Risk & Compliance Engine
Framework Mapping Overview
How TrustCyber automatically maps security findings to compliance frameworks.
TrustCyber's compliance engine automatically maps every security finding to the relevant controls across multiple compliance frameworks. This eliminates the manual effort of cross-referencing findings with framework requirements and provides instant visibility into your compliance posture.
Supported Frameworks
| Framework | Version | Control Count | Use Case |
|---|---|---|---|
| NIST CSF | 2.0 | 108 subcategories | General cybersecurity risk management |
| CIS Controls | v8 | 153 safeguards | Prioritized security best practices |
| ISO 27001 | 2022 | 93 controls | International security management standard |
| SOC 2 | 2017 Trust Services Criteria | 64 criteria | Service organization security reporting |
| GDPR | 2018 | 99 articles mapped | EU data protection and privacy |
| NIS 2 | 2022 | 21 measures | EU critical infrastructure security |
| FedRAMP | Rev 5 | 325 controls | US federal cloud security |
| HIPAA | 2013 Omnibus Rule | 54 safeguards | US healthcare data protection |
How Mapping Works
Each security finding generated by TrustCyber is tagged with one or more framework control identifiers. For example, a finding about missing MFA on admin accounts is mapped to NIST CSF PR.AC-7, CIS Control 6.3, ISO 27001 A.9.4.2, and SOC 2 CC6.1. This means a single remediation action can close gaps across multiple frameworks simultaneously.
NoteFramework mappings are included in every assessment report at no additional cost. You do not need to select a specific framework — all supported frameworks are mapped automatically.