Compliance Standards

Xacta® supports a wide range of security compliance standards and policies.

Out of the box, Xacta supports a wide range of frameworks and regulatory content across all industries with no-code customization options for tailoring content to fit your organization’s needs. Don’t see a regulation or framework listed here? Telos has our own content development team, and we are always expanding our library as customer requirements arise.

Industry and International

  • California Consumer Privacy Act (CCPA)​
  • COBIT 5​
  • COBIT 12​
  • Common Criteria (selected protection profiles)​
  • Cyber Risk Institute Profile​
  • Family Educational Rights and Privacy Act (FERPA)​
  • Federal Financial Institutions Examination Council (FFIEC)​
  • Financial Services Sector Coordinating Council (FSSCC)​
  • General Data Protection Regulation (GDPR)​
  • Health Insurance Portability and Accountability Act (HIPAA)​
  • ISO 27001/27002​
  • JSP 604 (British Gov Cloud)​
  • North American Electric Reliability Corporation (NERC)​
  • NIST SP 800-171 (Protecting CUI in Nonfederal Systems and Organizations)​
  • NIST SP 800-172 Enhanced Security Requirements for Protecting CUI:  A Supplement to NIST SP 800-171​
  • Payment Card Industry Data Security Standard (PCI DSS)​
  • Sarbanes-Oxley Act​
  • SOC 1 and 2 – American Institute of Certified Public Accountants


  • FedRAMP Baseline Security Controls​
  • DoD Cloud Computing SRG​
  • Cloud Security Alliance – Security Trust, Assurance and Risk (STAR)


  • FIPS 199​
  • Federal Information System Controls Audit Manual (FISCAM)​
  • MARS-E​
  • NIST 800-37 (Risk Management Framework)​
  • NIST 800-53/53A (Security Controls for Federal IS)​
  • NIST 800-60 (Guide for Mapping Information Systems to Security Categories)​
  • NIST Cybersecurity Framework (CSF)​
  • IRS 1075

Intelligence Standards

  • CNSS 1253​
  • DCID 6/3 to CNSS transition support​
  • DoD Joint Security Implementation Guide (JSIG)

Supply Chain Risk Management

  • Cybersecurity Maturity Model Certification (CMMC)​
  • NIST SP 800-161 

FISMA Reporting

  • Quarterly and Annual Remediation Reports (POA&M)​
  • NIST 800-18 (Guide for Developing IT System Security Plans)

Agency Security Requirements

  • Air Force​
  • DISA (selected STIGs)​
  • Dept. of Education​
  • Dept. of Health & Human Services (FDA)​
  • Dept. of Homeland Security​
  • Dept. of Justice​
  • Dept. of State​
  • Dept. of Transportation (FAA)​
  • Dept. of Treasury (IRS)​
  • Dept. of Veterans Affairs

On-Demand Webinar

Combatting Audit Fatigue in IT Risk Management

This webinar focuses on issues that arise from having to support multiple compliance regimes and examine ways to harmonize standards that require varying levels of evidence and fidelity. Presented by Steve Horvath, Vice President of Strategy and Cloud for Telos Corporation, and AJ Turcot, Enterprise Account Executive for Telos Corporation, this on-demand webinar offers actionable strategies for combatting IT audit fatigue.

Learn more

Request a Demo
Let us show you Xacta in action.