Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process.

All Standards | Compliance

ISO 27001

What is ISO/IEC 27001? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard, which replaces the BS7799-2 standard, is internationally accepted as a…

PCI DSS

What is PCI DSS? The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute such…

SOC 2 Type II

What is SOC 2 Type II compliance? SOC 2 (System and Organization Controls 2) is an auditing process developed by the American Institute of CPAs (AICPA). Its primary initiative is…

FFIEC

What is the FFIEC? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal…

ESG

What is ESG? ESG compliance drives a company to operate with conscious regard towards the environment, social issues and the ideal way to govern their organization. It is also used…

Cyber Essentials (UK)

What is Cyber Essentials (UK)? Cyber Essentials is a government-backed scheme that was created to help organizations of all sizes protect themselves from a wide range of common cyber attacks.…

ISO 27002

What is ISO/IEC 27002? ISO/IEC 27002:2013, titled “Information technology — Security techniques — Code of practice for information security controls,” is an international standard, with organizational guidance for implementing information…

UAE IA

What is the UAE IA Regulation?  The UAE’s Telecommunications Regulatory Authority (TRA) released the Information Assurance (IA) Regulation V1.1 in March 2020, to establish minimum baseline parameters for safeguarding the…

ISO 22301

What is the ISO 22301 standard? ISO 22301 is an international standard for Business Continuity Management. It offers a step-by-step guide to establishing and maintaining an efficient business continuity management…

CMMC

What is the CMMC Standard? The CMMC certification methodology was developed by the Department of Defense (DoD) to guarantee that contractors have safeguards in place to secure sensitive data such…

HIPAA

What is HIPAA? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI).…

NIST 800-82

What is the NIST SP 800-82 framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that…

SOX

What is the Sarbanes-Oxley Act? Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install and…

NERC CIP

What is NERC CIP compliance? The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. This is…

NYDFS

What is the NYDFS Cybersecurity Regulation? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York Department…

NIST SP 800-171

What is NIST SP 800-171? The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department, responsible for conducting research and establishing standards across…

NIST SP 800-53

What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well…

ISA/IEC 62443

What is the ISA/IEC 62443 framework? The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) joined forces to develop the 62443 series. ISA/IEC 62443 is a non-regulatory…

PSD2

What is PSD2? The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. PSD2 is a European Union (EU) Directive, administered by…

FedRAMP

What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services security.…

GLBA

What is the GLBA Act? The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the protection…

Get our full list of supported standards and frameworks