Compliance Frameworks

Every framework you're audited against.

Safeguard maps continuous evidence to the frameworks your auditors actually ask about — US, international, and sector-specific. Major frameworks plus 150+ regional variants and regimes mapped across 6 regions — 25 highlighted below.

70
Americas
41
International
28
Europe
28
Asia-Pacific
19
Middle East & Africa
11
Internal

A framework not listed?

If your auditor is asking for it, we'll map it. Book a 30-minute call and we'll walk through your control set with the Safeguard evidence engine live.

Every framework we support

All 197 regimes in the registry, grouped by region.

Americas

Americas70
NIST SSDF
United States · Government Regulation
NIST CSF 2.0
United States · Government Regulation
NIST SP 800-53
United States · Government Regulation
NIST SP 800-161
United States · Government Regulation
NIST SP 800-171
United States · Government Regulation
NIST SP 800-82
United States · Government Regulation
NIST SP 800-207
United States · Government Regulation
NIST CSF 2.0 (Full)
United States · Government Regulation
FISMA
United States · Government Regulation
FedRAMP
United States · Government Regulation
StateRAMP
United States · Government Regulation
CMMC 2.0
United States · Government Regulation
DFARS 252.204-7012
United States · Government Regulation
NDAA Section 889
United States · Government Regulation
HIPAA Security Rule
United States · Government Regulation
HIPAA / HITECH
United States · Government Regulation
HITRUST CSF
United States · Government Regulation
FDA Medical Device
United States · Government Regulation
SOC 2 Type II
United States · Government Regulation
SOC 2 Type II (Extended)
United States · Government Regulation
SOX ITGC
United States · Government Regulation
FTC Safeguards Rule
United States · Government Regulation
FFIEC CAT
United States · Government Regulation
CCPA / CPRA
United States · Government Regulation
FIPS 140-3
United States · Government Regulation
NIST AI RMF
United States · Government Regulation
NIST SP 800-218A
United States · Government Regulation
NERC CIP
United States · Government Regulation
Canada PIPEDA
Canada · Government Regulation
Brazil LGPD
Brazil · Government Regulation
Virginia CDPA
United States · Government Regulation
Colorado CPA
United States · Government Regulation
Connecticut CTDPA
United States · Government Regulation
Utah UCPA
United States · Government Regulation
Texas TDPSA
United States · Government Regulation
Oregon OCPA
United States · Government Regulation
Montana CDPA
United States · Government Regulation
Tennessee TIPA
United States · Government Regulation
Delaware PDPA
United States · Government Regulation
New Jersey CDPA
United States · Government Regulation
New Hampshire DPA
United States · Government Regulation
Maryland MODPA
United States · Government Regulation
Minnesota CDPA
United States · Government Regulation
Indiana CDPA
United States · Government Regulation
Iowa CDPA
United States · Government Regulation
Florida Digital Bill of Rights
United States · Government Regulation
Washington My Health My Data Act
United States · Government Regulation
FDA 21 CFR Part 11
United States · Government Regulation
TSA Pipeline Security Directives
United States · Government Regulation
Mexico LFPDPPP
Mexico · Government Regulation
Argentina PDPL (Law 25.326)
Argentina · Government Regulation
Chile Law 19.628
Chile · Government Regulation
Colombia Law 1581
Colombia · Government Regulation
Peru Law 29733
Peru · Government Regulation
NIST Privacy Framework
United States · Industry Standard
NY DFS 23 NYCRR 500
United States · Government Regulation
NY SHIELD Act
United States · Government Regulation
Massachusetts 201 CMR 17.00
United States · Government Regulation
Illinois BIPA
United States · Government Regulation
COPPA
United States · Government Regulation
FERPA
United States · Government Regulation
GLBA
United States · Government Regulation
FCRA / FACTA
United States · Government Regulation
NIST SP 800-37 RMF
United States · Government Regulation
NIST SP 800-66 r2
United States · Government Regulation
NIST SP 800-63
United States · Government Regulation
Quebec Law 25
Canada · Government Regulation
Canada CPPA
Canada · Government Regulation
Uruguay Law 18.331
Uruguay · Government Regulation
Jamaica DPA
Jamaica · Government Regulation

Europe

Europe28
EU Cyber Resilience Act
European Union · Government Regulation
EU DORA
European Union · Government Regulation
EU NIS2 Directive
European Union · Government Regulation
GDPR
European Union · Government Regulation
GDPR Article 25
European Union · Government Regulation
EU AI Act
European Union · Government Regulation
ETSI EN 303 645
European Union · Government Regulation
ENISA Good Practices
European Union · Government Regulation
BSI TR-03183-2
Germany · Government Regulation
TISAX
Germany · Government Regulation
UK Cyber Essentials
United Kingdom · Government Regulation
France ANSSI RGS
France · Government Regulation
Italy ACN Cybersecurity
Italy · Government Regulation
Spain ENS (RD 311/2022)
Spain · Government Regulation
Netherlands NEN 7510
Netherlands · Government Regulation
Switzerland revFADP
Switzerland · Government Regulation
Norway NSM Basic Principles
Norway · Government Regulation
UK GDPR / DPA 2018
United Kingdom · Government Regulation
UK NCSC CAF
United Kingdom · Government Regulation
EU Cybersecurity Act
European Union · Government Regulation
EU eIDAS Regulation
European Union · Government Regulation
EU PSD2
European Union · Government Regulation
EU Digital Services Act
European Union · Government Regulation
EU Digital Markets Act
European Union · Government Regulation
EU Data Act
European Union · Government Regulation
BSI IT-Grundschutz
Germany · Government Regulation
Estonia EISA / ISKE
Estonia · Government Regulation
Poland KSC Act
Poland · Government Regulation

Asia-Pacific

Asia-Pacific28
Australia Essential Eight
Australia · Government Regulation
Australia Privacy Act
Australia · Government Regulation
Japan METI SBOM Guidelines
Japan · Government Regulation
India CERT-In
India · Government Regulation
India DPDP Act
India · Government Regulation
South Korea PIPA
South Korea · Government Regulation
Singapore Cybersecurity Act
Singapore · Government Regulation
New Zealand NZISM
New Zealand · Government Regulation
Thailand PDPA
Thailand · Government Regulation
China PIPL
China · Government Regulation
Vietnam Decree 13/2023
Vietnam · Government Regulation
Philippines Data Privacy Act
Philippines · Government Regulation
Malaysia PDPA
Malaysia · Government Regulation
Indonesia PDP Law
Indonesia · Government Regulation
Pakistan PDPB
Pakistan · Government Regulation
China Data Security Law
China · Government Regulation
China Cybersecurity Law
China · Government Regulation
China MLPS 2.0
China · Government Regulation
Japan APPI
Japan · Government Regulation
Japan ISMAP
Japan · Government Regulation
Korea ISMS-P
South Korea · Government Regulation
Hong Kong PDPO
Hong Kong · Government Regulation
Taiwan PDPA
Taiwan · Government Regulation
Singapore PDPA
Singapore · Government Regulation
MAS TRMG
Singapore · Government Regulation
Australia ACSC ISM
Australia · Government Regulation
Australia SOCI Act
Australia · Government Regulation
Macau PDPA
Macau · Government Regulation

Middle East & Africa

Middle East & Africa19
Saudi Arabia NCA ECC
Saudi Arabia · Government Regulation
Israel INCD
Israel · Government Regulation
UAE PDPL
United Arab Emirates · Government Regulation
UAE NESA IA Standards
United Arab Emirates · Government Regulation
Qatar PDPL
Qatar · Government Regulation
Bahrain PDPL
Bahrain · Government Regulation
Oman PDPL
Oman · Government Regulation
Egypt PDPL (Law 151/2020)
Egypt · Government Regulation
Turkey KVKK
Turkey · Government Regulation
South Africa POPIA
South Africa · Government Regulation
Nigeria NDPR / NDPA
Nigeria · Government Regulation
Kenya Data Protection Act 2019
Kenya · Government Regulation
Ghana Data Protection Act
Ghana · Government Regulation
Saudi PDPL
Saudi Arabia · Government Regulation
SAMA Cybersecurity Framework
Saudi Arabia · Government Regulation
Kuwait Cybersecurity Law
Kuwait · Government Regulation
Jordan PDP Law
Jordan · Government Regulation
Morocco Law 09-08
Morocco · Government Regulation
Lebanon Law 81
Lebanon · Government Regulation

International

International41
ISO/IEC 27001
International · Industry Standard
ISO/IEC 27017
International · Industry Standard
ISO/IEC 27018
International · Industry Standard
ISO/IEC 5962 (SPDX)
International · Industry Standard
ISO 22301
International · Industry Standard
ISO/IEC 20000
International · Industry Standard
ISO/IEC 42001
International · Industry Standard
Common Criteria (CC)
International · Industry Standard
PCI DSS v4.0
International · Industry Standard
PCI DSS 4.0 (Full)
International · Industry Standard
SWIFT CSCF
International · Industry Standard
IEC 62443
International · Industry Standard
IEC 62443-4-2
International · Industry Standard
UNECE WP.29
International · Industry Standard
ISO/IEC 21434
International · Industry Standard
OWASP Top 10
International · Industry Standard
OWASP SCVS
International · Industry Standard
OWASP CycloneDX BOM
International · Industry Standard
OWASP ASVS
International · Industry Standard
OWASP MASVS
International · Industry Standard
SLSA Supply Chain
International · Industry Standard
OpenChain ISO 5230
International · Industry Standard
OpenSSF Scorecard
International · Industry Standard
CIS Controls v8
International · Industry Standard
CSA STAR
International · Industry Standard
CSA Cloud Controls Matrix
International · Industry Standard
MITRE ATT&CK
International · Industry Standard
CycloneDX VEX
International · Industry Standard
ISO/IEC 29147
International · Industry Standard
O-TTPS / ISO 20243
International · Industry Standard
in-toto
International · Industry Standard
IEC 62304
International · Industry Standard
DO-326A
International · Industry Standard
GxP (GMP/GLP/GCP)
International · Industry Standard
ISO/IEC 27701
International · Industry Standard
ISO/IEC 27005
International · Industry Standard
ISO/IEC 27002:2022
International · Industry Standard
ISO/IEC 27035
International · Industry Standard
ISO/IEC 27032
International · Industry Standard
ISO 28000
International · Industry Standard
ISO 31000
International · Industry Standard

Internal

Internal11
Component Health
Internal · Internal Policy
CISA KEV Correlation
Internal · Internal Policy
Supply Chain Risk Score
Internal · Internal Policy
Dependency Age
Internal · Internal Policy
License Obligations
Internal · Internal Policy
VEX Readiness
Internal · Internal Policy
Duplicate Detection
Internal · Internal Policy
Crypto Algorithm Audit
Internal · Internal Policy
Provenance Chain
Internal · Internal Policy
Transitive Depth
Internal · Internal Policy
Typosquatting Detection
Internal · Internal Policy