Support for over 100 compliance frameworks

FedRAMP empowers agencies to confidently use modern cloud technologies, emphasizing security and the protection of federal information. Coalfire, a market leader as a FedRAMP Third Party Assessment Organization (3PAO) and advisory firm, provides expert-led services including FedRAMP advisory, security control assessments, vulnerability scans, and penetration testing to help Cloud Service Providers (CSPs) successfully expand into federal markets.

PCI (Payment Card Industry) Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The PCI DSS (Data Security Standard) applies to all entities that store, process, transmit, and may impact cardholder data security.  

The foundation of the HITRUST Assurance Program is the HITRUST Framework (HITRUST CSF). It provides a comprehensive, flexible, and efficient approach to compliance and risk management that has been adopted on a global scale.

ISO 27001 is a universal standard built for organizations around the globe to establish, maintain, and continually improve their information security management system (ISMS).

System and Organization Controls report (SOC 1, SOC 2, or SOC 3) is a widely recognized examination that helps promote trust and confidence in your organization’s cybersecurity and financial controls. SOC reports conform to prescribed reporting standards issued by the American Institute of CPAs (AICPA). Coalfire Controls, an affiliate of Coalfire, is a fully licensed, accredited CPA firm with experienced cybersecurity professionals who can examine and report on your organization's controls that protect sensitive data.

The U.S. National Institute of Standards and Technology (NIST) developed the NIST Cybersecurity Framework (also known as the NIST Risk Management Framework) in response to a 2013 initiative from former President Obama. The initiative called for the government and the private sector to collaborate in the fight against cyber risk.

For organizations that are incorporating AI into their products and processes, Secureframe helps with NIST AI RMF compliance and risk management associated with AI systems.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).

EU Digital Operational Resilience Act (DORA) is a regulation aimed at enhancing the operational resilience of financial institutions in the European Union in order to withstand and recover from various disruptions and threats.

The Australian Signals Directorate (ASD), via the Infosec Registered Assessors Program (IRAP), provides organizations with access to cyber security professionals to conduct high-quality, independent security assessment services.

An IRAP security assessment helps organizations understand their system’s security strengths and weaknesses and provides recommendations that can be utilized as part of their organizational security program.