effective roadmaps knowing the rules assurance

The Newest Standards, Regulations and Best Practices Support by Compliance Mapperβ„’

Compliance Mapperβ„’ allows point and click mapping between numerous regulations, standards and frameworks. C2C's goal is to ensure that Compliance Mapper works in conjunction with all frameworks, current standards, regulations and best practices. The list below contains all of the newest frameworks that work with - and can be supported by - Compliance Mapperβ„’.



  • ISO/IEC Standards
  • Standards and Guidelines
    • COBIT v4.1
    • COSO
    • ISF - International Security Forum
    • NIST 800-53 Rev 3 August 2009
    • NIST 800-53A
    • NIST Controls Catalog 800-53 Rev 2
  • Regulations
    • International Regulations
      • EU Laws
        • EU Privacy Directive
      • Australian Laws
        • Australian Government Information and Communications Technology Security Manual
        • Cybercrime Act 2001
        • Guidelines for NSW Government - Information Security (2006) - Issue 6
        • The Threat of the Cybercrime Act 2001 to Australian IT Professionals
      • South African Laws
        • South African Privacy Law
      • Financial Rulings
        • Basel 2
      • Payment Card Industry - PCI
        • IT Audit Checklist
      • India Regulations
        • Consequences of non-compliances
        • Delhi Questions
        • The Contract Labour (Regulation and Abolition) Act, 1970 with The Contract Labour(Regulation and Abolition) Delhi Rules, 1971
        • The Delhi Shops & Establishments Act & Rules 1954
        • THE INDIAN TELEGRAPH ACT, 1885
        • The Industrial Employment (Standing Orders) Act, 1946 R/W The Industrial Employment (Standing Orders) ( Central) Rules, 1959
        • The Information Technology ACT, 2008 (India)
        • The Minimum Wages Act 1948 And Minimum Wage ( Central ) Rules, 1950
        • The Payment of Wages Act, 1936 r/w The Payment of Wages (Manner of Recovery of Excess Deduction ) Rules, 1963
      • Saudi Regulation
        • TADAWUL
      • South Africa Regulations
        • KING 3 - KING CODE OF GOVERNANCE FOR SOUTH AFRICA 2009
      • Safe Harbor
      • UK Data Protection Act 1998
    • US Regulations
      • 21 CFR Part 11
      • AB 1950 - California Privacy Law for Medical Information
      • Common Criteria for Information Technology
      • Financial - FFIEC
      • Gramm Leach Bliley
      • HIPAA
      • Sarbanes Oxley
      • SB 1386 -California Privacy Law
      • SCADA
  • PCI Standard
    • PCI Data Security Standard v.1.1 Sept 2006
    • PCI Data Security Standard V1.2 October 2008
    • PCI DSS Testing Procedures V1.2
  • OMB Circulars
    • Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources
    • OMB Circular # A-123 - Appendix A: Internal Control over Financial Reporting
    • OMB Circular # A-123 Revised Management Responsibility for Internal Controls
    • OMB Circular # A-130 Revised
  • Federal Regulations, Standards, DOD
    • DODI 8500.2 Infrastructures
      • DODI 8500.2 IA Confidentiality Controls for DoD Information Systems Processing Classified Information
      • DODI 8500.2 IA Controls for DoD Information Systems processing information cleared for public release
      • DODI 8500.2 IA Controls for sensitive DoD information
      • DODI 8500.2 IA Controls Mission Assurance Category 1 DoD information systems
      • DODI 8500.2 IA Controls Mission Assurance Category II DoD information systems
      • DODI 8500.2 IA Controls Mission Assurance Category III DoD information systems
    • FISCAM
      • FISCAM - Evaluating and Testing Business Process Application Controls
      • FISCAM - Evaluating and Testing General Controls
    • Clinger-Cohen Act of 1996
    • DoD 5015.02-STD ELECTRONIC RECORDS MANAGEMENT SOFTWARE APPLICATIONS DESIGN CRITERIA STANDARD April 25, 2007
    • DoD 5200.1-R, Information Security Program - January 1997
    • DOD 5400.11R DOD Privacy Program 14 May 2007
    • DoD 5400.7-R DOD Freedom of Information Act Program
    • DoD 6025.18-R DoD Health Information Privacy Regulation
    • DoD 8580.02-R DOD Health Information Security Regulation
    • DoDI 5000.02, Defense Acquisition System - December 8, 2008
    • FISMA
    • THE PRIVACY ACT OF 1974 - 5 U.S.C. § 552a
  • Healthcare
    • HIPAA Controls
    • HITECH
  • Financial Services
    • BSA/AML
      • BSA/AML Compliance Program
      • BSA/AML Risk Assessment
      • BSA/AML Scoping and Planning
      • FDIC BSA/AML Requirements
      • Useful Documents
    • Republic Federal
      • Regulation O Assessment
      • Regulation O: Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks 12 CFR 215
      • Republic Federal - Insider Borrowing (Regulation O) Policy
    • Banking Acts and Important Information
      • Banking Acts
      • Banking Links for Regulatory Compliance
      • Important Banking Legislation references
    • Credit Acts
      • Electronic Funds Transfer Act (EFTA)
      • Fair Credit Reporting Act 7th July 2009 (FCRA)
      • Fair Debt Collection Practices Act (FDCPA)
    • GLBA Controls Part 314—Standards for Safeguarding Customer Information
  • BCM Standards
    • ASIS SPC.1-2009 Organizational Resilience Standard - Guidance
    • ASIS SPC.1-2009 Organizational Resilience Standard - Requirements
    • BS 25999-1:2006 Code of Practice
    • BS 25999-2:2007 Specification
    • CERT - Resiliency Engineering Framework
    • Federal Continuity Directive (FCD-1)
    • FFIEC BCP March 2008
    • NFPA 1600 - 2007 Edition
    • Z1600-08
  • NERC - SCADA
    • NERC CIP
    • SCADA Resources
  • IT Governance
    • ISO 38500 Governance for IT
    • IT Governance Framework
    • Organizational Governance Framework
    • Val IT Framework V2
  • CMMi
    • CMMI Level 2 Processes - MANAGED
  • Assessments
    • ISO 27002 Assessments
      • 27002 - Access Control - 11
      • 27002 - Asset Management - 7
      • 27002 - BCM - 14
      • 27002 - Compliance - 15
      • 27002 - Human Resources - 8
      • 27002 - Incident Management - 13
      • 27002 - Information Systems Acquisition, Development and Maintenance - 12
      • 27002 - Ops Control - 10
      • 27002 - Organization of IS - 6
      • 27002 - Physical Security - 9
      • 27002 - Policy 5
      • 27002 Risk - 4
    • BITS Assessments
      • BITS Access Control H
      • BITS Asset Management D
      • BITS Business Continuity K
      • BITS Comms & Ops G
      • BITS Compliance L
      • BITS High Level Qs
      • BITS Human Resource Security E
      • BITS Incident Management J
      • BITS Info Sys & Acquisition I
      • BITS Organization Security C
      • BITS Physical and Env F
      • BITS Risk A
      • BITS Security Policy B
    • FFIEC Workbooks
      • FFIEC Audit Module
      • FFIEC BCP Tier 1 Objectives:2008
      • FFIEC BCP Tier 2 Objectives:2008
      • FFIEC Development & Acquisition
      • FFIEC Fedline
      • FFIEC Information Security Module
      • FFIEC Management Module
      • FFIEC Operations
      • FFIEC Outsourcing Module
    • Security Awareness
      • 27001 Awareness Module
      • Explanation Awareness
      • Security Elements
      • Security Quiz 1
      • Security Quiz 2
    • ISO 27001
      • ISO 27001 Assessment
      • ISO 27001 Scope Questions
    • BCM
      • BS 25999 Assessment
      • Business Impact Assessment
    • ISO 20000
      • ISO 20000 - PD 0015
      • ISO 20000 smaller assessment
    • 201 CMR 17.00 COMPLIANCE CHECKLIST - Identity Theft
    • BS 8470 Secure Disposal of Confidential Material
    • BS 8549 Security Consultancy
    • CobIT v4.1
    • COSO Assessment
    • Cyber Security Checklist
    • e-Commerce Security Checklist
    • FISMA
    • Food Security Assessment
    • GLBA linked to ISO 27001
    • Info Security Risk Assessment
    • ISO/IEC 31000:2009 Risk Management
    • NIST 800-53
    • NIST 800-53A C&A Assessment
    • PCI v1.2 Assessment
    • Physical Security
    • PIA - Privacy Impact Analysis
    • SOX 404 Assessment
    • VOIP Implementation Assessment
  • OWASP
    • OWASP A Guide to Building Secure Web Applications and Web Services
  • ITIL v3
    • ITIL Continual Service Improvement
    • ITIL Service Design
    • ITIL Service Operation
    • ITIL Service Strategy
    • ITIL Service Transition
  • Energy Management
    • BS EN 16001:2009 Energy management systems. Guidance
    • BS EN 16001:2009 Energy management systems. Requirements
  • MIFID
    • Markets in Financial Instruments Directive (MiFID)
    • MIFID
  • ARRA - American Recovery and Reinvestment Act of 2009
    • Initial Implementing Guidance for the American Recovery and Reinvestment Act of 2009
  • Green House Gases
    • Green Data Centers
    • ISO 14064-1:2006 Greenhouse gases — Part 1: Specification with guidance at the organization level for quantification and reporting of greenhouse gas e
    • ISO 14064-2:2006 Greenhouse gases — Part 2: Specification with guidance at the project level for quantification, monitoring and reporting of greenhous
    • ISO 14064-3:2006 Greenhouse gases — Part 3: Specification with guidance for the validation and verification of greenhouse gas assertions
    • ISO 14065-2007 Greenhouse gases — Requirements for greenhouse gas validation and verification bodies for use in accreditation or other forms of recogn
  • Social Accountability and Responsibility
    • ISO 26000:2010 Social Responsibility
    • SA 8000 Reference information
    • SA 8000 Social Accountability
  • IWA 4
    • IWA 4 Quality management systems — Guidelines for the application of ISO 9001:2000 in local government
    • IWA 4:2009 Quality management systems — Guidelines for the application of ISO 9001:2008 in local government
    • “ Check Up” System for Reliable Local Government - IWA4
  • BITS
    • FISAP
  • SANS
    • SANS - Twenty Critical Controls for Effective Cyber Defense: Consensus Audit
  • e-Discovery
    • Understanding Electronic Discovery
    • What are the Rules governing e-discovery?
    • What is Electronic Discovery - e-discovery
    • What makes electronically stored information (ESI) so different as potential evidence?
  • Sarbanes Oxley (SOX)
    • SOX Compliance
  • Privacy Laws
    • PIPEDA - Canada
      • PIPEDA - Personal Information Protection and Electronic Documents Act 2000, c. 5
      • PIPEDA - SCHEDULE 1 PRINCIPLES SET OUT IN THE NATIONAL STANDARD OF CANADA ENTITLED MODEL CODE FOR THE PROTECTION OF PERSONAL INFORMATION , CAN/CSA-Q83
    • Privacy Act - Canada
      • Canadian Privacy Act
    • EU Privacy Directive
      • EU Directive 95/46/EC - The Data Protection Directive
    • Safe Harbor
      • Safe Harbor Principles
    • Security & Breach Regs
      • 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH
      • California Security Breach Information Act (SB-1386)
      • The General Laws of Massachusetts - SECURITY BREACHES
    • Protection of Personal Information - South Africa
      • POPI - PROTECTION OF PERSONAL INFORMATION BILL - South Africa
    • COPPA - Children's Online Privacy Protection Act
  • GAPP - Generally Accepted Privacy Principles
    • Generally Accepted Privacy Principles (GAPP) August 2009
  • Risk Management
    • BS 31100:2008 Risk Management Code of Practice
    • ISO/IEC 31000:2009 - Risk Management — Principles and Guidelines
  • FFIEC Frameworks
    • FFIEC - Outsourcing Technology Services 2004 - Action Summary
    • FFIEC Information Security (IS) - July 2006
  • Basel II Framework
  • Identity and Privilege Management Services
  • Security Governance Framework
  • Example SAS 70
  • Information/Data Governance
  • Information Security Management Maturity Model (ISM3)
  • New!!
    • AS 9100c - Aerospace Quality Management
    • Aussie Privacy Law
    • Bill C-28 - Fighting Internet and Wireless Spam Act
    • CAN-SPAM
    • Dodd-Frank - Dodd-Frank Wall Street Reform and Consumer Protection Act
    • FERPA
    • FFIEC Authentication Guidance
    • FFIEC Information Security
    • FFIEC Management
    • FHFA 12 CFR Part 1235 Records Retention
    • FINRA Rulings
    • FSA - Financial Services Authority - UK, including Operational Risk
    • FTC Fair information Practices
    • GAO - Assessing and Improving EA Management (Version 2.0) - August 2009
    • IIROC Rules for Business Conduct
    • Internet Banking and Technology Risk Management Guidelines V.3 June 2009
    • ISO 17025 - General requirements for the competence of testing and calibration laboratories
    • ISO 19770-1 Information Technology - Software asset management - Process
    • ISO 20000-3:2009 Guidance on scope definition and applicability of ISO/IEC 20000-1
    • ISO 21188:2006 PKI
    • ISO 22307:2008 Financial Services - Privacy Impact Asessment
    • ISO 27003:2010 Information security management system implementation guidance
    • Mexican Privacy Laws
    • NARA Regulation - NARA Records Management Guidance and Regulations
    • NARA Regulations in the Code of Federal Regulations
    • National Policy 11-201 Delivery of Documents by Electronic Means
    • NERC CIP
    • NISPOM
    • NTM Rules 07-59
    • OECD Privacy Guidelines
    • PCI v2 - October 2010
    • RSIM - Mexico's equivalent of PCI published by the AMB ( Mexican Bank Association)
    • South Africa Protection of Personal Information Act - 2009
  • British Standards
    • BS 10008:2008 - Evidential weight and legal admissibility of electronic information - Specification
    • BS 10012:2009 Data protection – Specification for a personal information management system
    • BS 7799-3:2006 Guidelines for information security risk management
    • BS 7858:2006 +A2:2009 - Security screening of individuals employed in a security environment – Code of practice
    • BS 8470 Secure Disposal of Confidential Material
    • BS 8549 Security Consultancy Code of Practice