Get a quote

The Compliance Universe

31 frameworks. 1,765 controls. Cross-mapped where standards allow.

Explore the interactive Security Universe →
GCC 8 Policy & Process

Qatar NIA

National Cyber Security Agency (NCSA)

354 controls · 26 domains
GCC 8 Policy & Process

UAE IA

Cybersecurity Council / SIA (ex-NESA)

188 controls · 15 domains
International pass_fail

CIS Controls

International

153 controls · 18 domains
GCC 8 Policy & Process

NCA ECC-2

National Cybersecurity Authority (NCA)

109 controls · 28 domains
EU 8 Policy & Process

GDPR (EU)

European Commission / EDPB

99 controls · 11 domains
International pass_fail

ISO 27001

International

93 controls · 4 domains
International 8 Policy & Process

PCI DSS 4.0.1

PCI SSC

66 controls · 14 domains
GCC 8 Policy & Process

NCA CCC

National Cybersecurity Authority (NCA)

55 controls · 24 domains
GCC 8 Policy & Process

ADHICS

Department of Health – Abu Dhabi (DoH)

47 controls · 11 domains
International Operational Technology

NCA OTCC

National Cybersecurity Authority (NCA)

47 controls · 23 domains
GCC 8 Policy & Process

SAMA CSF

Saudi Central Bank (SAMA)

32 controls · 4 domains
GCC 8 Policy & Process

Data-protection rules

CITRA

29 controls · 8 domains
GCC 8 Policy & Process

PDPL – Federal Decree-Law 45/2021

UAE Data Office

29 controls · 8 domains
International reference

NIST CSF

US / International

22 controls · 6 domains
US 8 Policy & Process

HIPAA Security Rule

HHS OCR

18 controls · 3 domains
EU 8 Policy & Process

NIS2

ENISA / national CSIRTs

10 controls · 1 domain
UK 8 Policy & Process

Cyber Essentials

NCSC / IASME

5 controls · 1 domain
UK 8 Policy & Process

Cyber Essentials Plus

NCSC / IASME

5 controls · 1 domain
EU 8 Policy & Process

DORA

ESAs (EBA/ESMA/EIOPA)

17 controls · 5 domains
GCC 8 Policy & Process

Bahrain NCSC

National Cyber Security Centre (NCSC); CBB (finance)

0 controls · 2 domains
Catalogue listing — assessment coming soon
GCC 8 Policy & Process

CBUAE CSF

Central Bank of the UAE (CBUAE)

0 controls · 3 domains
Catalogue listing — assessment coming soon
GCC 8 Policy & Process

Dubai ISR

Dubai Electronic Security Center (DESC)

0 controls · 2 domains
Catalogue listing — assessment coming soon
International reference

IEC 62443

International

0 controls · 0 domains
Catalogue listing — assessment coming soon
GCC 6 Technology & Threats

Kuwait NCF

CITRA + NCSC; CBK (banks)

0 controls · 2 domains
Catalogue listing — assessment coming soon
GCC 8 Policy & Process

Oman NCF

MTCIT / OCERT / Cyber Defence Centre

0 controls · 2 domains
Catalogue listing — assessment coming soon

Threat & attack models

Catalogued separately — these describe how adversaries attack rather than prescribing controls, so they are not counted among the compliance frameworks above. They connect attacker techniques to the controls that reduce them.

Threat model reference

MITRE ATT&CK

MITRE

216 techniques
Threat model reference

UKC

Paul Pols / unifiedkillchain.com

18 techniques

All 31 frameworks are available on the platform.

Start your free trial →