Compliance Frameworks

35+ built-in frameworks, ready on day one.

Pre-built control libraries, gap assessments, and evidence requirements for every major compliance framework. Start assessments immediately — no configuration required.

Browse by category

Frameworks for every obligation.

Whether you're managing ISO 27001 for an enterprise or HIPAA for a healthcare provider, ClearGRC has a pre-built, auditor-reviewed framework ready to go.

Information Security
ISO 27001 · SOC 2 · CIS Controls
Data Privacy
GDPR · CCPA · ISO 27701
Financial Services
PCI-DSS · SOX · RBI · SEBI
Healthcare
HIPAA · HITECH · 21 CFR Part 11
Cloud Security
CSA CCM · FedRAMP · CIS Benchmarks
Risk Management
ISO 31000 · COSO ERM · NIST RMF
Government
FISMA · NIST 800-53 · FedRAMP
Supply Chain
ISO 28000 · NIST SP 800-161 · IEC 62443
Featured Frameworks

The most-used frameworks, ready to deploy.

Every control library is auditor-reviewed, kept current with the latest standard revision, and mapped to every other framework in the library.

ISO/IEC 27001:2022

International standard for information security management. 93 controls across 4 themes, pre-mapped and ready for certification audit.

SOC 2 Type II

AICPA Trust Services Criteria covering Security, Availability, Confidentiality, Processing Integrity, and Privacy principles.

NIST CSF 2.0

NIST Cybersecurity Framework with all six functions — Govern, Identify, Protect, Detect, Respond, Recover — fully mapped.

GDPR

Full EU General Data Protection Regulation compliance framework. Article-level control mapping with DSAR workflow integration.

HIPAA

Health Insurance Portability and Accountability Act. Administrative, Physical, and Technical safeguard controls pre-built.

PCI-DSS v4.0

Payment Card Industry Data Security Standard. All 12 requirements with sub-controls, testing procedures, and evidence templates.

ISO/IEC 27701

Privacy Information Management System extension to ISO 27001. Maps to GDPR requirements for a unified privacy-security programme.

NIST SP 800-53

Security and privacy controls for federal information systems. 20 control families with overlay support for FedRAMP and FISMA.

RBI Cybersecurity Framework

Reserve Bank of India's cybersecurity guidelines for regulated entities. Complete control mapping with RBI reporting templates.

More Frameworks

And many more — including custom builds.

ClearGRC's cross-framework mapping engine automatically identifies when a single control satisfies requirements across multiple frameworks — implement once, comply everywhere.

ISO 31000:2018

International risk management standard. Principles, framework, and process for enterprise risk management programmes.

CIS Controls v8

Center for Internet Security critical security controls. 18 control groups with implementation groups (IG1, IG2, IG3) pre-configured.

Custom Frameworks

Build any internal or bespoke framework using the drag-and-drop control builder. Import from CSV or map to existing frameworks.

Smart Mapping

One control. Multiple frameworks.

Pre-built cross-mapping for 30+ framework pairs — eliminate duplicate controls and assessment effort. One upload to the evidence library satisfies all frameworks simultaneously.

Pre-built cross-mapping

30+ framework pairs already mapped — so a control you implement for ISO 27001 is automatically credited against SOC 2, NIST CSF, and PCI-DSS simultaneously.

Unified evidence library

Upload evidence once and it satisfies all mapped frameworks automatically. No re-uploading, no duplication, no manual re-tagging across assessments.

Full control visibility

See at a glance which frameworks each control satisfies. Instantly understand your coverage gaps and where a single implementation would close multiple obligations.

Start your first framework assessment.

Request a demo and we'll show you exactly how ClearGRC handles your specific framework obligations — in 30 minutes.