46 frameworks available

Cyberday framework library

Cyberday provides a growing list of frameworks linked to our task library. Use them to structure your work, track your security level, and build your ISMS effectively.

In Cyberday, frameworks refer to sets of security and privacy requirements — like ISO 27001, NIS2, GDPR, and others (45+) — that organizations aim to follow.
We break them into actionable tasks you can complete inside the app. Most of the tasks are universal — completing one task helps you comply with several frameworks at once.

18/27 EU countries supported

National NIS2 implementations covered in Cyberday and more are coming.

8 ISO 27001 versions supported

From the 2013 edition to the latest 2022 update, requirements are mapped into universal tasks.

Filter by country:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
ISO 27001 ISO 27001 ISO 27001 ISO 27001
NIS 2 Directive
Show comparison

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.
Requirements
28
Country
EU

General Data Protection Regulation

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.
Requirements
48
Country
EU

ISO 27001 (2022): Full

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
Requirements
131
Country
Global
131
requirements
Global

NIS2 Directive

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.
Requirements
23
Country
EU

CER Directive

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards .
Requirements
18
Country
EU

CIS 18 controls

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.
Requirements
171
Country
Global
171
requirements
Global

CRA (Cyber Resilience Act)

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.
Requirements
58
Country
EU

DORA simplified RMF

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.
Requirements
17
Country
EU

ISO 27001 (2013): Full

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
Requirements
164
Country
Global
164
requirements
Global

NIST CSF 2.0

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.
Requirements
123
Country
USA

NIST Cybersecurity Framework

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.
Requirements
137
Country
USA

SOC 2 (Systems and Organization Controls)

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).
Requirements
76
Country
USA

TISAX: Information security

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.
Requirements
89
Country
Global
89
requirements
Global

C2M2: MIL1

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.
Requirements
96
Country
USA

ISO 27701

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).
Requirements
60
Country
Global
60
requirements
Global

ISO 27017

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.
Requirements
47
Country
Global
47
requirements
Global

ISO 27018

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).
Requirements
42
Country
Global
42
requirements
Global

Avviż Legali 71 tal-2025 (Malta)

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.
Requirements
35
Country
Malta
35
requirements
Malta

Cyber Essentials

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.
Requirements
35
Country
United Kingdom
35
requirements
United Kingdom

CyberFundamentals (Belgium)

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.
Requirements
125
Country
Belgium
125
requirements
Belgium

Cyberbeveiligingswet (Nederland)

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.
Requirements
31
Country
Netherlands
31
requirements
Netherlands

Cybersicherheitsverordnung (Schweiz)

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.
Requirements
10
Country
Switzerland
10
requirements
Switzerland

Cybersikkerhedsloven (Danmark)

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.
Requirements
31
Country
Denmark
31
requirements
Denmark

Cybersäkerhetslagen (Sverige)

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.
Requirements
21
Country
Sweden
21
requirements
Sweden

Digital security overview

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>
Requirements
83
Country
Finland
83
requirements
Finland

Il Cybersecurity Act Decreto legislativo n. 138

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.
Requirements
30
Country
Italy
30
requirements
Italy

Julkri: TL IV-I

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.
Requirements
240
Country
Finland
240
requirements
Finland

Katakri (Finnish national security auditing criteria)

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.
Requirements
58
Country
Finland
58
requirements
Finland

Katakri 2020

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.
Requirements
69
Country
Finland
69
requirements
Finland

Kibernetinio Saugumo Įstatymas (Lithuania)

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.
Requirements
40
Country
Lithuania
40
requirements
Lithuania

Kyberturvallisuuslaki (NIS2)

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.
Requirements
24
Country
Finland
24
requirements
Finland

La loi NIS2 (Belgique)

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.
Requirements
34
Country
Belgium
34
requirements
Belgium

Ley de Ciberseguridad (España)

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.
Requirements
28
Country
Spain
28
requirements
Spain

Loi sur les infrastructures critiques (Belgique)

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.
Requirements
14
Country
Belgium
14
requirements
Belgium

Lov om digital sikkerhet (Norge)

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.
Requirements
31
Country
Norway
31
requirements
Norway

NIS2-Umsetzungs- und Cybersicherheitsstärkungsgesetz (Deutschland)

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.
Requirements
22
Country
Germany
22
requirements
Germany

NSM ICT Security Principles (Norway)

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.
Requirements
139
Country
Norway
139
requirements
Norway

Nacionālās kiberdrošības likums (Latvia)

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.
Requirements
41
Country
Latvia
41
requirements
Latvia

Netz- und Informationssystemsicherheitsgesetz (Österreich)

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.
Requirements
30
Country
Austria
30
requirements
Austria

Ordonanța de Urgență a Guvernului nr. 155/2024 (România)

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.
Requirements
40
Country
Romania
40
requirements
Romania

Projet de loi n° 8364 (Luxembourg)

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.
Requirements
30
Country
Luxembourg
30
requirements
Luxembourg

Public administration information management act

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.
Requirements
32
Country
Finland
32
requirements
Finland

Sikkerhetsloven (Norge)

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.
Requirements
31
Country
Norway
31
requirements
Norway

Säkerhetsskyddslagen (Sverige)

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.
Requirements
24
Country
Sweden
24
requirements
Sweden

The national cyber security bill 2024 (Ireland)

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.
Requirements
28
Country
Ireland
28
requirements
Ireland

TiHL: Suositus tietoturvan vähimmäisvaatimuksista

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.
Requirements
23
Country
Finland
23
requirements
Finland

Tietoturvan ja tietosuojan omavalvontasuunnitelma

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.
Requirements
17
Country
Finland
17
requirements
Finland

Tietoturvasuunnitelma (THL 3/2024)

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.
Requirements
18
Country
Finland
18
requirements
Finland

Zakon o kibernetičkoj sigurnosti (Croatia)

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.
Requirements
27
Country
Croatia
27
requirements
Croatia

Εθνική αρχή για την ασφάλεια στον κυβερνοχώρο και άλλες διατάξεις (Ελλάδα)

Η Ελλάδα έχει εφαρμόσει την οδηγία NIS2 της Ευρωπαϊκής Ένωσης με σκοπό την επίτευξη υψηλού επιπέδου ασφάλειας στον κυβερνοχώρο με τα ειδικά μέτρα ασφάλειας στον κυβερνοχώρο.
Requirements
28
Country
Greece
28
requirements
Greece

Ο Νόμος για την Κυβερνοασφάλεια (Κύπρος)

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.
Requirements
23
Country
Cyprus
23
requirements
Cyprus

Закон за прилагане на NIS2 (България)

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.
Requirements
27
Country
Bulgaria
27
requirements
Bulgaria

Avviż Legali 71 tal-2025 (Malta)

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.
Requirements
35
Country
Malta
35
requirements
Malta

Cyber Essentials

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.
Requirements
35
Country
United Kingdom
35
requirements
United Kingdom

CyberFundamentals (Belgium)

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.
Requirements
125
Country
Belgium
125
requirements
Belgium

Cyberbeveiligingswet (Nederland)

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.
Requirements
31
Country
Netherlands
31
requirements
Netherlands

Cybersicherheitsverordnung (Schweiz)

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.
Requirements
10
Country
Switzerland
10
requirements
Switzerland

Cybersikkerhedsloven (Danmark)

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.
Requirements
31
Country
Denmark
31
requirements
Denmark

Cybersäkerhetslagen (Sverige)

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.
Requirements
21
Country
Sweden
21
requirements
Sweden

Digital security overview

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>
Requirements
83
Country
Finland
83
requirements
Finland

Il Cybersecurity Act Decreto legislativo n. 138

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.
Requirements
30
Country
Italy
30
requirements
Italy

Julkri: TL IV-I

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.
Requirements
240
Country
Finland
240
requirements
Finland

Katakri (Finnish national security auditing criteria)

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.
Requirements
58
Country
Finland
58
requirements
Finland

Katakri 2020

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.
Requirements
69
Country
Finland
69
requirements
Finland

Kibernetinio Saugumo Įstatymas (Lithuania)

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.
Requirements
40
Country
Lithuania
40
requirements
Lithuania

Kyberturvallisuuslaki (NIS2)

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.
Requirements
24
Country
Finland
24
requirements
Finland

La loi NIS2 (Belgique)

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.
Requirements
34
Country
Belgium
34
requirements
Belgium

Ley de Ciberseguridad (España)

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.
Requirements
28
Country
Spain
28
requirements
Spain

Loi sur les infrastructures critiques (Belgique)

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.
Requirements
14
Country
Belgium
14
requirements
Belgium

Lov om digital sikkerhet (Norge)

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.
Requirements
31
Country
Norway
31
requirements
Norway

NIS2-Umsetzungs- und Cybersicherheitsstärkungsgesetz (Deutschland)

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.
Requirements
22
Country
Germany
22
requirements
Germany

NSM ICT Security Principles (Norway)

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.
Requirements
139
Country
Norway
139
requirements
Norway

Nacionālās kiberdrošības likums (Latvia)

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.
Requirements
41
Country
Latvia
41
requirements
Latvia

Netz- und Informationssystemsicherheitsgesetz (Österreich)

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.
Requirements
30
Country
Austria
30
requirements
Austria

Ordonanța de Urgență a Guvernului nr. 155/2024 (România)

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.
Requirements
40
Country
Romania
40
requirements
Romania

Projet de loi n° 8364 (Luxembourg)

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.
Requirements
30
Country
Luxembourg
30
requirements
Luxembourg

Public administration information management act

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.
Requirements
32
Country
Finland
32
requirements
Finland

Sikkerhetsloven (Norge)

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.
Requirements
31
Country
Norway
31
requirements
Norway

Säkerhetsskyddslagen (Sverige)

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.
Requirements
24
Country
Sweden
24
requirements
Sweden

The national cyber security bill 2024 (Ireland)

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.
Requirements
28
Country
Ireland
28
requirements
Ireland

TiHL: Suositus tietoturvan vähimmäisvaatimuksista

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.
Requirements
23
Country
Finland
23
requirements
Finland

Tietoturvan ja tietosuojan omavalvontasuunnitelma

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.
Requirements
17
Country
Finland
17
requirements
Finland

Tietoturvasuunnitelma (THL 3/2024)

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.
Requirements
18
Country
Finland
18
requirements
Finland

Zakon o kibernetičkoj sigurnosti (Croatia)

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.
Requirements
27
Country
Croatia
27
requirements
Croatia

Εθνική αρχή για την ασφάλεια στον κυβερνοχώρο και άλλες διατάξεις (Ελλάδα)

Η Ελλάδα έχει εφαρμόσει την οδηγία NIS2 της Ευρωπαϊκής Ένωσης με σκοπό την επίτευξη υψηλού επιπέδου ασφάλειας στον κυβερνοχώρο με τα ειδικά μέτρα ασφάλειας στον κυβερνοχώρο.
Requirements
28
Country
Greece
28
requirements
Greece

Ο Νόμος για την Κυβερνοασφάλεια (Κύπρος)

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.
Requirements
23
Country
Cyprus
23
requirements
Cyprus

Закон за прилагане на NIS2 (България)

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.
Requirements
27
Country
Bulgaria
27
requirements
Bulgaria

ISO 27017

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.
Requirements
47
Country
Global
47
requirements
Global

ISO 27018

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).
Requirements
42
Country
Global
42
requirements
Global

C2M2: MIL1

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.
Requirements
96
Country
USA

ISO 27701

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).
Requirements
60
Country
Global
60
requirements
Global

ISO 27001 (2013): Full

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
Requirements
164
Country
Global
164
requirements
Global

NIST CSF 2.0

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.
Requirements
123
Country
USA

NIST Cybersecurity Framework

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.
Requirements
137
Country
USA

SOC 2 (Systems and Organization Controls)

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).
Requirements
76
Country
USA

TISAX: Information security

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.
Requirements
89
Country
Global
89
requirements
Global

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.
Requirements
28
Country
EU

General Data Protection Regulation

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.
Requirements
48
Country
EU

ISO 27001 (2022): Full

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
Requirements
131
Country
Global
131
requirements
Global

NIS2 Directive

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.
Requirements
23
Country
EU

CER Directive

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards .
Requirements
18
Country
EU

CIS 18 controls

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.
Requirements
171
Country
Global
171
requirements
Global

CRA (Cyber Resilience Act)

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.
Requirements
58
Country
EU

DORA simplified RMF

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.
Requirements
17
Country
EU
Thank you! We received your message and will be in touch if relevant!

Kind regards,
Cyberday team 👋
Oops! Something went wrong while submitting the form.