Coalfire Supported Frameworks List

Frameworks List Page

United States

AI Governance & Model Safety
NIST AI RMF
OWASP Top 10 for LLMs v1.11
NIST Cybersecurity Framework (CSF)
NIST Privacy Framework
NIST SP 800-30
NIST SP 800-37
NIST SP 800-39
NIST SP 800-53
NIST SP 800-61
NIST SP 800-34
NIST SP 800-171
NIST SP 800-218
NIST IR 8286D
NIST 800-161
23 CRR-NY 500
NYS Hospital Cybersecurity Regulation 405.46 Title 10
CPSA
SLC

Government Cloud & Sovereignty Requirements
FedRAMP
StateRAMP
TX-RAMP
CJIS

Healthcare Requirements
CMS Business Assessment
CMS EDE
CMS ARS
MARS-E
ARC-AMPE

Industry-Specific Requirements
CMMC
CMMI
DFARS
DoD
DEA EPCS
FFIEC
CMS Programs
HITRUST
ITAR
SOC 1
SOC 2
SOC 3
SOC for Cybersecurity

Privacy & Data Protection
CCPA
US State Privacy Laws
GLBA
HIPAA
Health Information Act (HIA)
TEFCA

Canada
CCCS ITSG-33

European Union

AI Governance & Model Safety
EU AI Act
DORA (Digital Operational Resilience Act)
EU CRA (Cyber Resilience Act)

Government Cloud & Sovereignty Requirements
None at the EU level. See the regional list below.

Industry-Specific Requirements
DORA for financial services, otherwise sector-specific at country level.

Privacy & Data Protection
GDPR (General Data Protection Regulation)

Note: Many EU countries also adopt ENS/BIO/TISAX-style national programs. See the list below for country-specific regulations.

APAC + Middle East + Europe — Country Specific

Australia 
Government Cloud & Sovereignty Requirements
IRAP
Essential 8

Austria
CyberTrust

Belgium
CyFun

Dubai/UAE
Government Cloud & Sovereignty Requirements
DESC

France
Industry-Specific Requirements 
HDS
SecNumCloud

Germany
BSI C5
IT-Grundschutz
Industry-Specific Requirements
TISAX

Ireland
CyFun

India 
CERT-IN
MeitY

Italy
CAN

Japan
Government Cloud & Sovereignty Requirements
ISMAP

Netherlands
Government Cloud & Sovereignty Requirements
ABDO
BIO (Baseline Informatiebeveiliging Overheid)

Portugal
QNRCS

Saudi Arabia
Government Cloud & Sovereignty Requirements
CCC
ECC
SAMA CSF

Singapore
Government Cloud & Sovereignty Requirements
MTCS

Spain
ENS

Switzerland
DTL

UK
Cyber Essentials+
Crown Commercial Services
MoD compliance requirements

Global

ISO 27001
ISO 27017
ISO 27018
ISO 20000-1
ISO 22301
ISO 50001
ISO 45001
ISO 9001
ISO 14001
ISAE 3402
CSA STAR Attestation
CSA STAR Certification
NCSC CAF v3.1
NCSC Cyber Security v3.1

Industry-Specific Requirements
PCI P2PE
PCI PA-P2PE
PCI SSF
QPA
3-DS
SWIFT
Microsoft SSPA DPR
OWASP SAMM

Privacy & Data Protection
ISO 27701