Every framework your auditor will ask about.

Service Organization Control 2 — trust services criteria for security, availability, processing integrity, confidentiality, and privacy

Center for Internet Security Benchmark for Google Cloud Platform

Center for Internet Security Benchmark for Microsoft Azure

Center for Internet Security Benchmark for Amazon Web Services

International standard for information security management systems

Payment Card Industry Data Security Standard

NIST Cybersecurity Framework version 2.0

Cloud Security Alliance Cloud Controls Matrix

HITRUST Common Security Framework

Health Insurance Portability and Accountability Act

Security and Privacy Controls for Information Systems and Organizations

California Consumer Privacy Act / California Privacy Rights Act

Personal Health Information Protection Act (Ontario)

Sarbanes-Oxley Act IT general controls

Federal Risk and Authorization Management Program

Cybersecurity Maturity Model Certification

Criminal Justice Information Services Security Policy

Federal Information Security Modernization Act

North American Electric Reliability Corporation Critical Infrastructure Protection

Texas Risk and Authorization Management Program

State Risk and Authorization Management Program

Gramm-Leach-Bliley Act safeguards rule

Family Educational Rights and Privacy Act

International Traffic in Arms Regulations

General Data Protection Regulation

Network and Information Security Directive 2

Digital Operational Resilience Act

Cloud Computing Compliance Criteria Catalogue

Esquema Nacional de Seguridad — Spanish national security framework

Information Security Registered Assessors Program

Korea Information Security Management System — Personal Information

Multi-Tier Cloud Security Standard Singapore

Outsourced Service Provider's Audit Report — Singapore financial sector

Information System Security Management and Assessment Program — Japan

National Cybersecurity Authority Essential Cybersecurity Controls

National Cybersecurity Authority Data Cybersecurity Controls

National Cybersecurity Authority Telecommunications and IT Controls

National Cybersecurity Authority Cloud Security Controls

National Cybersecurity Authority Operational and Social Media Access Controls

National Cybersecurity Authority Cybersecurity Guidelines for IoT

National Cybersecurity Authority Operational Technology Cybersecurity Controls

National Cybersecurity Authority Telework Cybersecurity Controls

Saudi Arabian Monetary Authority Cyber Security Framework

UAE Information Assurance Standards

National Cybersecurity Authority Critical Systems Cybersecurity Controls

Dubai Electronic Security Center Cloud Service Provider Security Standard

Central Bank of Bahrain Cloud Computing Directive

Central Bank of Kuwait Cybersecurity and Operational Resilience Framework

Qatar National Information Assurance Policy

Kuwait Communications and Information Technology Regulatory Authority

Ministry of Transport, Communications and IT Oman — cybersecurity framework

Lei Geral de Proteção de Dados — Brazilian general data protection law

Protection of Personal Information Act — South Africa