| Framework | Description |
|---|---|
| FedRamp | A US government program for authorising cloud services with standardised security controls. It provides a list of prescreened cloud service providers authorised to work with US government agencies. |
| FIPS 140-2 | Defines four levels of security for cryptographic modules: L1 – Basic physical security L2 – Adds tamper-evident seals and labelling L3 – Requires threat attempts to trigger proactive measures L4 – Requires active response including self-destruction |
| FIPS 140-3 | Updated version of FIPS 140-2, defining the same levels of cryptographic security |
| GDPR | The General Data Protection Regulation is a European Union law that governs how personal data of individuals in the EU must be collected, processed, and protected |
| HIPAA | A US law that protects the privacy and security of patient health information. It regulates healthcare providers, health information clearinghouses, and health insurance plans |
| PCI DSS | A global security standard requiring organisations to protect cardholder data (e.g. credit cards) and maintain secure payment systems |
| SOC 1 | Focuses on financial reporting controls for auditors and financial stakeholders |
| SOC 2 | Evaluates controls related to security, availability, processing integrity, confidentiality, and privacy of customer data. Type 1 – Point-in-time assessment Type 2 – Assesses effectiveness over time (NDA restricted) Type 3 – Shareable summary of Type 2 |
| SOC 3 | General-use report offering a high-level summary of a SOC 2 audit, without detailed results |
| SOX | A US law enforcing strict financial reporting and internal controls for public companies to prevent fraud |
Created
August 4, 2025 08:30
-
-
Save gezza-b/66ec8c47f1a7bc333aec8500aca58178 to your computer and use it in GitHub Desktop.
ccsp-compliance-others.md
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment