Compliance Standards

Xacta supports a wide range of security compliance standards and policies.

Out of the box, Xacta® supports a wide range of frameworks and regulatory content across all industries with no-code customization options for tailoring content to fit your organization’s needs. Don’t see a regulation or framework listed here? Telos has our own content development team, and we are always expanding our library as customer requirements arise.

Industry and International

  • California Consumer Privacy Act (CCPA)​
  • CCE/CPE/CVE/CVSS/OVAL/XCCDF​
  • COBIT 5​
  • COBIT 12​
  • Common Criteria (selected protection profiles)​
  • Cyber Risk Institute Profile​
  • Family Educational Rights and Privacy Act (FERPA)​
  • Federal Financial Institutions Examination Council (FFIEC)​
  • Financial Services Sector Coordinating Council (FSSCC)​
  • General Data Protection Regulation (GDPR)​
  • Health Insurance Portability and Accountability Act (HIPAA)​
  • ISO/IEC 27001
  • ISO/IEC 27002​
  • JSP 604 (British Gov Cloud)​
  • North American Electric Reliability Corporation (NERC)​
  • NIST SP 800-171 (Protecting CUI in Nonfederal Systems and Organizations)​
  • NIST SP 800-172 Enhanced Security Requirements for Protecting CUI:  A Supplement to NIST SP 800-171​
  • Payment Card Industry Data Security Standard (PCI DSS)​
  • Sarbanes-Oxley Act​
  • SOC 1 and 2 – American Institute of Certified Public Accountants

Cloud/FedRAMP

  • FedRAMP Baseline Security Controls​
  • DoD Cloud Computing SRG​
  • Cloud Security Alliance – Security Trust, Assurance and Risk (STAR)

Civilian

  • USGCB/SCAP​
  • FIPS 199​
  • Federal Information System Controls Audit Manual (FISCAM)​
  • MARS-E​
  • NIST 800-37 (Risk Management Framework)​
  • NIST 800-53/53A (Security Controls for Federal IS)​
  • NIST 800-60 (Guide for Mapping Information Systems to Security Categories)​
  • NIST Cybersecurity Framework (CSF)​
  • IRS 1075

Intelligence Standards

  • CNSS 1253​
  • DCID 6/3 to CNSS transition support​
  • DoD Joint Security Implementation Guide (JSIG)

Supply Chain Risk Management

  • Cybersecurity Maturity Model Certification (CMMC)​
  • NIST SP 800-161 

FISMA Reporting

  • Quarterly and Annual Remediation Reports (POA&M)​
  • NIST 800-18 (Guide for Developing IT System Security Plans)

Agency Security Requirements

  • Air Force​
  • DISA (selected STIGs)​
  • Dept. of Education​
  • Dept. of Health & Human Services (FDA)​
  • Dept. of Homeland Security​
  • Dept. of Justice​
  • Dept. of State​
  • Dept. of Transportation (FAA)​
  • Dept. of Treasury (IRS)​
  • Dept. of Veterans Affairs

Request a Demo
Let us show you Xacta in action.