Most people don’t realize that security frameworks have plenty of controls in common. Businesses spend a needless amount of time and money duplicating security process in order to comply with each framework. In the attached document from Tugboat Logic, you’ll see where different security frameworks overlap. That way, you can build a sophisticated compliance program for less by collecting evidence once, and applying it to many frameworks.
Download pdf
Legend:
SOC 2: Service Organization Control 2
ISO 27001: International Organization for Standardization 27001
HIPAA: Health Insurance Portability and Accountability Act
GDPR: General Data Protection Regulation
TBL ESSENTIALS: Tugboat Logic Essentials
NIST CSF: The National Institute of Standards and Technology’s Cybersecurity Framework
CCPA: California Consumer Privacy Act
PCI DSS: Payment Card Industry Data Security Standard
CMMC: Cybersecurity Maturity Model Certification
ITGC: Information Technology General Controls
FFIEC: Federal Financial Institutions Examination Council’s Maturity Assessment
NIST 800-171: The National Institute of Standards and Technology Special Publication 800-171
MICROSOFT SSPA: Microsoft Supplier Security and Privacy Assurance
Jointly published on 25 February 2020 by the National Association of Corporate Directors (NACD) and Internet Security Alliance (ISA).
Version 1.0, published 12 August 2019.