Draft framework guide library
Source-cited guide structures for the frameworks ControlFrame tracks. External publication stays blocked until source, SME, and Sam review are complete.
CMS EDE Year 9
CMS EDE Year 9 content is draft-gated. ControlFrame currently treats CMS EDE Year 9 as a source authority with GA support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
HITRUST CSF
HITRUST CSF content is draft-gated. ControlFrame currently treats HITRUST CSF as a source authority with Beta support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
SOC 2 Type II
SOC 2 Type II content is draft-gated. ControlFrame currently treats SOC 2 Type II as a source authority with Beta support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
HIPAA Security Rule
HIPAA Security Rule content is draft-gated. ControlFrame currently treats HIPAA Security Rule as a source authority with Beta support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
HIPAA Breach Notification Rule
HIPAA Breach Notification Rule content is draft-gated. ControlFrame currently treats HIPAA Breach Notification Rule as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
NIST SP 800-53
NIST SP 800-53 content is draft-gated. ControlFrame currently treats NIST SP 800-53 as a source authority with Beta support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
NIST Cybersecurity Framework
NIST Cybersecurity Framework content is draft-gated. ControlFrame currently treats NIST Cybersecurity Framework as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
ISO/IEC 27001
ISO/IEC 27001 content is draft-gated. ControlFrame currently treats ISO/IEC 27001 as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
ISO/IEC 42001
ISO/IEC 42001 content is draft-gated. ControlFrame currently treats ISO/IEC 42001 as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
PCI DSS
PCI DSS content is draft-gated. ControlFrame currently treats PCI DSS as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
FedRAMP
FedRAMP content is draft-gated. ControlFrame currently treats FedRAMP as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
CMMC
CMMC content is draft-gated. ControlFrame currently treats CMMC as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
GDPR
GDPR content is draft-gated. ControlFrame currently treats GDPR as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
UK GDPR
UK GDPR content is draft-gated. ControlFrame currently treats UK GDPR as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
NYDFS 23 NYCRR 500
NYDFS 23 NYCRR 500 content is draft-gated. ControlFrame currently treats NYDFS 23 NYCRR 500 as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
CCPA/CPRA + State Privacy
CCPA/CPRA + State Privacy content is draft-gated. ControlFrame currently treats CCPA/CPRA + State Privacy as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
NIS2 Directive
NIS2 Directive content is draft-gated. ControlFrame currently treats NIS2 Directive as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
Digital Operational Resilience Act
Digital Operational Resilience Act content is draft-gated. ControlFrame currently treats Digital Operational Resilience Act as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
EU AI Act
EU AI Act content is draft-gated. ControlFrame currently treats EU AI Act as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.
NERC CIP
NERC CIP content is draft-gated. ControlFrame currently treats NERC CIP as a source authority with Roadmap support status and keeps acquisition blockers visible until authoritative control inventories are reviewed.