Supported versions

A list of Regulations and Industry Standards and their supported versions.

Regulatory Compliance reports

The following Regulatory Compliance reports can be generated.
Regulation Supported Version
[AUS] APRA PPG 234 - Management of Security Risk in Information and Information technology January 2012
[CANADA] PIPED Act January 2014
[CANADA] Freedom of Information and Protection of Privacy Act (FIPPA) September 2012
[CANADA] Management of Information Security Technology (MITS) September 2012
[EU] European Directive 1995/46/EC January 2012
[EU] European Directive 2002/58/EC March 2012
[EU] Regulation 2016/679 of the European Parliament and of the Council (GDPR) April 2016
[EU] Digital Operational Resilience Act (DORA) January 2023
[JAPAN] Japan's Personal Information Protection Act (JPIPA) January 2012
[UK] Data Protection Act December 2014
[US] California Assembly Bill No. 1950 and Senate Bill 1386 March 2012
[US] Children Online Privacy Protection Act (COPPA) December 2014
[US] DCID 6/3 Availability Basic January 2011
[US] DCID 6/3 Availability High January 2011
[US] DCID 6/3 Availability Medium January 2011
[US] DCID 6/3 Confidentiality Reqs Protection Level 1 January 2011
[US] DCID 6/3 Confidentiality Reqs Protection Level 2 January 2011
[US] DCID 6/3 Confidentiality Reqs Protection Level 3 January 2011
[US] DCID 6/3 Confidentiality Reqs Protection Level 4 January 2011
[US] DCID 6/3 Confidentiality Reqs Protection Level 5 January 2011
[US] DCID 6/3 Integrity Basic January 2011
[US] DCID 6/3 Integrity High January 2011
[US] DCID 6/3 Integrity Medium January 2011
[US] DCID 6/3 Securing Advanced Technology IS January 2011
[US] Electronic Funds and Transfer Act (EFTA) December 2013
[US] Federal Financial Institutions Examination Council (FFIEC), Information Security handbook February 2013
[US] Federal Information Security Modernization Act (FISMA) December 2014
[US] The Federal Risk and Authorization Management Program (FedRAMP) Revision 5.0
[US] Financial Services (GLBA) January 2013
[US] Healthcare Services (HIPAA) December 2014
[US] NERC Cyber Security Standards September 2014
[US] Privacy Act of 1974 January 2011
[US] Safe Harbor November 2012
[US] Sarbanes-Oxley Act (SOX) January 2013
[US] Title 21 Code of Federal Regulations November 2011
[US] Family Educational Rights and Privacy Act (FERPA) January 2013
[US] DISA's Application Security and Development STIG V6 Release 1
[US] DoD Instruction 8500.1 - Cybersecurity September 2014
[US] DoD Instruction 8550.01 - Internet Services and Internet Based Capabilities September 2014
[US] Massachusetts 201 CMR 17.00 January 2011
[SA] Protection of Personal Information Act (PoPIA) November 2013
Basel II October 2012
Payment Application Data Security Standard 3.0
The Payment Card Industry Data Security Standard (PCI DSS) 4.0
Network and Information Security Directive (NIS2) December 2022

Industry Standard reports

The following Industry Standard reports can be generated.
Industry Standard Version
OWASP Top 10 2021
OWASP API Security Top 10 2023
OWASP Cloud-Native Application Security Top 10 April 2022
OWASP Application Security Verification Standard V4.0.3
WASC Threat Classification 2.0
NERC CIPC Electricity Sector Security Guidelines September 2013
International Standard - ISO 27002 January 2013
International Standard - ISO 27001 January 2013
NIST Special Publication 800-53 Revision 4
CWE Top 25 Most Dangerous Software Weaknesses 2023