Maturity & Compliance Frameworks

The TrustMAPP Ransomware Readiness Framework

The rise in ransomware has organizations looking for new approaches to defending against, and recovering from, ransomware attacks. In response, TrustMAPP has created a unique Ransomware Readiness Overview framework, organized around the lifecycle of a ransomware attack. Based on the widely-adopted NIST CSF framework, the new framework is designed to give organizations a simple and rapid overview of their readiness to handle an attack.

TrustMAPP is offering complimentary Ransomware Readiness Overviews to qualifying organizations, so they can see the power of the TrustMAPP cybersecurity performance management platform. Click HERE to learn more

Webinar: A New Approach to Ransomware Readiness

In this on-demand webinar, Ed Amoroso and Allan Alford discussed how existing cybersecurity compliance regulations and frameworks are deficient in focusing on how organizations can defend against, and recover from, specific attacks like ransomware. They also discussed TrustMAPP’s new Ransomware Readiness framework, and how it’s been designed to meet today’s needs.

By the end of the webinar, attendees will understand how a ransomware-specific assessment framework can give them a powerful new tool to prepare their organizations for an attack.


Dr. Ed Amoroso is the founder and CEO of TAG Cyber, a global cybersecurity advisory, training, consulting, and media services company supporting hundreds of companies across the world. Ed recently retired from AT&T after thirty-one years of service, culminating as Senior Vice President and Chief Security Officer from 2004 to 2016.

Allan Alford has held CISO roles at five organizations over the last 20 years, including his current role at TrustMAPP, where he is also the CTO. His goal as CISO is always to create business value by rapidly aligning information security with IT, Engineering, and Services, thereby making security a revenue enabler. Allan is also the producer and host of the Cyber Ranch podcast.

Click HERE to see the recording.

The Approach

TrustMAPP’s assess, profile, and plan approach helps you increase your security maturity and meet compliance requirements. Assess, review, and present your results with powerful reporting. Use TrustMAPP’s powerful planning and road mapping features to build and communicate your roadmap.

The Tool

TrustMAPP’s templates and automated delivery provide the industry’s most efficient method to assess and continuously measure and report your ongoing maturity or compliance with regulations and security standards. With pre-built and customizable templates, you can create an audit assessment and work with your team to gather the inputs and supporting evidence through a centralized portal. With cross-mappings between regulatory frameworks and their controls, you can easily transfer initial findings and identify gaps.

Simplifying Maturity & Compliance Assessments

Compliance with security-related regulations requires a lot of time from cybersecurity and audit professionals. TrustMAPP provides you results that can replace “assess many” and “report many” with a single assessment and show the gaps between one regulation and the compliance requirements of another.

Supported Frameworks

TrustMAPP comes out-of-the-box with 30+ cross-mapped assessment templates supporting 50+ industry frameworks for both Control- and Process-based Maturity assessments, as well as Compliance assessments.

NEW: TrustMAPP Ransomware Readiness

12 CFR Appendix A and B to Part 748
48 CFR 52.204-21
AU ACSC Essential Eight
CCPA (California Consumer Privacy Act of 2018)
CERT Resilience Management Model v1.2
Cloud Control Matrix (CCM)
CIS Controls (Top 20) v7.1
CMMC (Cybersecurity Maturity Model Certification)
ECC – 1 : 2018
FedRAMP Security Controls Baseline
FFIEC CAT May 2017
HIPAA Security Rule
ISO/IEC 27002:2013 (ISO 27001:2013 Annex A)
ISO/IEC 29100:2011
Microsoft Supplier Data Protection Requirements
NIST Privacy Framework v 1.0
NIST Secure Software Development Framework (SSDF)
NIST SP 800-171 Rev. 2
NIST SP 800-171B (Draft)
NIST SP 800-53 Rev 4
NY DFS Cybersecurity Requirements
PCI DSS 3.2.1
UK NCSC Cyber Essentials