One evidence pack. Every framework that matters.
Every audit evidence pack carries control labels for the frameworks below. SOC 2 auditors, federal contractors, NIS2 essential entities, HIPAA Business Associates, and PCI service providers read the same pack — each finds the controls relevant to their audit cross-referenced explicitly.
01 / Registry
| Framework | Registry key | Version | Published | Citation format |
|---|---|---|---|---|
| NIST CSF 2.0 | nist_csf_2 | 2.0 | 2024-02-26 | NIST CSF 2.0 … |
| NIST SP 800-161r1 | nist_800_161 | r1 | 2022-05-05 | NIST SP 800-161r1 … |
| NIST SP 800-171 | nist_800_171 | Rev 3 | 2024-05-14 | NIST SP 800-171 § … |
| NIS2 | nis2_articles | Directive (EU) 2022/2555 | — | NIS2 Art. … |
| SOC 2 TSC | soc2_tsc | 2017 (rev. 2022) | — | SOC 2 TSC … |
| ISO 27001:2022 | iso_27001 | 2022 | — | ISO 27001:2022 … |
| HIPAA Security Rule | hipaa_security_rule | 45 CFR Part 164 Subpart C | — | HIPAA Security Rule … |
| PCI DSS 4.0 | pci_dss_4 | 4.0.1 | — | PCI DSS 4.0 Req. … |
| CSA CCM | csa_ccm | 4.1 | 2024-06-26 | CSA CCM … |
| CSA CAIQ | csa_caiq | 4.1 | 2024-06-26 | CSA CAIQ … |
All references rendered through format_control(registry_key, control)
— a banned-pattern lint test fails CI if any rendered control reference lacks a registered framework prefix.
02 / Don't see your framework?
CMMC · HITRUST · FedRAMP · NIST 800-53 — same plumbing.
Adding a framework is a YAML entry plus the relevant mappings. Drop us a line if you need one.
Generate your first framework-mapped evidence pack.
free · no credit card · 12 sections · SHA-256 sealed