Safeguard.sh Documentation Center

All Frameworks

The complete list of all 197 compliance frameworks Safeguard supports.

All Supported Frameworks

Safeguard supports 197 compliance frameworks across 6 regions. Every one is scored after each assessment with per-control drill-down.

Americas (70)

FrameworkJurisdictionType
NIST SSDFUnited StatesGovernment Regulation
NIST CSF 2.0United StatesGovernment Regulation
NIST SP 800-53United StatesGovernment Regulation
NIST SP 800-161United StatesGovernment Regulation
NIST SP 800-171United StatesGovernment Regulation
NIST SP 800-82United StatesGovernment Regulation
NIST SP 800-207United StatesGovernment Regulation
NIST CSF 2.0 (Full)United StatesGovernment Regulation
FISMAUnited StatesGovernment Regulation
FedRAMPUnited StatesGovernment Regulation
StateRAMPUnited StatesGovernment Regulation
CMMC 2.0United StatesGovernment Regulation
DFARS 252.204-7012United StatesGovernment Regulation
NDAA Section 889United StatesGovernment Regulation
HIPAA Security RuleUnited StatesGovernment Regulation
HIPAA / HITECHUnited StatesGovernment Regulation
HITRUST CSFUnited StatesGovernment Regulation
FDA Medical DeviceUnited StatesGovernment Regulation
SOC 2 Type IIUnited StatesGovernment Regulation
SOC 2 Type II (Extended)United StatesGovernment Regulation
SOX ITGCUnited StatesGovernment Regulation
FTC Safeguards RuleUnited StatesGovernment Regulation
FFIEC CATUnited StatesGovernment Regulation
CCPA / CPRAUnited StatesGovernment Regulation
FIPS 140-3United StatesGovernment Regulation
NIST AI RMFUnited StatesGovernment Regulation
NIST SP 800-218AUnited StatesGovernment Regulation
NERC CIPUnited StatesGovernment Regulation
Canada PIPEDACanadaGovernment Regulation
Brazil LGPDBrazilGovernment Regulation
Virginia CDPAUnited StatesGovernment Regulation
Colorado CPAUnited StatesGovernment Regulation
Connecticut CTDPAUnited StatesGovernment Regulation
Utah UCPAUnited StatesGovernment Regulation
Texas TDPSAUnited StatesGovernment Regulation
Oregon OCPAUnited StatesGovernment Regulation
Montana CDPAUnited StatesGovernment Regulation
Tennessee TIPAUnited StatesGovernment Regulation
Delaware PDPAUnited StatesGovernment Regulation
New Jersey CDPAUnited StatesGovernment Regulation
New Hampshire DPAUnited StatesGovernment Regulation
Maryland MODPAUnited StatesGovernment Regulation
Minnesota CDPAUnited StatesGovernment Regulation
Indiana CDPAUnited StatesGovernment Regulation
Iowa CDPAUnited StatesGovernment Regulation
Florida Digital Bill of RightsUnited StatesGovernment Regulation
Washington My Health My Data ActUnited StatesGovernment Regulation
FDA 21 CFR Part 11United StatesGovernment Regulation
TSA Pipeline Security DirectivesUnited StatesGovernment Regulation
Mexico LFPDPPPMexicoGovernment Regulation
Argentina PDPL (Law 25.326)ArgentinaGovernment Regulation
Chile Law 19.628ChileGovernment Regulation
Colombia Law 1581ColombiaGovernment Regulation
Peru Law 29733PeruGovernment Regulation
NIST Privacy FrameworkUnited StatesIndustry Standard
NY DFS 23 NYCRR 500United StatesGovernment Regulation
NY SHIELD ActUnited StatesGovernment Regulation
Massachusetts 201 CMR 17.00United StatesGovernment Regulation
Illinois BIPAUnited StatesGovernment Regulation
COPPAUnited StatesGovernment Regulation
FERPAUnited StatesGovernment Regulation
GLBAUnited StatesGovernment Regulation
FCRA / FACTAUnited StatesGovernment Regulation
NIST SP 800-37 RMFUnited StatesGovernment Regulation
NIST SP 800-66 r2United StatesGovernment Regulation
NIST SP 800-63United StatesGovernment Regulation
Quebec Law 25CanadaGovernment Regulation
Canada CPPACanadaGovernment Regulation
Uruguay Law 18.331UruguayGovernment Regulation
Jamaica DPAJamaicaGovernment Regulation

Europe (28)

FrameworkJurisdictionType
EU Cyber Resilience ActEuropean UnionGovernment Regulation
EU DORAEuropean UnionGovernment Regulation
EU NIS2 DirectiveEuropean UnionGovernment Regulation
GDPREuropean UnionGovernment Regulation
GDPR Article 25European UnionGovernment Regulation
EU AI ActEuropean UnionGovernment Regulation
ETSI EN 303 645European UnionGovernment Regulation
ENISA Good PracticesEuropean UnionGovernment Regulation
BSI TR-03183-2GermanyGovernment Regulation
TISAXGermanyGovernment Regulation
UK Cyber EssentialsUnited KingdomGovernment Regulation
France ANSSI RGSFranceGovernment Regulation
Italy ACN CybersecurityItalyGovernment Regulation
Spain ENS (RD 311/2022)SpainGovernment Regulation
Netherlands NEN 7510NetherlandsGovernment Regulation
Switzerland revFADPSwitzerlandGovernment Regulation
Norway NSM Basic PrinciplesNorwayGovernment Regulation
UK GDPR / DPA 2018United KingdomGovernment Regulation
UK NCSC CAFUnited KingdomGovernment Regulation
EU Cybersecurity ActEuropean UnionGovernment Regulation
EU eIDAS RegulationEuropean UnionGovernment Regulation
EU PSD2European UnionGovernment Regulation
EU Digital Services ActEuropean UnionGovernment Regulation
EU Digital Markets ActEuropean UnionGovernment Regulation
EU Data ActEuropean UnionGovernment Regulation
BSI IT-GrundschutzGermanyGovernment Regulation
Estonia EISA / ISKEEstoniaGovernment Regulation
Poland KSC ActPolandGovernment Regulation

Asia-Pacific (28)

FrameworkJurisdictionType
Australia Essential EightAustraliaGovernment Regulation
Australia Privacy ActAustraliaGovernment Regulation
Japan METI SBOM GuidelinesJapanGovernment Regulation
India CERT-InIndiaGovernment Regulation
India DPDP ActIndiaGovernment Regulation
South Korea PIPASouth KoreaGovernment Regulation
Singapore Cybersecurity ActSingaporeGovernment Regulation
New Zealand NZISMNew ZealandGovernment Regulation
Thailand PDPAThailandGovernment Regulation
China PIPLChinaGovernment Regulation
Vietnam Decree 13/2023VietnamGovernment Regulation
Philippines Data Privacy ActPhilippinesGovernment Regulation
Malaysia PDPAMalaysiaGovernment Regulation
Indonesia PDP LawIndonesiaGovernment Regulation
Pakistan PDPBPakistanGovernment Regulation
China Data Security LawChinaGovernment Regulation
China Cybersecurity LawChinaGovernment Regulation
China MLPS 2.0ChinaGovernment Regulation
Japan APPIJapanGovernment Regulation
Japan ISMAPJapanGovernment Regulation
Korea ISMS-PSouth KoreaGovernment Regulation
Hong Kong PDPOHong KongGovernment Regulation
Taiwan PDPATaiwanGovernment Regulation
Singapore PDPASingaporeGovernment Regulation
MAS TRMGSingaporeGovernment Regulation
Australia ACSC ISMAustraliaGovernment Regulation
Australia SOCI ActAustraliaGovernment Regulation
Macau PDPAMacauGovernment Regulation

Middle East & Africa (19)

FrameworkJurisdictionType
Saudi Arabia NCA ECCSaudi ArabiaGovernment Regulation
Israel INCDIsraelGovernment Regulation
UAE PDPLUnited Arab EmiratesGovernment Regulation
UAE NESA IA StandardsUnited Arab EmiratesGovernment Regulation
Qatar PDPLQatarGovernment Regulation
Bahrain PDPLBahrainGovernment Regulation
Oman PDPLOmanGovernment Regulation
Egypt PDPL (Law 151/2020)EgyptGovernment Regulation
Turkey KVKKTurkeyGovernment Regulation
South Africa POPIASouth AfricaGovernment Regulation
Nigeria NDPR / NDPANigeriaGovernment Regulation
Kenya Data Protection Act 2019KenyaGovernment Regulation
Ghana Data Protection ActGhanaGovernment Regulation
Saudi PDPLSaudi ArabiaGovernment Regulation
SAMA Cybersecurity FrameworkSaudi ArabiaGovernment Regulation
Kuwait Cybersecurity LawKuwaitGovernment Regulation
Jordan PDP LawJordanGovernment Regulation
Morocco Law 09-08MoroccoGovernment Regulation
Lebanon Law 81LebanonGovernment Regulation

International (41)

FrameworkJurisdictionType
ISO/IEC 27001InternationalIndustry Standard
ISO/IEC 27017InternationalIndustry Standard
ISO/IEC 27018InternationalIndustry Standard
ISO/IEC 5962 (SPDX)InternationalIndustry Standard
ISO 22301InternationalIndustry Standard
ISO/IEC 20000InternationalIndustry Standard
ISO/IEC 42001InternationalIndustry Standard
Common Criteria (CC)InternationalIndustry Standard
PCI DSS v4.0InternationalIndustry Standard
PCI DSS 4.0 (Full)InternationalIndustry Standard
SWIFT CSCFInternationalIndustry Standard
IEC 62443InternationalIndustry Standard
IEC 62443-4-2InternationalIndustry Standard
UNECE WP.29InternationalIndustry Standard
ISO/IEC 21434InternationalIndustry Standard
OWASP Top 10InternationalIndustry Standard
OWASP SCVSInternationalIndustry Standard
OWASP CycloneDX BOMInternationalIndustry Standard
OWASP ASVSInternationalIndustry Standard
OWASP MASVSInternationalIndustry Standard
SLSA Supply ChainInternationalIndustry Standard
OpenChain ISO 5230InternationalIndustry Standard
OpenSSF ScorecardInternationalIndustry Standard
CIS Controls v8InternationalIndustry Standard
CSA STARInternationalIndustry Standard
CSA Cloud Controls MatrixInternationalIndustry Standard
MITRE ATT&CKInternationalIndustry Standard
CycloneDX VEXInternationalIndustry Standard
ISO/IEC 29147InternationalIndustry Standard
O-TTPS / ISO 20243InternationalIndustry Standard
in-totoInternationalIndustry Standard
IEC 62304InternationalIndustry Standard
DO-326AInternationalIndustry Standard
GxP (GMP/GLP/GCP)InternationalIndustry Standard
ISO/IEC 27701InternationalIndustry Standard
ISO/IEC 27005InternationalIndustry Standard
ISO/IEC 27002:2022InternationalIndustry Standard
ISO/IEC 27035InternationalIndustry Standard
ISO/IEC 27032InternationalIndustry Standard
ISO 28000InternationalIndustry Standard
ISO 31000InternationalIndustry Standard

Internal (11)

FrameworkJurisdictionType
Component HealthInternalInternal Policy
CISA KEV CorrelationInternalInternal Policy
Supply Chain Risk ScoreInternalInternal Policy
Dependency AgeInternalInternal Policy
License ObligationsInternalInternal Policy
VEX ReadinessInternalInternal Policy
Duplicate DetectionInternalInternal Policy
Crypto Algorithm AuditInternalInternal Policy
Provenance ChainInternalInternal Policy
Transitive DepthInternalInternal Policy
Typosquatting DetectionInternalInternal Policy

Compliance

FedRAMP HIGH, IL7, EO 14028, and regulatory compliance

Abbreviations and Descriptions

Glossary of terms used in Safeguard.sh documentation

On this page

All Supported FrameworksAmericas (70)Europe (28)Asia-Pacific (28)Middle East & Africa (19)International (41)Internal (11)