Cyscale
Back to GRC catalog

Standards and Frameworks

Explore mapped standards and frameworks that connect requirements to concrete controls and underlying queries.

Connector filter

Showing 29 of 29 entries

AWS Well-Architected Framework

The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems in the cloud.

Applies to

Alibaba CloudAWSGoogle CloudKubernetesMicrosoft AzureMicrosoft Entra ID

Covered asset types

AMIBlobContainerBucketCloudRunRevisionCloudSQLInstanceConnectorContainerCosmosDBAccountDBClusterDBInstanceEBSSettingsECRRepositoryECSServiceECSTaskDefinitionEKSClusterEKSNodeGroupFirewallFunctionIAMPasswordPolicyIAMRoleIAMServerCertificateIAMUserKMSKeyKinesisDataStreamLaunchTemplateVersionLoadBalancerMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPostgreSQLFlexibleServerPostgreSQLServerRootUserSNSTopicSQLDatabaseSQLServerSageMakerNoteBookSecurityGroupTrailUserVMVPC
84 mapped controls137 queries13 procedures

C5:2020 - Cloud Computing Compliance Criteria Catalogue (BSI Germany)

## Statement

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceKubernetesMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

ACMSSLCertificateAlertPolicyBigTableBlobContainerBucketCloudRunRevisionCloudSQLInstanceCloudSpannerClusterRoleBindingComputeSSLCertificateConfigurationRecorderConnectorContainerContainerRegistryCosmosDBAccountCronJobDBClusterDBInstanceDaemonSetDeploymentECRRepositoryECSServiceECSTaskDefinitionFirewallFlowLogFunctionIAMRoleIAMServerCertificateIAMServiceAccountIAMUserImageIngressJobKMSKeyKMSVaultLoadBalancerLogSinkManagedIdentityMariaDBServerMySQLFlexibleServerMySQLServerPostgreSQLFlexibleServerPostgreSQLServerPubSubSubscriptionPubSubTopicReplicaSetRoleBindingSBNamespaceSQLDatabaseSQLServerSQSQueueSSLCertificateSSLPolicySecurityGroupServiceAccountSiteStatefulSetStorageAccountSubnetworkUserVMVPC
73 mapped controls139 queries11 procedures

CCPA - California Consumer Privacy Act

Privacy regulation focused on consumer data rights and disclosure obligations for California residents.

Applies to

General guidance
Reference entry

CIS Alibaba (Aliyun) Cloud Foundation Benchmark

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

BlobContainerBucketConnectorDBInstanceDiskDomainFirewallIAMPasswordPolicyIAMPolicyIAMUserSecurityGroupUserVM
82 mapped controls36 queries8 procedures

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark

### Statement

Applies to

AWSKubernetes

Covered asset types

ClusterRoleClusterRoleBindingCronJobDaemonSetDeploymentECRRepositoryEKSClusterEKSNodeGroupIAMRoleIngressJobKubernetesPodNamespaceNodePodReplicaSetRoleRoleBindingServiceAccountStatefulSet
22 mapped controls56 queries9 procedures

CIS Amazon Web Services (AWS) Foundations Benchmark

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

BucketConnectorDBInstanceEBSSettingsECSClusterECSServiceECSTaskDefinitionFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMUserKMSKeyNetworkACLRootUserSecurityGroupTrailUserVPC
63 mapped controls63 queries5 procedures

CIS Amazon Web Services (AWS) Foundations Benchmark

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

BucketConnectorDBInstanceEBSSettingsFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMUserKMSKeyNetworkACLRootUserSecurityGroupTrailUserVPC
51 mapped controls58 queries7 procedures

CIS Amazon Web Services (AWS) Foundations Benchmark

## Statement - AWS CIS 3.0.0

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

BucketConnectorDBInstanceEBSSettingsFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMUserKMSKeyRootUserSecurityGroupTrailUserVPC
50 mapped controls57 queries7 procedures

CIS Google Cloud Foundation Benchmark

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

APIKeyAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceConnectorDiskFirewallFunctionIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyLoadBalancerLogBucketManagedZoneProjectSecurityGroupUserVMVPC
72 mapped controls80 queries7 procedures

CIS Kubernetes Benchmark

### Statement

Applies to

Kubernetes

Covered asset types

ClusterRoleClusterRoleBindingConfigMapCronJobDaemonSetDeploymentEndpointsIngressJobKubernetesPodNamespaceNetworkPolicyPersistentVolumeClaimPodReplicaSetRoleRoleBindingServiceServiceAccountStatefulSet
17 mapped controls73 queries9 procedures

CIS Microsoft Azure Foundations Benchmark

#Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra ID

Covered asset types

BlobContainerConnectorCosmosDBAccountDiskFirewallFlowLogFunctionAppIAMRoleKMSKeyKMSSecretKMSVaultMySQLFlexibleServerPostgreSQLFlexibleServerPostgreSQLServerSQLDatabaseSQLServerSecurityGroupSiteStaticIPStorageAccountSubscriptionDiagnosticSettingsUserVM
143 mapped controls137 queries9 procedures

CSA CCM - Cloud Security Alliance - Cloud Controls Matrix

Cloud security control framework published by the Cloud Security Alliance for assessing cloud environments and providers.

Applies to

General guidance
Reference entry

Cyscale Security Framework

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAPIKeyAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorDBInstanceDiskDomainEBSSettingsECSClusterECSServiceECSTaskDefinitionFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLoadBalancerLogBucketManagedZoneMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectRootUserSNSTopicSQLDatabaseSQLServerSQLUserSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
359 mapped controls301 queries9 procedures

DORA - Digital Operational Resilience Act

#Statement

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceKubernetesMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAPIKeyBigQueryTableBlobContainerBucketCloudRunRevisionCloudSQLInstanceClusterConnectorContainerCosmosDBAccountDBInstanceDomainECSServiceECSTaskDefinitionFirewallFunctionIAMGroupIAMPasswordPolicyIAMRoleIAMServiceAccountIAMUserKMSKeyKMSSecretKMSVaultLoadBalancerLogBucketMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectRootUserSQLDatabaseSQLServerSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
129 mapped controls160 queries10 procedures

GDPR - General Data Protection Regulation (EU)

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft Azure

Covered asset types

AMIAPIKeyBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorCosmosDBAccountDBClusterDBInstanceDiskEBSSettingsFunctionIAMRoleIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSVaultKinesisDataStreamLaunchTemplateVersionMariaDBServerMySQLFlexibleServerMySQLServerPostgreSQLFlexibleServerPostgreSQLServerPubSubSubscriptionPubSubTopicRootUserSNSTopicSQLDatabaseSQLServerSQLUserSQSQueueSageMakerNoteBookStorageAccountTrailVM
77 mapped controls116 queries11 procedures

HIPAA - Health Insurance Portability and Accountability Act (US)

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

APIKeyAppEngineServiceBigQueryTableBucketCloudSQLInstanceClusterConnectorDBInstanceECSClusterECSServiceECSTaskDefinitionFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLoadBalancerLogBucketManagedZoneMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerRootUserSNSTopicSQLDatabaseSQLServerSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
124 mapped controls130 queries12 procedures

HITRUST - Health Information Trust Alliance

Security and privacy assurance framework commonly used in regulated industries, especially healthcare and adjacent ecosystems.

Applies to

General guidance
Reference entry

HITRUST CSF - Health Information Trust Alliance

The CSF was designed with security and privacy professionals in mind. By taking an abstraction of what is core to and common across most dominant frameworks, the architecture was deliberately chosen to facilitate straightforward understanding and easy consumption. Each control category in the CSF includes control objectives and control specifications, leveraging the primary categories from the ISO/IEC framework, as well as the inclusion of specific categories for an information security management program and risk management practices which collectively help to ensure organizational, regulatory compliance, and system controls are properly specified and implemented. The core structure is then integrated with various authoritative sources, along with the experience and leading practices of the HITRUST Community, to create specific implementation requirements for each control. All requirements are mapped to the related framework, standard, or regulation, and noted as an authoritative source.

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceKubernetesMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAPIKeyAppEngineServiceBigQueryTableBlobContainerBucketCloudRunRevisionCloudSQLInstanceClusterConnectorContainerCosmosDBAccountDBClusterDBInstanceDiskDomainEBSSettingsECSServiceFirewallFunctionIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLaunchTemplateVersionLoadBalancerLogBucketManagedZoneMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerPubSubSubscriptionPubSubTopicRootUserSNSTopicSQLDatabaseSQLServerSQLUserSQSQueueSageMakerNoteBookSecurityGroupSiteStorageAccountTrailUserVMVPC
227 mapped controls294 queries34 procedures

ISO/IEC 27001:2013 - Information security management systems

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAPIKeyAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorDBInstanceDiskDomainEBSSettingsFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLoadBalancerLogBucketMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectRootUserSNSTopicSQLDatabaseSQLServerSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
286 mapped controls248 queries114 procedures

ISO/IEC 27001:2022 - Information security management systems

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorDBClusterDBInstanceDiskDomainEBSSettingsECSClusterECSServiceECSTaskDefinitionFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLoadBalancerLogBucketMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectPubSubSubscriptionPubSubTopicRootUserSNSTopicSQLDatabaseSQLServerSQSQueueSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
244 mapped controls290 queries30 procedures

LGPD - General Personal Data Protection Law

This Law provides for the processing of personal data, including in digital media, by a natural person or legal entity governed by public or private law, in order to protect the fundamental rights of liberty and privacy and the free development of personality of the natural person.

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceKubernetesMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

APIKeyBigQueryTableBlobContainerBucketCloudRunRevisionCloudSQLInstanceClusterConnectorContainerCosmosDBAccountDBClusterDBInstanceDiskEBSSettingsFunctionIAMGroupIAMPasswordPolicyIAMRoleIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSVaultKinesisDataStreamLaunchTemplateVersionLoadBalancerLogBucketManagedZoneMariaDBServerMySQLFlexibleServerMySQLServerPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerPubSubSubscriptionPubSubTopicSNSTopicSQLDatabaseSQLServerSQLUserSQSQueueSageMakerNoteBookStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
156 mapped controls203 queries18 procedures

LGPD - Lei Geral de Proteção de Dados

Brazilian data protection law governing how organizations collect, process, store, and protect personal data.

Applies to

General guidance
Reference entry

MAS Technology Risk Management Guidelines

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorCosmosDBAccountDBClusterDBInstanceDiskDomainEBSSettingsFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultKinesisDataStreamLoadBalancerLogBucketManagedZoneMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectPubSubSubscriptionPubSubTopicRootUserSNSTopicSQLDatabaseSQLServerSQLUserSQSQueueSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
261 mapped controls319 queries25 procedures

NIST 800-171 - NIST Special Publication 800-171

NIST guidance for protecting controlled unclassified information in non-federal systems and organizations.

Applies to

General guidance
Reference entry

NIST 800-53 - NIST Special Publication 800-53

## Statement

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AMIAPIKeyAppEngineServiceBigQueryTableBlobContainerBucketCloudSQLInstanceClusterConnectorCosmosDBAccountDBClusterDBInstanceDiskEBSSettingsECSClusterECSServiceECSTaskDefinitionFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMServiceAccountKeyIAMUserKMSKeyKMSSecretKMSVaultLaunchTemplateVersionLoadBalancerLogBucketManagedZoneMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPasswordPolicyPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectPubSubSubscriptionPubSubTopicRootUserSNSTopicSQLDatabaseSQLServerSQSQueueSageMakerNoteBookSecurityGroupSiteStorageAccountTrailUserVMVPC
280 mapped controls347 queries20 procedures

NIST CSF - NIST Cybersecurity Framework

High-level cybersecurity framework organized around the functions Identify, Protect, Detect, Respond, and Recover.

Applies to

General guidance
Reference entry

PCI-DSS - PCI Security Standards Council - Payment Card Industry Data Security Standard

#Statement

Applies to

Alibaba CloudAWSGoogle CloudGoogle WorkspaceKubernetesMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

AppEngineServiceBigQueryTableBlobContainerBucketCloudRunRevisionCloudSQLInstanceClusterConnectorContainerCosmosDBAccountDBClusterDBInstanceDiskEBSSettingsECSServiceECSTaskDefinitionFirewallFunctionFunctionAppIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMUserKMSKeyKMSSecretKMSVaultLoadBalancerLogBucketMariaDBServerMySQLFlexibleServerMySQLServerNetworkACLPolicyPostgreSQLFlexibleServerPostgreSQLServerProjectRootUserSQLDatabaseSQLServerSecurityGroupSiteStorageAccountSubscriptionDiagnosticSettingsTrailUserVMVPC
169 mapped controls224 queries12 procedures

PCI-DSS - PCI Security Standards Council - Payment Card Industry Data Security Standard

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

APIKeyAppEngineServiceBigQueryTableBucketCloudSQLInstanceClusterConnectorDiskEBSSettingsFirewallIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMUserKMSKeyKMSSecretKMSVaultLoadBalancerLogBucketNetworkACLProjectRootUserSQLDatabaseSQLServerSecurityGroupStorageAccountTrailUserVMVPC
105 mapped controls106 queries12 procedures

SOC 2 - American Institute of CPAs (AICPA) - Service Organization Control 2

## Statement

Applies to

Alibaba CloudAWSGoogle CloudMicrosoft AzureMicrosoft Entra IDOkta

Covered asset types

BigQueryTableBlobContainerBucketCloudSQLInstanceConnectorDiskECSClusterECSServiceECSTaskDefinitionFirewallFunctionIAMGroupIAMPasswordPolicyIAMRoleIAMServerCertificateIAMServiceAccountIAMUserKMSKeyKMSSecretKMSVaultLoadBalancerLogBucketNetworkACLPasswordPolicyPolicyProjectRootUserSQLServerSecurityGroupStorageAccountTrailUserVMVPC
123 mapped controls128 queries11 procedures
Cyscale Logo
Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of useSecurity PolicyPrivacy PolicyStatusSitemap
Terms of useSecurity PolicyPrivacy Policy
StatusSitemap
LinkedIn icon
Twitter icon
Facebook icon
crunch base icon
angel icon