Supported versions
A list of Regulations and Industry Standards and their supported versions.
Regulatory Compliance reports
The following Regulatory Compliance reports can be generated.
Regulation | Supported Version |
---|---|
[AUS] APRA PPG 234 - Management of Security Risk in Information and Information technology | January 2012 |
[CANADA] PIPED Act | January 2014 |
[CANADA] Freedom of Information and Protection of Privacy Act (FIPPA) | September 2012 |
[CANADA] Management of Information Security Technology (MITS) | September 2012 |
[EU] European Directive 1995/46/EC | January 2012 |
[EU] European Directive 2002/58/EC | March 2012 |
[EU] Regulation 2016/679 of the European Parliament and of the Council (GDPR) | April 2016 |
[EU] Digital Operational Resilience Act (DORA) | January 2023 |
[JAPAN] Japan's Personal Information Protection Act (JPIPA) | January 2012 |
[UK] Data Protection Act | December 2014 |
[US] California Assembly Bill No. 1950 and Senate Bill 1386 | March 2012 |
[US] Children Online Privacy Protection Act (COPPA) | December 2014 |
[US] DCID 6/3 Availability Basic | January 2011 |
[US] DCID 6/3 Availability High | January 2011 |
[US] DCID 6/3 Availability Medium | January 2011 |
[US] DCID 6/3 Confidentiality Reqs Protection Level 1 | January 2011 |
[US] DCID 6/3 Confidentiality Reqs Protection Level 2 | January 2011 |
[US] DCID 6/3 Confidentiality Reqs Protection Level 3 | January 2011 |
[US] DCID 6/3 Confidentiality Reqs Protection Level 4 | January 2011 |
[US] DCID 6/3 Confidentiality Reqs Protection Level 5 | January 2011 |
[US] DCID 6/3 Integrity Basic | January 2011 |
[US] DCID 6/3 Integrity High | January 2011 |
[US] DCID 6/3 Integrity Medium | January 2011 |
[US] DCID 6/3 Securing Advanced Technology IS | January 2011 |
[US] Electronic Funds and Transfer Act (EFTA) | December 2013 |
[US] Federal Financial Institutions Examination Council (FFIEC), Information Security handbook | February 2013 |
[US] Federal Information Security Modernization Act (FISMA) | December 2014 |
[US] The Federal Risk and Authorization Management Program (FedRAMP) | Revision 5.0 |
[US] Financial Services (GLBA) | January 2013 |
[US] Healthcare Services (HIPAA) | December 2014 |
[US] NERC Cyber Security Standards | September 2014 |
[US] Privacy Act of 1974 | January 2011 |
[US] Safe Harbor | November 2012 |
[US] Sarbanes-Oxley Act (SOX) | January 2013 |
[US] Title 21 Code of Federal Regulations | November 2011 |
[US] Family Educational Rights and Privacy Act (FERPA) | January 2013 |
[US] DISA's Application Security and Development STIG | V6 Release 1 |
[US] DoD Instruction 8500.1 - Cybersecurity | September 2014 |
[US] DoD Instruction 8550.01 - Internet Services and Internet Based Capabilities | September 2014 |
[US] Massachusetts 201 CMR 17.00 | January 2011 |
[SA] Protection of Personal Information Act (PoPIA) | November 2013 |
Basel II | October 2012 |
Payment Application Data Security Standard | 3.0 |
The Payment Card Industry Data Security Standard (PCI DSS) | 4.0 |
Network and Information Security Directive (NIS2) | December 2022 |
Industry Standard reports
The following Industry Standard reports can be generated.
Industry Standard | Version |
---|---|
OWASP Top 10 | 2021 |
OWASP API Security Top 10 | 2023 |
OWASP Cloud-Native Application Security Top 10 | April 2022 |
OWASP Application Security Verification Standard | V4.0.3 |
WASC Threat Classification | 2.0 |
NERC CIPC Electricity Sector Security Guidelines | September 2013 |
International Standard - ISO 27002 | January 2013 |
International Standard - ISO 27001 | January 2013 |
NIST Special Publication 800-53 | Revision 4 |
CWE Top 25 Most Dangerous Software Weaknesses | 2023 |