Deploy over 850 out-of-the-box, SCF-supplied controls that are rationalized and baselined against 150+ global regulations, frameworks, and standards. Workflow to help manage updates and changes to the controls directly within SureCloud.
Control Library
Simplify your compliance efforts with industry best practices
Discover the control frameworks available within SureCloud’s control library
SureCloud’s best-of-breed Compliance Management Software allows your team to take advantage of built-in control content and provides the ability to import any control framework (including your own).
The built-in SureCloud control library comes with the following regulations and frameworks as standard:
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and assist prospective cloud customers in assessing the overall security risk of a cloud provider.
ISO 27002 Information technology — Security techniques — Code of practice for information security controls.
ISO 27017 Information technology — Security techniques — Code of practice for information security controls. This standard outlines the guidance and implementation of the cloud-specific security controls.
ISO 27018 Information technology — Security techniques — Code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.
PCI DSS is the global data security standard that any business of any size must adhere to accept payment cards. It offers common-sense steps that mirror security best practices.
The ISF Standard of Good Practice for Information Security provides a business-orientated focus on current and emerging information security issues and helps organizations develop a practical framework for information security policies, standards, and procedures.
NIST Cybersecurity Framework (CSF) is U.S. Government guidance for private sector businesses that own, operate, or supply critical infrastructure. NIST CSF provides a base level of cybersecurity processes and essential controls.
NIST 800-53 is U.S. Government guidance for all U.S. federal information systems except those related to national security. NIST 800-53 provides security and privacy controls.
NIST 800-171 is U.S. Government guidance for protecting Controlled Unclassified Information.
NIST Privacy Framework is U.S. Government guidance to help organizations identify and manage privacy risks to build innovative products and services while protecting individuals’ privacy.
The Health Insurance Portability and Accountability Act (HIPAA) establishes the standard for managing sensitive patient data protection. Organizations that manage protected health information (PHI) need security measures and evidence they are followed to display they are HIPAA Compliance.
ISO 27001 Information security management system is a standard used for creating a framework for managing risks related to the security of information you hold.
CMMC is the Cybersecurity Maturity Model Certification for the US Department of Defense (DoD) this framework outlines the required cybersecurity standards for contractors.