Supported IT Compliance Frameworks in SP360

Label in SP360 Long Description
SOC22017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
CIS v8.1CIS Controls Version 8.1
CCM v3.0.1Cloud Controls Matrix (CCM)
CMMCCybersecurity Maturity Model Certification
DFARS Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7008-7012
FAR Federal Acquisition Regulation (FAR)
FedRAMP High v 5Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline
FedRAMP Low v 5Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline
FedRAMP LI-SAAS v 5Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline
FedRAMP Mod v 5Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline
GDPR General Data Protection Regulation
HIPAAHealth Insurance Portability and Accountability (HIPAA) Security Rule 45 CFR Parts 160/164, Subparts A/C:1996
ISO 27001ISO/IEC 27001:2022
Microsoft Cloud SB v1Microsoft Cloud Security Benchmark
NYDFS v1New York State Department of Financial Services 23 NYCRR 500
NIST 800-53 v5NIST 800-53 (Special Publication)
NIST AI 100-1 v1NIST AI 100-1 - Artificial Intelligence Risk Management Framework, January 2023
NIST CSF v2NIST Cybersecurity Framework (CSF)
NIST 800-171 v2NIST Special Publication 800-171
PCI-DSS v4.0.1Payment Card Industry Data Security Standard (PCI-DSS) v4.0.1
SOX Sarbanes-Oxley Act: IT Security
SWIFTSWIFT Customer Security Controls Framework - Customer Security Programme v2024
DORAThe Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554
NIS2 The Network and Information Systems (NIS 2 Directive) (EU) 2022/2555
CMMC Level 1 v2US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1
CMMC Level 2 v2US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2
CFR Part 11US Food & Drug Administration (FDA)
Gramm Leach (GLBA)US Gramm Leach Bliley Act (GLBA)