Authority Documents

35+ frameworks, regulations & standards.
One platform.

Pre-mapped controls, assessment templates, and continuous updates across the authority documents your governance, risk, and compliance teams actually use — globally, regionally, and by industry.

15
Frameworks
7
Regulations
13
Standards
35+
Total Coverage
Global United States European Union Middle East & Africa India
15
Frameworks

Frameworks

Voluntary, prescriptive structures for managing security, risk, and governance — adopted by choice or by mandate. Includes NIST CSF, ISO/IEC frameworks, sector-specific (HITRUST, SWIFT), and regional (RBI, SAMA).

View all frameworks →
7
Regulations

Regulations

Legally binding requirements enforced by government or regulators — privacy laws (GDPR, CCPA, DPDPA), sector-specific rules (HIPAA, NYDFS), and emerging AI legislation (EU AI Act, DORA).

View all regulations →
13
Standards

Standards

Internationally recognised certifiable standards — ISO/IEC family (27001, 27701, 31000, 42001), PCI DSS for payments, and regional standards (ADHICS, Dubai ISR, Qatar NIA, TISAX, UAE IAS).

View all standards →
Frameworks · 15

Frameworks

Voluntary and mandated frameworks for cybersecurity, IT governance, and risk management — across global, US, and regional contexts.

CIS Controls v8.1

Global

Center for Internet Security's prescriptive 18 critical security controls and 153 safeguards — a defensible cyber-defense baseline.

CMMC 2.0

US

US Department of Defense cybersecurity maturity certification required for the defense industrial base.

COBIT 2019

Global

ISACA's enterprise IT governance and management framework with 40 processes and clear performance metrics.

CSA CCM v4

Global

Cloud Security Alliance Cloud Controls Matrix — 197 control objectives across 17 cloud security domains.

FedRAMP

US

US federal authorisation for cloud services serving government agencies, with Low / Moderate / High baselines.

FFIEC

US

Federal Financial Institutions Examination Council IT examination guidance for US banks and credit unions.

HITRUST CSF v11.6.0

US

Certifiable framework combining HIPAA, NIST, ISO, and other authoritative sources — popular in healthcare and tech.

NIST AI RMF

US

Voluntary framework for managing AI risk across Govern, Map, Measure, and Manage functions.

NIST CSF 2.0

Global

Updated NIST Cybersecurity Framework with a new Govern function alongside Identify, Protect, Detect, Respond, and Recover.

NIST Privacy Framework

US

Voluntary privacy risk management framework, structured to align with NIST CSF for joint cyber-privacy programmes.

NIST SP 800-53

US

Comprehensive catalog of security and privacy controls for US federal systems, with control families and baselines.

RBI Cyber Security Framework

India

Reserve Bank of India mandatory cyber framework for banks, NBFCs, and payment system operators.

SAMA CSF v1.0

MEA

Saudi Central Bank cyber framework for member financial institutions, with structured maturity assessment.

SOC 2

US

AICPA Trust Services Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SWIFT CSCF 2026

Global

SWIFT Customer Security Controls Framework — mandatory for participants in the SWIFT financial messaging network.

Regulations · 7

Regulations

Legally binding requirements enforced by government or regulators — privacy laws, sector-specific rules, and emerging AI legislation.

CCPA

US

California Consumer Privacy Act granting California residents rights over their personal data.

DORA

EU

Digital Operational Resilience Act for EU financial services — ICT risk management, third-party oversight, and incident reporting.

DPDPA

India

India's Digital Personal Data Protection Act — comprehensive privacy law for data fiduciaries handling personal data.

EU AI Act

EU

The world's first comprehensive AI regulation — classifies AI systems by risk tier with conformity assessment requirements.

GDPR

EU

General Data Protection Regulation — governs personal data of EU residents with extraterritorial reach.

HIPAA

US

US Health Insurance Portability and Accountability Act — Privacy, Security, and Breach Notification rules for PHI.

NYDFS

US

New York Department of Financial Services Part 500 cybersecurity rule for covered financial entities.

Standards · 13

Standards

International certifiable standards — ISO/IEC family, payment industry, and regional standards across MEA, EU, and beyond.

ADHICS v2

MEA

Abu Dhabi Healthcare Information & Cyber Security Standard for the Abu Dhabi health sector ecosystem.

Dubai ISR

MEA

Dubai Government Information Security Regulation — applies to Dubai government entities and their contractors.

ISO 22301:2019

Global

Business Continuity Management Systems requirements — certifiable structure for organisational resilience.

ISO 27001:2015

Global

Earlier ISMS standard maintained for organisations in the transition window toward the 2022 revision.

ISO 27001:2022 Clauses

Global

Current Information Security Management System standard with restructured Annex A and updated control set.

ISO 27018:2019

Global

Code of practice for protection of personally identifiable information in public clouds acting as PII processors.

ISO 27701:2019

Global

Privacy Information Management System extension to ISO 27001 — the certifiable PIMS standard.

ISO 31000:2018

Global

Risk management principles and guidelines applicable across all enterprise risk domains.

ISO 42001:2023

Global

AI Management System standard — the first international management system standard for artificial intelligence.

PCI DSS v4.0.1

Global

Payment Card Industry Data Security Standard for entities storing, processing, or transmitting cardholder data.

Qatar NIA

MEA

Qatar National Information Assurance framework for government and critical infrastructure entities.

TISAX

EU

Trusted Information Security Assessment Exchange — the standard for the European automotive industry.

UAE IAS v2

MEA

UAE Information Assurance Standards for federal entities and critical national infrastructure operators.

How ClearGRC Supports Each Document

It's not just a checklist. It's the work that gets you compliant.

Every authority document above comes with pre-mapped controls, ready-to-run assessment templates, and AI-powered gap analysis — so your team starts ahead, not from scratch.

Pre-mapped controls

Every framework arrives with its controls pre-loaded and cross-mapped to ClearGRC's unified control library.

Assessment templates

Ready-to-run assessment templates for Readiness, Self, Gap, Entitlement, and Third-Party assessments.

Evidence repository

Versioned evidence linked to the controls it actually supports — across every framework you operate against.

AI gap analysis

AI identifies control gaps and probable risks from your assessments — backed by evidence, reviewable by humans.

Custom Framework Support

Don't see your framework? We'll map it.

Internal frameworks, sector-specific standards, regional regulations, customer-required schemas — if it has controls, ClearGRC can structure it.

  • Map any authority document — internal, regional, or sector-specific — into ClearGRC's structure.
  • Reuse the same controls across multiple frameworks — assess once, comply many.
  • Stay current as standards evolve — framework updates rolled out as they're published.
  • Build your own customer-specific schema for vendor or partner assessments.
Talk to us about your framework
01.Your internal cyber standardCustom
02.Customer security questionnaireCustom
03.Regional regulator schemaCustom
04.Industry consortium frameworkCustom
05.Sector-specific obligationsCustom

See how ClearGRC supports your framework.

Walk through how pre-mapped controls, assessment templates, and AI gap analysis work for the authority documents your team operates against — global or regional.

Request Demo