16 security and privacy standards seeded and ready — mapped to a common NIST CSF 2.0 spine for cross-framework coverage.
Not on the list? Import any custom framework (YAML/CSV) and map it to the NIST CSF 2.0 spine — your controls, your structure, cross-mapped to every other standard.
| Standard | Region | Licence & attribution | Source |
|---|---|---|---|
| Certifiable | |||
ISO/IEC 27001 v2022 | International | Licence required for full text Identifiers via SCF crosswalk (CC BY-ND); ISO/IEC text © ISO/IEC | Official ↗ |
SOC 2 Trust Services Criteria v2017 (2022 rev.) | US / International | Licence required for full text Identifiers + paraphrased titles via SCF crosswalk; TSC text © AICPA | Official ↗ |
| Mandated | |||
NCSC Minimum Cyber Security Standards v2025 | New Zealand | Government open NZ Crown copyright — National Cyber Security Centre New Zealand | Official ↗ |
NZ Health Information Security Framework v2025 | New Zealand | Open (CC BY) CC BY 4.0 — © Te Whatu Ora – Health New Zealand (HISO 10029) | Official ↗ |
UK NCSC Cyber Essentials v2025 | United Kingdom | Government open (OGL v3.0) Open Government Licence v3.0 — © Crown copyright (UK NCSC) | Official ↗ |
UK NCSC Cyber Assessment Framework v4.0 | United Kingdom | Government open (OGL v3.0) Open Government Licence v3.0 — © Crown copyright (UK NCSC) | Official ↗ |
ACSC Essential Eight v2023 | Australia | Open (CC BY) CC BY 4.0 — © Commonwealth of Australia (ASD/ACSC) | Official ↗ |
BSI-Standard 200-1 (ISMS) v2017 | Germany / International | Free to read; no modified redistribution © Bundesamt für Sicherheit in der Informationstechnik (BSI) | Official ↗ |
| Self-assessed | |||
NIST Cybersecurity Framework v2.0 | US / International | Public domain Public domain (U.S. Government work) | Official ↗ |
CIS Controls v8.1 | International | Licence required for full text Identifiers + titles via SCF crosswalk (CC BY-ND); © Center for Internet Security | Official ↗ |
OWASP Top 10 v2025 | International | Open (CC BY-SA) CC BY-SA 4.0 — © the OWASP Foundation | Official ↗ |
SMB Minimum Baseline v1.0 | International (curated) | Public domain Curated by CISO360AI from NIST CSF 2.0 (public domain) | Official ↗ |
NIST Privacy Framework v1.0 | US / International | Public domain Public domain (U.S. Government work) | Official ↗ |
| Legal & regulatory | |||
New Zealand Privacy Act v2020 | New Zealand | Government open NZ Crown copyright (legislation, open use) | Official ↗ |
GDPR (General Data Protection Regulation) v2016 | EU | Government open EU institutional reuse (EUR-Lex); © European Union | Official ↗ |
HIPAA Security Rule v2013 | US | Public domain Public domain (45 CFR Part 164, U.S. Government work) | Official ↗ |
NIST CSF 2.0 is the cross-mapping spine every account runs. Where a body retains copyright (ISO/IEC, AICPA, CIS, BSI), we ship clause identifiers and titles via the Secure Controls Framework crosswalk; display verbatim text by layering your own licence through the custom-framework importer.