Framework Mappings

OSA controls are mapped to major compliance and governance frameworks. Select a framework to see which controls apply, or start from a control to see its framework coverage.

Management System 31 controls

ISO 27001:2022

Information security management systems standard. Specifies requirements for establishing, implementing, maintaining and continually improving an ISMS.

ISO/IEC · 2022
Controls Guidance 118 controls

ISO 27002:2022

Code of practice for information security controls. Provides guidance on organizational security standards and information security management practices.

ISO/IEC · 2022
Governance 61 controls

COBIT 2019

Framework for IT governance and management. Helps organizations develop, implement, and improve IT governance and management practices.

ISACA · 2019
Security Controls 73 controls

CIS Controls v8

Prioritized set of actions to protect organizations and data from known cyber attack vectors. Developed by a global community of IT experts.

Center for Internet Security · 8
Risk Framework 88 controls

NIST CSF 2.0

Voluntary guidance for managing and reducing cybersecurity risk. Organized around five core functions: Identify, Protect, Detect, Respond, Recover.

NIST · 2.0
Audit Framework 122 controls

SOC 2 TSC

Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. Used for SOC 2 attestation engagements.

AICPA · 2017

Coverage Summary

Our 191 NIST 800-53 Rev 5 controls include mappings to these frameworks, enabling you to trace security requirements across standards and simplify compliance efforts.

31
ISO 27001:2022
118
ISO 27002:2022
61
COBIT 2019
73
CIS Controls v8
88
NIST CSF 2.0
122
SOC 2 TSC