Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process.

All Standards |Compliance

DOD CMMC

What is the DOD CMMC Standard? The Department of Defense (DoD) created the DOD CMMC certification protocol to ensure that contractors have the safeguards in place to protect confidential data such as Federal Contract Information and Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC), which replaces the self-attestation…

FFIEC

What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal government’s audits of financial institutions. It makes proposals to keep financial institutions governed uniformly at the federal level.…

HIPAA

What is HIPAA compliance? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI). The Department of Health and Human Services (HHS) controls HIPAA compliance, which is implemented by the Office for Civil…

NIST 800-82

What is the NIST SP 800-82 Framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and…

PCI DDS

What is the PCI DSS compliance? The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute such info must follow the PCI DSS international standard. American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and…

SOX

What is the Sarbanes-Oxley Act? Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install and report internal accounting controls to the SEC (Securities and Exchange Commission). All applicable businesses must set up a financial accounting…

NERC CIP

What is NERC CIP compliance? The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. This is accomplished through the ongoing development of a set of regulatory standards, as well as education, training, and certification for the…

NYDFS

What is the NYDFS Cybersecurity Regulation? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York Department of Financial Services that imposes cybersecurity demands on all financial firms. The initiative behind the regulation is to protect the…

SOC 2 Type 2

What is the SOC 2 Type 2 compliance? SOC 2 (System and Organization Controls 2) is an auditing process developed by the American Institute of CPAs (AICPA). Its primary initiative is to improve secure data management in organizations in order to gain privacy and security at both the business and…

NIST SP 800-171

What is NIST SP 800-171? The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department, responsible for conducting research and establishing standards across all federal agencies. One of NIST’s roles is to create Special Publication 800-series which encompasses its research, guidelines, and outreach…

NIST SP 800-53

What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well as to ensure the security of citizens’ private data. It applies to any federal organization (except national security agencies) and,…

ISA_IEC 62443

What is the ISA/IEC 62443 framework? The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) joined forces to develop the 62443 series. ISA/IEC 62443 is a non-regulatory compliance series that addresses the cybersecurity risks of Industrial Automation and Control Systems (IACS) throughout their lifecycle. These requirements were…

NY SHIELD Act

What is the NY SHIELD Regulation? On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) came into force. This act establishes protections of customer data to ensure the integrity, confidentiality and the security of private information held by…

PSD2

What is PSD2? The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. PSD2 is a European Union (EU) Directive, administered by the European Commission to regulate payment services and payment service providers throughout the EU and the European Economic Area (EEA).…

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services security. FedRAMP empowers the federal government to smoothly adopt cloud computing by producing consistent standards and processes for security authorizations and allowing agencies to…

ISO 27001

What is the ISO/IEC Standard? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard, which replaces the BS7799-2 standard, is internationally accepted as a specification for an Information Security Management System (ISMS). It is one of the most widely used information security principles…

GLBA

What is the GLBA Act? The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the protection of personally identifiable financial information relating to individuals. The GBLA is overseen by the Federal Trade Commission (FTC). The GLBA…