A couple months ago we announced that ControlMap had surpassed 50+ Cybersecurity Frameworks!
A summary of those frameworks which span the globe and several industries can be found here: ControlMap Frameworks
Over the last couple of months we have added several more including those released in May, 2024 which include:
DORA: EU Based Digital Operational Resilience Act
NIST AI: NIST’s Artificial Intelligence Cybersecurity Compliance Framework
NYDFS: New York Department of Finance NYCRR 500
As we continue to expand the list of Cybersecurity Compliance Frameworks this opens up several questions such as:
- Why so many Frameworks and how many are out there?
- Why does ControlMap launch and support the ones we do?
- What others are coming and how do I request one in the future?
- To address the first question: Why so many?
The main reason comes down to the intended audience of the framework and it’s support of a specific industry such as financial / healthcare / legal / government / tech etc.
Layer in the ever growing list of geographies, countries, states, provinces and their desires to protect citizen data + privacy + government + industry along with expanded risks and breaches making news daily and you have that global scenario we are in. That is an ever growing list best practices tailored toward each industry and aligned with corresponding geographies and their legal guidelines.
The good news is that despite this ever growing list, we continue to see parity in the same best practices across all of these frameworks which helps make mappings, cross-walks and jumpstarts that map one framework to another possible in a logical workflow build into ControlMap.
- On to the second question: Why support the ones we do?
There are a couple simple guiding principles we follow when launching a new framework:
- Is there real business demand and value?
- Demand is a real driver and if enough of you our partners request a framework that your clients need, we’ll load it!
- If the framework contains incentives that drive adoption such as NYDFS and DORA which include C Suite / Board level sign-off with deadlines and cybersecurity objectives we’ll be sure to take notice!
- Is the framework cybersecurity focused?
- There are a lot of frameworks that focus on legal and privacy and though we support some of those our primary focus is mitigating cybersecurity risk and helping our partners meet cybersecurity compliance objectives.
- What is coming and how do I request one when I need it?
Though we cannot predict exactly what new frameworks will come out beyond the next 6 months or so, we will continue to update the ones we support as long as they are useful and keep close tabs on standards organizations that produce globally recognized frameworks such as NIST / ISO / CIS and others.
If you are looking to request a framework and or see which ones others have requested you came to the right place! Check out the “Product Ideas” section in our Community above and search for the framework you are interested in or put in a request for a new enhancement!
