
Coalfire® supported frameworks
Support for over 80 compliance frameworks

Coalfire supports four times more global regulatory and compliance frameworks than our competitors. With over 20 years of experience, seasoned team expertise, and Compliance Essentials automation platform, we enable seamless coordination across multiple frameworks, simplifying your path to regulatory compliance success.
Global Compliance Expertise: Ensuring Compliance Anywhere, Anytime
Leverage Coalfire's comprehensive compliance framework support to more efficiently achieve results.

Coalfire Supported Frameworks
United States
CCPA
CIS Controls
CJIS
CMS Business Assessment
CMS EDE
CMS ARS
CMMC
CMMI
DEA EPCS
DFARS
DoD
FDA
FedRAMP
FFIEC
FISMA
GLBA
Health Information Act (HIA)
HIPAA
HITRUST
ITAR
MARS-E
NIST AI RMF
NIST Cybersecurity Framework (CSF)
NIST Privacy Framework
NIST SP 800-171
NIST SP 800-218
NIST SP 800-30
NIST SP 800-53
NIST 800-37
NIST 800-39
NIST 800-61
NIST 800-34
NIST IR 8286D
NIST 800-161
23 CRR-NY 500
NYS Hospital Cybersecurity Regulation 405.46 Title 10
OWASP Top 10 for LLMs V1.1
P2PE
PA-DSS
PCI Forensic Investigators
SOC 1
SOC 2
SOC 3
SOC for Cybersecurity
StateRAMP/GovRAMP
TX-RAMP
US State Privacy Laws
TEFCA
Global
CSA STAR Attestation
CSA STAR Certification
ISAE 3402
ISO 20000-1
ISO 22301
ISO 27001
ISO 50001
ISO 13485
ISO 14064-1
ISO 14019
ISO 27017
ISO 27018
ISO 27701
ISO 42001
ISO 45001
ISO 9001
ISO 14001
IASME
ISO 14067
ISO 14068-1
ISO 37001
ISO 14001
MTCS
Microsoft SSPA DPR
NCSC CAF v3.1
NCSC Cyber Security v3.1
PCI DSS
SA8000
SWIFT
EU-US DPF & Swiss-US DPF
Country/Region Specific
BSI C5 - Germany
CCC & ECC - Saudi Arabia
DORA - Europe
ENS - Spain
EU CRA - Europe
GDPR - Europe
HDS - France
Cyber Essentials+ - UK
IRAP - Australia
ISMAP - Japan
IT Grundschutz - Germany
NIS - Europe
Protected B - Canada
TISAX - Germany
Baseline Informatiebeveiliging Overheid [BIO] - Netherlands
Coalfire provides a combination of assessment and advisory services for the frameworks listed above, including those offered through our global partners.
Contact us to learn more.
Our Top Frameworks
FedRAMP
FedRAMP empowers agencies to confidently use modern cloud technologies, emphasizing security and the protection of federal information. Coalfire, a market leader as a FedRAMP Third Party Assessment Organization (3PAO) and advisory firm, provides expert-led services including FedRAMP advisory, security control assessments, vulnerability scans, and penetration testing to help Cloud Service Providers (CSPs) successfully expand into federal markets.
PCI
PCI (Payment Card Industry) Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The PCI DSS (Data Security Standard) applies to all entities that store, process, transmit, and may impact cardholder data security.
HITRUST
The foundation of the HITRUST Assurance Program is the HITRUST Framework (HITRUST CSF). It provides a comprehensive, flexible, and efficient approach to compliance and risk management that has been adopted on a global scale.
ISO
ISO 27001 is a universal standard built for organizations around the globe to establish, maintain, and continually improve their information security management system (ISMS).
SOC
System and Organization Controls report (SOC 1, SOC 2, or SOC 3) is a widely recognized examination that helps promote trust and confidence in your organization’s cybersecurity and financial controls. SOC reports conform to prescribed reporting standards issued by the American Institute of CPAs (AICPA). Coalfire Controls, an affiliate of Coalfire, is a fully licensed, accredited CPA firm with experienced cybersecurity professionals who can examine and report on your organization's controls that protect sensitive data.
NIST CYBERSECURITY FRAMEWORK (CSF)
The U.S. National Institute of Standards and Technology (NIST) developed the NIST Cybersecurity Framework (also known as the NIST Risk Management Framework) in response to a 2013 initiative from former President Obama. The initiative called for the government and the private sector to collaborate in the fight against cyber risk.
NIST AI RMF
For organizations that are incorporating AI into their products and processes, Secureframe helps with NIST AI RMF compliance and risk management associated with AI systems.
CSA STAR ATTESTATION
The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.
STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).
DORA
EU Digital Operational Resilience Act (DORA) is a regulation aimed at enhancing the operational resilience of financial institutions in the European Union in order to withstand and recover from various disruptions and threats.
IRAP
The Australian Signals Directorate (ASD), via the Infosec Registered Assessors Program (IRAP), provides organizations with access to cyber security professionals to conduct high-quality, independent security assessment services.
An IRAP security assessment helps organizations understand their system’s security strengths and weaknesses and provides recommendations that can be utilized as part of their organizational security program.