Year 9 / PY2026
CMS Enhanced Direct Enrollment
First seeded template. HPS / MarketLink is a sample project instance with placeholders until ControlFrame collectors run.
3
Native IDs
4
Collectors
9
Seed rows
browser flowapidocumentconfiguration
Framework library
Add the right audit program to the company profile.
Frameworks are reusable programs inside ControlFrame. Choose the framework, bind it to a company and target application, then run evidence collection through the same operating model.
01
Company profile
Confirm systems, data classes, owners, vendors, and target environments.
02
Framework program
Select CMS EDE, SOC 2, PCI, ISO, HIPAA, HITRUST, FedRAMP, CMMC, GDPR, or NYDFS.
03
Evidence plan
Map collectors, manual evidence, private runner access, and reviewer gates.
04
Audit package
Run tests, resolve findings, approve artifacts, and export the auditor package.
Available programs
Choose one framework, then configure the project.
12 framework templates
active showcase
CMMC 2.0 / 32 CFR Part 170 and DFARS rollout
Cybersecurity Maturity Model Certification
Defense-industrial-base template. Strong reason for private deployment, appliance collectors, and careful data-residency boundaries.
3
Native IDs
4
Collectors
5
Seed rows
configurationdocumentmanual uploadapi
45 CFR Parts 160 and 164; Security Rule with 2025 proposed update tracked
HIPAA Security and Privacy Rules
Planned reusable template for administrative, physical, and technical safeguard evidence with source-backed CFR mapping.
2
Native IDs
3
Collectors
13
Seed rows
documentconfigurationmanual upload
CSF v11.7.0
HITRUST CSF
High-value healthcare assurance template. Build after HIPAA/SOC 2 primitives so HITRUST can reuse the shared control spine.
3
Native IDs
4
Collectors
21
Seed rows
documentconfigurationapimanual upload
NIST CSF 2.0
NIST Cybersecurity Framework
Planned reusable template for risk governance and security operations evidence mapped to native CSF outcomes.
3
Native IDs
3
Collectors
5
Seed rows
documentconfigurationapi
PCI DSS v4.0.1
PCI DSS 4.0
Planned reusable template for cardholder data environment scoping, access controls, logging, vulnerability evidence, and SAQ/ROC support.
3
Native IDs
4
Collectors
9
Seed rows
configurationapidocumentmanual upload
2017 TSC with revised points of focus - 2022
SOC 2 Trust Services Criteria
Planned reusable template for control narratives, tickets, cloud configuration, access reviews, and auditor packages.
3
Native IDs
3
Collectors
18
Seed rows
documentconfigurationmanual upload
Rev. 5 baselines / FedRAMP 20x tracked
FedRAMP
Federal cloud-assurance template. Requires strict package fidelity, OSCAL support, and deployment isolation options.
4
Native IDs
4
Collectors
5
Seed rows
configurationapidocumentmanual upload
Regulation (EU) 2016/679
General Data Protection Regulation
Privacy-program template that should share inventory, vendor, data-flow, and security evidence with HIPAA, SOC 2, ISO, and NIST.
3
Native IDs
4
Collectors
5
Seed rows
documentconfigurationdatabasemanual upload
ISO/IEC 27001:2022
ISO/IEC 27001
Global ISMS template. Strong reuse candidate across SOC 2, HITRUST, NIST, and ISO 42001 governance evidence.
3
Native IDs
3
Collectors
5
Seed rows
documentconfigurationmanual upload
ISO/IEC 42001:2023
ISO/IEC 42001 AI Management System
Planned reusable template for AI system inventory, risk treatment, monitoring, and management review evidence.
3
Native IDs
3
Collectors
6
Seed rows
documentmanual uploadconfiguration
23 NYCRR Part 500 with Second Amendment effective 2023-11-01
NYDFS Cybersecurity Regulation
Financial-services cyber template. Useful for showing ControlFrame can support regulation-specific deadlines, attestations, and notification workflows.
4
Native IDs
4
Collectors
5
Seed rows
documentconfigurationapimanual upload