requirement corpus
Framework

AWS Well-Architected Framework

AWS Well-Architected Framework core source family.

1versionAWS Well-Architected Framework core source family
Framework

China Multi-Level Protection Scheme (MLPS) 2.0

GB/T 22239–2019 信息安全技术 网络安全等级保护基本要求.

1versionGB/T 22239–2019 信息安全技术 网络安全等级保护基本要求
Framework

CIS Controls v8

CIS Controls v8 coverage for implementation-ready security programs.

1versionCenter for Internet Security (CIS)
Framework

Cisco Cloud Controls Framework

Cisco Cloud Controls Framework.

1versionCisco Cloud Controls Framework
Framework

COBIT 2019 Framework: Governance and Management Objectives

Aurora Command maps the COBIT 2019 Core Model governance and management objectives (EDM/APO/BAI/DSS/MEA) into one reusable control and evidence workflow so teams can reuse proof across repeat reviews.

1versionISACA
Framework

CSA Cloud Controls Matrix (CCM) v4.0.12

CSA Cloud Controls Matrix (CCM) v4.0.12 requirements organized for repeat reviews and controlled evidence reuse.

1versionCloud Security Alliance (CSA)
Framework

CSA Cloud Controls Matrix (CCM) v4.1

Cloud Controls Matrix and CAIQ v4.1.

1versionCloud Controls Matrix and CAIQ v4.1
Framework

Custom Frameworks (template)

Template for company-specific frameworks and reviewer requirements that do not fit a published standard.

1versionAurora
Framework

Cyber Essentials

Cyber Essentials: Requirements for IT Infrastructure v3.2.

1versionCyber Essentials: Requirements for IT Infrastructure v3.2
Framework

Cyber Risk Institute Profile (CRI)

The CRI Profile provides diagnostic statements aligned to the NIST Cybersecurity Framework (CSF) for financial services and other regulated organizations.

1versionCyber Risk Institute
Framework

Cybersecurity Maturity Model Certification (CMMC) 2.0 – Level 1 (Foundational)

CMMC Level 1 includes 17 practices aligned to the FAR 52.204-21 basic safeguarding requirements for protecting Federal Contract Information (FCI) on covered contractor information systems.

1version1U.S. Department of Defense (CMMC)
Framework

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5

FedRAMP High controls organized for authorization work, assessor reviews, and repeat evidence reuse.

1versionFedRAMP (U.S. General Services Administration)
Framework

FedRAMP Security Controls Baseline (Low) - NIST SP 800-53 Rev. 5

FedRAMP Low controls organized for authorization work, assessor reviews, and repeat evidence reuse.

1versionFedRAMP (U.S. General Services Administration)
Framework

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5

FedRAMP Moderate controls organized for authorization work, assessor reviews, and repeat evidence reuse.

1versionFedRAMP (U.S. General Services Administration)
Framework

FFIEC Cybersecurity Assessment Tool (CAT)

FFIEC Cybersecurity Assessment Tool (CAT), May 2017 edition.

1version1Federal Financial Institutions Examination Council (FFIEC)
Framework

FFIEC IT Examination Handbook – Information Security Booklet

FFIEC IT Examination Handbook (IT Handbook) – Information Security Booklet.

1versionFederal Financial Institutions Examination Council (FFIEC)
Framework

HITRUST CSF

HITRUST CSF – Our Cybersecurity Framework.

1versionHITRUST CSF – Our Cybersecurity Framework
Framework

NIST AI Risk Management Framework (AI RMF)

AI Risk Management Framework.

1versionAI Risk Management Framework
Framework

NIST Cybersecurity Framework (CSF) 2.0

The Cybersecurity Framework (CSF) 2.0.

1versionThe Cybersecurity Framework (CSF) 2.0
Framework

NIST Privacy Framework

NIST Privacy Framework requirements organized for repeat reviews and controlled evidence reuse.

1versionPrivacy Framework
Framework

NIST Secure Software Development Framework (SSDF)

NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1.

1versionNIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1
Framework

NIST SP 800-171 (CUI)

Aurora Command maps NIST SP 800-171 families into one reusable control and evidence workflow so teams can reuse proof across repeat reviews.

1version1NIST
Framework

NIST SP 800-53 Rev. 5

Electronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures.

1versionElectronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures
Framework

OWASP Minimum Viable Secure Product (MVSP)

Open-source baseline of minimum security requirements for software products and services (MVSP v3.0-20231109, CC0).

1versionOWASP / Vendor Security Alliance (MVSP project)
Framework

RBI Cyber Security Framework in Banks

Cyber Security Framework in Banks.

1versionCyber Security Framework in Banks
Framework

SAMA Cyber Resilience Fundamental Requirements (CRFR)

Cyber Resilience Fundamental Requirements (CRFR).

1versionCyber Resilience Fundamental Requirements (CRFR)
Framework

SAMA Cyber Security Framework

SAMA Cyber Security Framework official PDF (Version 1.0, May 2017) with live SAMA rulebook in-force verification.

1versionSAMA Cyber Security Framework official PDF (Version 1.0, May 2017) with live SAMA rulebook in-force verification
Framework

SAMA Minimum Verification Controls

Minimum Verification Controls.

1versionMinimum Verification Controls
Framework

Secure Controls Framework (SCF)

Secure Controls Framework – SCF 2025.4 workbook.

1versionSecure Controls Framework – SCF 2025.4 workbook
Framework

Secure Controls Framework (SCF) – EU GDPR mapping / STRM

NIST IR 8477-Based Set Theory Relationship Mapping (STRM) – Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR).

1versionNIST IR 8477-Based Set Theory Relationship Mapping (STRM) – Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR)
Framework

SOC 1

AICPA SSAEs – currently effective (operative section AT-C 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting).

1versionAICPA SSAEs – currently effective (operative section AT-C 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting)
Framework

SOC 2

Aurora Command maps the SOC 2 Trust Services Criteria into one reusable control and evidence workflow so teams can reuse proof across repeat reviews.

1version1AICPA (Trust Services Criteria)
Framework

SOX IT General Controls (ITGC)

SOX IT General Controls (ITGC) requirements organized for repeat reviews and controlled evidence reuse.

1version1Aurora (derived from common SOX ITGC practice; aligned to SEC/PCAOB guidance)
Framework

State Insurance Cybersecurity Regulation (Baseline)

State Insurance Cybersecurity Regulation (Baseline) requirements organized for repeat reviews and controlled evidence reuse.

1version1NAIC / State Insurance Regulators
Framework

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate)

StateRAMP Baseline Controls for Authorization (Authorized – Low & Moderate) requirements organized for repeat reviews and controlled evidence reuse.

1versionGovRAMP (formerly StateRAMP)
Framework

SWIFT Customer Security Controls Framework (CSCF)

Swift Customer Security Controls Framework v2026.

1versionSwift Customer Security Controls Framework v2026
Framework

TISAX (VDA ISA 6.0.3)

Aurora Command maps VDA Information Security Assessment (ISA) questionnaire v6.0.3 requirements (Information Security and Prototype Protection and Data Protection) used by the TISAX assessment scheme into one reusable control and evidence workflow so teams can reuse proof across repeat reviews.

1versionENX Association / VDA
Framework

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5)

TX-RAMP Control Baselines 2.0 (Aligned to NIST SP 800-53 Rev. 5) requirements organized for repeat reviews and controlled evidence reuse.

1versionTexas Department of Information Resources (DIR)
Framework

US Data Privacy (USDP) – Core Multi-State Bundle

Internal Aurora bundle of common requirements across major US state comprehensive consumer privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA).

1version1Aurora

How it works

Map Once. Reuse Across Every Framework.

Five steps from framework selection to reviewer handoff. Evidence links to controls, controls map to requirements, and the next framework reuses everything.

01
Choose Frameworks
Select the frameworks that apply to your next review cycle. Add more as your program grows.
Framework scope and ownership
02
Map to Controls
Link external requirements to one control library. Evidence stays reusable across frameworks.
Control-to-requirement mapping
03
Link Evidence
Attach evidence to controls with owners and freshness expectations. Set cadence and reminders.
Evidence with freshness tracking
04
Keep Current
Track approvals, changes, and cadence over time. Automate collection where integrations support it.
Freshness and change history
05
Share When Asked
Give reviewers structured access through Trust Center. Export organized files on demand.
Controlled reviewer access
Aurora control mapping workspace showing one control reused across multiple frameworks and evidence records.

AC-2 Account Management · 4 linked items

SOC 2 CC6.1, ISO A.9.2.1, CMMC AC.L2-3.1.1 stay attached to the same shared control instead of splitting into separate framework trackers.

Walk Through the Workflow Explore Capabilities

What reviewers ask

Different Frameworks, Same Six Questions

No matter the framework, reviewers ask about the same things. Aurora organizes your evidence so you can respond consistently every time.

Access Control and Identity

What you can show

Evidence linked with source and timestamp

Governance and Approvals

What you can show

Policy versions, approval history, and decision trails

Incident Readiness

What you can show

Tabletop records, playbooks, and after-action items

Training Completion

What you can show

Assignment and completion records with dates

Vendor and Supplier Risk

What you can show

Due diligence records with follow-ups and decisions

Freshness and Timing

What you can show

Freshness tracking and change history between cycles

Common questions

Framework Questions, Answered Plainly

Clear answers about framework coverage, evidence reuse, and reviewer handoffs.

Can I manage multiple frameworks at once?
Yes. Map multiple frameworks to one control library. Evidence linked to controls is designed to be reusable across overlapping frameworks. Plan limits apply.
Do I have to remap controls for each framework?
No. Mapping is designed to be reused and updated instead of rebuilt. Add new frameworks or review cycles without starting over.
How do you prevent evidence from going stale?
Every evidence item has an owner, a freshness cadence, and automated reminders. Aurora flags what is expiring before reviewers notice.
What happens when a reviewer asks for something new?
Give reviewers structured access through Trust Center, or export organized evidence packages when someone needs offline documents.
Does Aurora guarantee compliance outcomes?
No. Aurora runs and documents compliance work. It does not guarantee certification, audit outcomes, or reviewer decisions.
Live walkthrough
Start with the Frameworks You Need This Quarter
Built for teams managing multiple frameworks with recurring reviews. Tell us about the frameworks, renewals, or security reviews already on your calendar, and we will show how Aurora reuses the same proof across them.
Request a walkthrough
Preview a reviewer package
15-minute walkthrough. No obligation. We'll show Aurora applied to your workflow and show the exact outputs. (No compliance guarantees.)