Compliance | Centraleyes

Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process.

Secure Controls Framework (SCF)

May 30, 2022

FFIEC

June 14, 2021

PCI DSS

June 14, 2021

GDPR

June 14, 2021

SOC 2 Type II

June 14, 2021

NY SHIELD Act

June 14, 2021

OWASP ASVS

June 14, 2021

ISO 27001

June 14, 2021

CIS Controls

June 14, 2021

ISO 27701

June 14, 2021

NIST CSF

May 18, 2021

MOVEit Transfer Vulnerability Going Wild

June 8, 2023

How ISO Standards Address Third-party Risk Management

How ISO Standards Address Third-party Risk Management

June 8, 2023

Cyber Leaders of the World: Timothy Spear, Co-Founder and CTO of Whonome

June 5, 2023

All Standards | Compliance

HITECH Act

What is the HITECH Act? The Health Information Technology for Economic and Clinical Health (HITECH) Act is a U.S. federal law that was enacted in 2009 as part of the…

What is the CPRA Act?

The California Privacy Rights Act (CPRA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents’ personal information (PI). The CPRA went…

IRS publication 1345

What is IRS p1345? The IRS publishes guidance documents in relation to taxes. This handbook is for Authorized IRS e-file Providers of Individual Income Tax Returns, and provides rules and…

ESG

What is ESG? ESG compliance drives a company to operate with conscious regard towards the environment, social issues and the ideal way to govern their organization. It is also used…

Cyber Essentials (UK)

What is Cyber Essentials (UK)? Cyber Essentials is a government-backed scheme that was created to help organizations of all sizes protect themselves from a wide range of common cyber attacks.…

ISO 27002

What is ISO/IEC 27002? ISO/IEC 27002 is part of the ISO 27000 family of standards that were created to keep companies and organizations safe. ISO 27002 provides organizational guidance on…

UAE IA

What is the UAE IA Regulation? The UAE’s Telecommunications Regulatory Authority (TRA) released the Information Assurance (IA) Regulation V1.1 in March 2020, to establish minimum baseline parameters for safeguarding the…

ISO 22301

What is the ISO 22301 standard? ISO 22301 is an international standard for Business Continuity Management. It offers a step-by-step guide to establishing and maintaining an efficient business continuity management…

CMMC

What is the CMMC Standard? The CMMC certification methodology was developed by the Department of Defense (DoD) to guarantee that contractors have safeguards in place to secure sensitive data such…

FFIEC

What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the…

HIPAA

What is HIPAA? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI).…

NIST 800-82

What is the NIST SP 800-82 framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that…

PCI DSS

What is PCI DSS? The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute such…

SOX

What is the Sarbanes-Oxley Act? Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install and…

NERC CIP

What is NERC CIP compliance? The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. This is…

NYDFS

What is the NYDFS Cybersecurity Regulation? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York Department…

SOC 2 Type II

What is SOC 2 Type II compliance? SOC 2 (System and Organization Controls 2) is an auditing process developed by the American Institute of CPAs (AICPA). Its primary initiative is…

NIST SP 800-171

What is NIST SP 800-171? The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department, responsible for conducting research and establishing standards across…

NIST SP 800-53

What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well…

ISA/IEC 62443

What is the ISA/IEC 62443 framework? The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) joined forces to develop the 62443 series. ISA/IEC 62443 is a non-regulatory…

PSD2

What is PSD2? The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. PSD2 is a European Union (EU) Directive, administered by…

FedRAMP

What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services security.…

ISO 27001

What is ISO/IEC 27001? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard is internationally accepted as a specification for an Information Security…

GLBA

What is the GLBA Act? The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the protection…