Compliance Standards
Xacta supports a wide range of security compliance standards and policies.
Out of the box, Xacta® supports a wide range of frameworks and regulatory content across all industries with no-code customization options for tailoring content to fit your organization’s needs. Don’t see a regulation or framework listed here? Telos has our own content development team, and we are always expanding our library as customer requirements arise.
Industry and International
- California Consumer Privacy Act (CCPA)
- CCE/CPE/CVE/CVSS/OVAL/XCCDF
- COBIT 5
- COBIT 12
- Common Criteria (selected protection profiles)
- Cyber Risk Institute Profile
- Family Educational Rights and Privacy Act (FERPA)
- Federal Financial Institutions Examination Council (FFIEC)
- Financial Services Sector Coordinating Council (FSSCC)
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- ISO/IEC 27001
- ISO/IEC 27002
- JSP 604 (British Gov Cloud)
- North American Electric Reliability Corporation (NERC)
- NIST SP 800-171 (Protecting CUI in Nonfederal Systems and Organizations)
- NIST SP 800-172 Enhanced Security Requirements for Protecting CUI: A Supplement to NIST SP 800-171
- Payment Card Industry Data Security Standard (PCI DSS)
- Sarbanes-Oxley Act
- SOC 1 and 2 – American Institute of Certified Public Accountants
Cloud/FedRAMP
- FedRAMP Baseline Security Controls
- DoD Cloud Computing SRG
- Cloud Security Alliance – Security Trust, Assurance and Risk (STAR)
Civilian
- USGCB/SCAP
- FIPS 199
- Federal Information System Controls Audit Manual (FISCAM)
- MARS-E
- NIST 800-37 (Risk Management Framework)
- NIST 800-53/53A (Security Controls for Federal IS)
- NIST 800-60 (Guide for Mapping Information Systems to Security Categories)
- NIST Cybersecurity Framework (CSF)
- IRS 1075
Intelligence Standards
- CNSS 1253
- DCID 6/3 to CNSS transition support
- DoD Joint Security Implementation Guide (JSIG)
Supply Chain Risk Management
- Cybersecurity Maturity Model Certification (CMMC)
- NIST SP 800-161
FISMA Reporting
- Quarterly and Annual Remediation Reports (POA&M)
- NIST 800-18 (Guide for Developing IT System Security Plans)
Agency Security Requirements
- Air Force
- DISA (selected STIGs)
- Dept. of Education
- Dept. of Health & Human Services (FDA)
- Dept. of Homeland Security
- Dept. of Justice
- Dept. of State
- Dept. of Transportation (FAA)
- Dept. of Treasury (IRS)
- Dept. of Veterans Affairs
Request a Demo
Let us show you Xacta in action.