ACSC Essential Eight is a cybersecurity framework developed by the Australian Cyber Security Centre (ACSC) to help organizations protect themselves against common cyber threats.

ACSC Essential Eight OverviewOverview of the ACSC Essential Eight cybersecurity strategies.

ACSC Essential Eight: A Requirement-Level Guide

Example Evidence for Not Monitored Controls (Essential Eight)

CIS 8.1

Resources and instructions for meeting CIS 8.1 requirements with Drata.

CIS v8.1 Framework Overview

Example Evidence for Not Monitored Controls (CIS 8.1)The following is a list of example evidence for controls not monitored in Drata for CIS 8.1.

CCPA

Resources and instructions for meeting CCPA requirements with Drata.

2023: CCPA UpdatesWhat you need to know about the latest updates to the CCPA framework in Drata

CMMC

Resources and instructions for meeting CMMC requirements with Drata.

CMMC Framework UpdatesWhat you need to know about the CMMC framework updates releasing on 10/16/2024.

Cyber Essentials

Resources and instructions for meeting UK Cyber Essentials requirements with Drata.

Cyber Essentials v3.2: What’s Changed and How to PrepareCE is a UK government-backed certification that helps organizations protect themselves from cyber threats. It focuses on 5 key areas: firewalls, secure setup, keeping software updated, controlling who can access…

DORA

Resources and instructions for meeting DORA requirements with Drata.

DORA ICT Risk Management Framework (RMF)

EU DORA Framework Overview

DORA's Five Pillars of ComplianceThe Digital Operational Resilience Act (DORA) is an EU Regulation aimed at ensuring financial entities can withstand, respond to, and recover from information and communication technology (ICT) disruptions.

FedRAMP

Resources and instructions for meeting FedRAMP requirements with Drata.

FedRAMP 20x: A Modernized Path to Federal Cloud Security Overview

HIPAA

Resources and instructions for meeting HIPAA requirements with Drata.

HIPAA Checklist

Example Evidence for Not Monitored Controls (HIPAA)Example Evidence for Not Monitored Controls (HIPAA)

ISO 27001

Resources and instructions for meeting ISO 27001 requirements with Drata.

ISO 27001:2013 Example ISMS Plan

ISO 27001:2022 Example ISMS Plan

ISO 27001:2022What you need to know about the latest version of ISO 27001

Security Engineering Principles

Transition Guidance for ISO 27001:2013 to ISO 27001:2022

Question to ask a Potential ISO 27001 Certification Body (i.e. Auditor)

ISO 27001 Certification Review Template

ISO 27001 Background Check FAQs

Example Evidence for Not Monitored Controls (ISO 27001) - Revised (Following 5/7/2024 Updates)

ISO 27701:2019

Resources and instructions for meeting ISO 27701 requirements with Drata.

ISO 27701:2019 Framework UpdatesWhat you need to know about the ISO 27701:2019 framework updates released on 7/11/2024

ISO 42001

Resources and instructions for meeting ISO 42001 requirements with Drata.

ISO 42001 Framework Overview

Ready for ISO 42001? Let’s Talk Next Steps

Example Evidence for Not Monitored Controls (ISO 42001)Example Evidence for Not Monitored Controls (ISO 42001)

Microsoft SSPA

Resources and instructions for meeting Microsoft SSPA requirements with Drata.

Microsoft Supplier Security & Privacy Assurance (SSPA) Program v11 Overview

Example Evidence Not Monitored Controls (Microsoft Supplier Security and Privacy Assurance (SSPA))

NIST CSF 2.0

NIST SP 800-171 Rev. 2

Resources and instructions for meeting 800-171 requirements with Drata.

NIST SP 800-171 Rev. 2 Framework Updates

Example Evidence for Not Monitored Controls (NIST 800-171 Rev 3)

NIST SP 800-53

Resources and instructions for meeting NIST 800-53 requirements with Drata.

NIST SP 800-53 (Rev. 5) Control & Policy Mapping UpdatesWhat you need to know about the latest updates to the NIST SP 800-53r5 framework in Drata

System Security Planning Policy Guidance

Example Evidence for Not Monitored Controls (NIST 800-53r5)

PCI DSS

PCI DSS v4.0

Required Documentation for PCI DSS

PCI DSS v4.0.1 Updates: What You Need to KnowThis article provides an overview of the updates in PCI DSS v4.0.1.

PCI DSS v4.0.1 Targeted Risk Analysis (TRA)

PCI DSS v4.0.1 ChecklistA checklist for achieving PCI DSS within Drata

PCI DSS v4.0.1 Responsibility Matrix Guidance

Example Evidence for Not Monitored Controls (PCI DSS v4.0.1 )

SOC 2 2017

Resources and instructions for meeting SOC 2 requirements with Drata.

SOC 2 Trust Services Categories Overview

SOC 2 Background Checks FAQs

Questions to ask a potential SOC 2 auditor

What to look for when reviewing your draft SOC 2 report

SOC 2 System Description

Reviewing Your Vendors' SOC 2 Reports Using Drata

SOC 2 Type 1 vs Type 2: Which Audit Type Should I Choose

SOC 2: All controlsTemplated controls pre-mapped to SOC 2 criteria spanning all 5 TSCs

Set SOC 2 Trust Service Criteria to Security Only

What Is a SOC 2 Bridge Letter? [+ Template]SOC 2 Bridge Letter Guidance and Template

Example Evidence for Not Monitored Controls (SOC 2)Example Evidence for Not Monitored Controls (SOC 2)

Evidence for SOC 2 Compliance: Managed Platforms and Application Configurations

Framework Information

General

Custom Frameworks

ACSC Essential Eight