Supported Frameworks

TrustMAPP comes out-of-the-box with 30+ cross-mapped assessment templates supporting 50+ industry frameworks for both Control- and Process-based Maturity assessments, as well as Compliance assessments.

NEW: TrustMAPP Ransomware Readiness

  • 12 CFR Appendix A and B to Part 748
  • 48 CFR 52.204-21
  • AU ACSC Essential Eight
  • C2M2
  • CCPA (California Consumer Privacy Act of 2018)
  • CERT Resilience Management Model v1.2
  • Cloud Control Matrix (CCM)
  • CMMC (Cybersecurity Maturity Model Certification)
  • COBIT 5.0
  • ECC – 1 : 2018
  • FedRAMP Security Controls Baseline
  • FFIEC CAT May 2017
  • GAPP
  • GDPR

  • HIPAA Security Rule

  • ISO/IEC 27002:2013 (ISO 27001:2013 Annex A)
  • ISO/IEC 29100:2011
  • Microsoft Supplier Data Protection Requirements
  • NIST CSF 1.1
  • NIST CSF 2.0

  • NIST CSF 1.2.1: FSP
  • NIST Privacy Framework v 1.0
  • NIST Secure Software Development Framework (SSDF)
  • NIST SP 800-171 Rev 2

  • NIST SP 800-171B (Draft)
  • NIST SP 800-53 Rev 4
  • NIST SP 800-53 Rev 5

  • NY DFS Cybersecurity Requirements
  • PCI DSS 3.2.1
  • PCI DSS 4.0

  • SOC 2
  • UK NCSC Cyber Essentials

The Approach

TrustMAPP’s assess, profile, and plan approach helps you increase your security maturity and meet compliance requirements. Assess, review, and present your results with powerful reporting. Use TrustMAPP’s powerful planning and road mapping features to build and communicate your roadmap.

The Tool

TrustMAPP’s templates and automated delivery provide the industry’s most efficient method to assess and continuously measure and report your ongoing maturity or compliance with regulations and security standards. With pre-built and customizable templates, you can create an audit assessment and work with your team to gather the inputs and supporting evidence through a centralized portal. With cross-mappings between regulatory frameworks and their controls, you can easily transfer initial findings and identify gaps.

Simplifying Maturity & Compliance Assessments

Compliance with security-related regulations requires a lot of time from cybersecurity and audit professionals. TrustMAPP provides you results that can replace “assess many” and “report many” with a single assessment and show the gaps between one regulation and the compliance requirements of another.