Compliance Platform ↗Academy ↗Store ↗

The Art of Service

Compliance Intelligence API

692 frameworks, 13,700+ controls, and 819,000+ cross-framework mappings. REST API and MCP server for AI agents.

Add to Claude Desktop, Cursor, or any MCP client:

{ "mcpServers": { "compliance": { "url": "https://api.theartofservice.com/mcp" } } }

Popular Framework APIs

ISO 27001:2022 API

95 controls · 4 domains · 612+ mappings

SOC 2 API

54 controls · 5 domains · 547+ mappings

NIST Cybersecurity Framework 2.0 API

103 controls · 6 domains · 584+ mappings

GDPR API

44 controls · 4 domains · 316+ mappings

HIPAA Security Rule API

37 controls · 5 domains · 466+ mappings

CMMC 2.0 API

32 controls · 6 domains · 521+ mappings

NIST SP 800-53 Rev 5 API

172 controls · 18 domains · 597+ mappings

EU AI Act API

25 controls · 5 domains · 544+ mappings

ISO 42001 API

25 controls · 5 domains · 544+ mappings

CIS Controls v8 API

153 controls · 18 domains · 858+ mappings

NIS2 Directive API

24 controls · 5 domains · 480+ mappings

All 693 Framework APIs

CSA CCM v4 · 171 controls ISO 22313:2020 — Guidance on Business Continuity Management Systems · 145 controls ISO 39001:2012 — Road Traffic Safety Management · 145 controls ISO 41001:2018 — Facility Management Systems · 145 controls ISO 50001:2018 — Energy Management Systems · 145 controls ISO 56002 · 138 controls ASD Information Security Manual (ISM) · 136 controls ISO 37002:2021 — Whistleblowing Management Systems · 136 controls NIST Privacy Framework 1.0 · 100 controls Defence Security Principles Framework (DSPF) · 92 controls Protective Security Policy Framework (PSPF) Release 2024 · 91 controls WCAG 2.2 · 86 controls UK Telecommunications (Security) Act 2021 · 76 controls Connecticut Data Privacy Act (CTDPA) · 72 controls ISO/IEC 17025:2017 — General Requirements for Testing and Calibration Laboratories · 65 controls EAR — Export Administration Regulations · 64 controls FedRAMP Rev 5 · 64 controls ISO 15189:2022 — Medical Laboratories Requirements for Quality and Competence · 64 controls PCI DSS v4.0 · 63 controls Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) · 63 controls EU Digital Markets Act · 61 controls Bank Secrecy Act / Anti-Money Laundering (BSA/AML) · 60 controls The Leadership Challenge (Kouzes & Posner) · 60 controls Colorado Privacy Act (CPA) · 59 controls WCO Authorised Economic Operator (AEO) Framework · 59 controls 21 CFR Part 211 — Current Good Manufacturing Practice · 57 controls AS9100D — Aerospace Quality Management System · 57 controls ASD Essential Eight Maturity Model · 57 controls Full Range Leadership Model (Bass & Avolio) · 57 controls ISO/IEC 27003:2017 · 57 controls Heifetz Adaptive Leadership Framework · 56 controls NIS2 Directive Implementing Acts · 56 controls Tennessee Information Protection Act (TIPA) · 56 controls Wisconsin Data Privacy Act (SB 670) · 55 controls Australia Consumer Data Right — Banking (CDR) · 50 controls EIOPA Guidelines on ICT Security and Governance (2020) · 50 controls FTC Health Breach Notification Rule · 50 controls CFTC System Safeguards (17 CFR 37, 38, 39, 49) · 49 controls NAIC Insurance Data Security Model Law (MDL-668) · 49 controls Florida Digital Bill of Rights (FDBR) · 48 controls UK Modern Slavery Act 2015 · 48 controls US EPA Safe Drinking Water Act (SDWA) — Cybersecurity Requirements · 48 controls SSAE 18 — Attestation Standards (SOC Reporting) · 47 controls TISAX — Trusted Information Security Assessment Exchange · 47 controls GLI-33 — Gaming Laboratories International Event Wagering Systems · 46 controls Australia eSafety Commissioner — Online Safety Expectations for Industry · 45 controls Botswana Data Protection Act (2024) · 45 controls FAA Cybersecurity Framework for Aviation · 45 controls ISO 26262:2018 — Functional Safety for Road Vehicles · 45 controls Montenegro Law on Personal Data Protection (2023) · 45 controls North Macedonia Law on Personal Data Protection (2020) · 45 controls Notifiable Data Breaches Scheme (Australia) · 45 controls Paraguay Law on Protection of Personal Data (Law No. 6534/2020) · 45 controls Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act) · 44 controls Portugal Law No. 58/2019 — Data Protection Implementation Act · 44 controls eIDAS 2.0 — EU Digital Identity Regulation · 44 controls APRA CPS 230 Operational Risk Management · 43 controls EU Machinery Regulation (Regulation (EU) 2023/1230) · 43 controls NIST AI 600-1 Generative AI Profile · 43 controls South Korea Personal Information Protection Act (PIPA) · 43 controls CISA ICS-CERT Advisories and Industrial Control Systems Security Guidelines · 42 controls Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) · 42 controls AML/CTF Act 2006 (Australia) · 41 controls EU Anti-Money Laundering Directive (AMLD6 / Directive 2018/1673) · 41 controls EU NIS2 Directive — Energy Sector Cybersecurity Requirements (Directive 2022/2555) · 41 controls European Accessibility Act (Directive (EU) 2019/882) · 41 controls Ontario Accessibility for Ontarians with Disabilities Act (AODA) — IASR Web Standard · 41 controls Philippines Cybercrime Prevention Act (RA 10175) · 41 controls US Gramm-Leach-Bliley Act (GLBA) — Higher Education Safeguards Rule · 41 controls US ITAR and EAR — Export Control and Data Security · 41 controls US SEC Digital Assets and Crypto Regulatory Framework · 41 controls Washington My Health My Data Act (MHMD) · 41 controls CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0 · 40 controls COBIT 2019 · 40 controls EU Taxonomy Regulation · 40 controls FATF 40 Recommendations · 40 controls Jordan Draft Personal Data Protection Law (2022) · 40 controls TNFD Recommendations · 40 controls AASB S2 Climate-related Disclosures · 39 controls ASEAN Data Management Framework · 39 controls Australian Energy Sector Cyber Security Framework (AESCSF) · 39 controls C-TPAT — Customs-Trade Partnership Against Terrorism · 39 controls Cook Islands Electronic Transactions Act & Privacy Provisions (2003) · 39 controls EU General Product Safety Regulation (GPSR, Regulation 2023/988) · 39 controls EU Maritime Single Window Environment Regulation (EU 2019/1239) and EMSA Cybersecurity · 39 controls EU Markets in Crypto-Assets Regulation (MiCA) · 39 controls Modern Slavery Act 2018 (Australia) · 39 controls NRF Cybersecurity and Data Privacy Framework (National Retail Federation) · 39 controls Telecommunications Sector Security Reforms (TSSR) · 39 controls AS9100D:2016 — Quality Management Systems for Aviation, Space, and Defence · 38 controls CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) · 38 controls EU Deforestation-Free Products Regulation (EUDR) · 38 controls EU Seveso III Directive (Directive 2012/18/EU) · 38 controls ISO/IEC 27006:2024 · 38 controls Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018) · 38 controls MiFID II / MiFIR · 38 controls Rwanda Law No. 058/2021 Relating to the Protection of Personal Data · 38 controls UK Product Security and Telecommunications Infrastructure Act (PSTI) · 38 controls Uruguay Personal Data Protection Act (Law No. 18.331) · 38 controls ASD Strategies to Mitigate Cyber Security Incidents · 37 controls EU Network Code on Cybersecurity for the Electricity Sector · 37 controls EU Taxonomy Regulation (Regulation 2020/852) · 37 controls ISO 30414:2018 — Human Resource Management: Guidelines for Internal and External Human Capital Reporting · 37 controls NHS Healthcare Leadership Model · 37 controls OWASP DevSecOps Maturity Model (DSOMM) · 37 controls DO-178C / ED-12C — Software Considerations in Airborne Systems · 36 controls EU European Media Freedom Act (EMFA) · 36 controls EU NIS2 Directive — Transport Sector Requirements · 36 controls FTC GLBA Safeguards Rule (16 CFR Part 314) · 36 controls UK Data Protection Act 2018 · 36 controls Vietnam Law on Cybersecurity (No. 24/2018/QH14) · 36 controls Digital Economy Partnership Agreement (DEPA) · 35 controls EU Markets in Crypto-Assets Regulation (MiCA, Regulation 2023/1114) · 35 controls Finland Data Protection Act (Tietosuojalaki, 1050/2018) · 35 controls ISO 26000:2010 · 35 controls NIST SP 800-171A Rev 3 — Assessing CUI Security Requirements · 35 controls NYDFS Cybersecurity Regulation (23 NYCRR Part 500) · 35 controls Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018) · 35 controls South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics · 35 controls US Americans with Disabilities Act (ADA) — Title III Digital Accessibility · 35 controls US OFAC Sanctions Compliance Framework · 35 controls Brunei Personal Data Protection Order 2024 (PDPO) · 34 controls EU Digital Services Act — Minors Protection Provisions (Regulation 2022/2065) · 34 controls Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) · 34 controls FDA Quality Management System Regulation (QMSR) · 34 controls GAMP 5 — Good Automated Manufacturing Practice · 34 controls Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) · 34 controls Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) · 33 controls ECSS Software Engineering Standards (ESA) · 33 controls EU Pay Transparency Directive (Directive 2023/970) · 33 controls Ethiopia Personal Data Protection Proclamation (No. 1321/2024) · 33 controls FBI CJIS Security Policy · 33 controls ISO/IEC 23894:2023 · 33 controls Japan Act on Specified Commercial Transactions (ASCT) — Digital Services · 33 controls Laos Law on Prevention and Combating Cybercrime (2015) · 33 controls Lebanon Electronic Transactions and Personal Data Protection Law (Law No. 81/2018) · 33 controls Malta Data Protection Act (Cap. 586, 2018) · 33 controls Netherlands GDPR Implementation Act (UAVG — Uitvoeringswet AVG, 2018) · 33 controls Singapore Government Instruction Manual on ICT&SS Management (IM8) · 33 controls ANSSI Cybersecurity Framework · 32 controls BSI IT-Grundschutz · 32 controls Belgium CyberFundamentals · 32 controls CDP (formerly Carbon Disclosure Project) · 32 controls CISA Zero Trust Maturity Model · 32 controls Cyber Essentials Plus · 32 controls DFARS 252.204-7012 — Safeguarding Covered Defense Information · 32 controls DISA Security Technical Implementation Guides (STIGs) · 32 controls DoD Zero Trust Reference Architecture · 32 controls EU Product Liability Directive (Directive (EU) 2024/2853) · 32 controls FISMA · 32 controls FTC Safeguards Rule (16 CFR Part 314) · 32 controls Ghana Cybersecurity Act · 32 controls ISO/IEC 29147:2018 · 32 controls NIST SP 800-171 · 32 controls NIST SP 800-171A — Assessing CUI Security Requirements · 32 controls NIST SP 800-172 · 32 controls NIST SP 800-53A · 32 controls Saudi NCA ECC · 32 controls South Korea Credit Information Act · 32 controls Spain ENS · 32 controls Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD) · 32 controls Zambia Data Protection Act (2021) · 32 controls 21 CFR Part 58 — Good Laboratory Practice (GLP) · 31 controls 3GPP Security · 31 controls AICPA Privacy Management Framework (PMF) · 31 controls Angola Personal Data Protection Law (Law No. 22/11) · 31 controls BREEAM — Building Research Establishment Environmental Assessment Method · 31 controls BSIMM · 31 controls COSO Internal Control — Integrated Framework (2013) · 31 controls California IoT Security Law · 31 controls Costa Rica Personal Data Protection Law (Law No. 8968) · 31 controls Côte d'Ivoire Law on Personal Data Protection (Law No. 2013-450) · 31 controls ETSI EN 303 645 · 31 controls EU Cyber Resilience Act · 31 controls EU Platform Work Directive (Directive 2024/2831) · 31 controls ILO Nursing Personnel Convention C149 (1977) · 31 controls ISO 27002:2022 · 31 controls ISO 27043 · 31 controls ISO/SAE 21434 · 31 controls MITRE ATT&CK · 31 controls MITRE D3FEND · 31 controls NIST AI Risk Management Framework (AI RMF 1.0) · 31 controls NIST SP 800-115 · 31 controls NIST SP 800-123 · 31 controls NIST SP 800-128 · 31 controls NIST SP 800-137 · 31 controls NIST SP 800-150 · 31 controls NIST SP 800-160 · 31 controls NIST SP 800-161 · 31 controls NIST SP 800-181 · 31 controls NIST SP 800-183 · 31 controls NIST SP 800-187 · 31 controls NIST SP 800-207 · 31 controls NIST SP 800-218 · 31 controls NIST SP 800-61 · 31 controls NIST SP 800-63 · 31 controls NIST SP 800-88 · 31 controls NIST SP 800-92 · 31 controls OWASP ASVS · 31 controls OWASP MASVS · 31 controls OWASP SAMM · 31 controls OpenSSF Scorecard · 31 controls PTES · 31 controls SIG (Shared Assessments) · 31 controls SLSA · 31 controls SSDF (NIST) · 31 controls Singapore Payment Services Act 2019 (PSA) — Digital Payment Token Provisions · 31 controls UK PSTI Act · 31 controls UNECE WP.29 R155 · 31 controls UNECE WP.29 R156 · 31 controls Voluntary Principles on Security and Human Rights (VPs) · 31 controls African Union Malabo Convention · 30 controls Canada's Anti-Spam Legislation (CASL) · 30 controls China Personal Information Protection Law (PIPL) · 30 controls EN 301 549 — ICT Accessibility Requirements · 30 controls EU Digital Services Act · 30 controls IEC 62304:2015 Medical Device Software Lifecycle Processes · 30 controls Kuwait Data Privacy Protection Regulation (KDPPR, 2021 — CMA Directive) · 30 controls Pakistan Personal Data Protection Bill 2023 · 30 controls Russia Federal Law on Personal Data (152-FZ) · 30 controls SQF Code Edition 9 — Safe Quality Food · 30 controls Security of Critical Infrastructure Act 2018 (SOCI) · 30 controls UK Online Safety Act 2023 · 30 controls APPI · 29 controls Argentina PDPA · 29 controls Bahrain PDPL · 29 controls Bosnia and Herzegovina Law on Protection of Personal Data (2006, amended 2011) · 29 controls CCPA/CPRA · 29 controls COPPA · 29 controls Chile DPL · 29 controls Chile Personal Data Protection Law (Law No. 21.719) · 29 controls China PIPL · 29 controls Colombia Habeas Data Law · 29 controls Colorado Privacy Act · 29 controls Connecticut DPA · 29 controls Delaware Personal Data Privacy Act · 29 controls Dominican Republic DPL · 29 controls EN 301 549 v3.2.1 — Accessibility Requirements for ICT Products and Services · 29 controls Ecuador LOPDP · 29 controls FERPA · 29 controls ICN Leadership for Change Programme · 29 controls ISO 27701 · 29 controls Iceland DPA · 29 controls India DPDP Act · 29 controls Indiana Consumer Data Protection Act · 29 controls Indonesia PDP Law · 29 controls Iowa Consumer Data Protection Act · 29 controls Jamaica DPA · 29 controls Kentucky Consumer Data Protection Act · 29 controls Kenya DPA · 29 controls LGPD · 29 controls Liechtenstein DPA · 29 controls Malaysia PDPA 2010 · 29 controls Maryland Online Data Privacy Act · 29 controls Mauritius DPA · 29 controls Mexico LFPDPPP · 29 controls Minnesota Consumer Data Privacy Act · 29 controls Montana Consumer Data Privacy Act · 29 controls NIST SP 800-122 · 29 controls Nebraska Data Privacy Act · 29 controls New Hampshire Privacy Act · 29 controls New Jersey Data Privacy Act · 29 controls New Zealand Privacy Act · 29 controls Nigeria NDPR · 29 controls Norway PDPA · 29 controls Oregon Consumer Privacy Act · 29 controls PDPA Singapore · 29 controls PDPA Thailand · 29 controls PIPEDA · 29 controls POPIA · 29 controls Panama Law on Personal Data Protection (Law No. 81 of 2019) · 29 controls Peru DPL · 29 controls Philippines DPA · 29 controls Privacy Act 1988 (Australia) · 29 controls Qatar DPL · 29 controls Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation) · 29 controls Rwanda DPL · 29 controls Saudi Arabia PDPL · 29 controls Serbia Law on Personal Data Protection (2018) · 29 controls South Korea PIPA · 29 controls Switzerland FADP · 29 controls Taiwan PDPA · 29 controls Tennessee IPA · 29 controls Texas Data Privacy Act · 29 controls Turkey KVKK · 29 controls UAE PDPL · 29 controls UK Construction (Design and Management) Regulations 2015 (CDM 2015) · 29 controls UK Gambling Commission — Cyber Resilience Requirements · 29 controls Uruguay DPL · 29 controls Utah Consumer Privacy Act · 29 controls Vietnam PDPD · 29 controls Virginia CDPA · 29 controls 3GPP 5G Security Architecture (TS 33.501) · 28 controls Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014) · 28 controls Automotive SPICE (ASPICE) v4.0 — Process Assessment Model · 28 controls BRCGS Global Standard for Food Safety Issue 9 · 28 controls Cayman Islands Data Protection Act 2017 (DPA) · 28 controls Customs-Trade Partnership Against Terrorism (C-TPAT) · 28 controls EU Chips Act (Regulation (EU) 2023/1781) · 28 controls EU Critical Raw Materials Act (Regulation (EU) 2024/1252) · 28 controls Fiji Data Protection Bill (2020) · 28 controls GHG Protocol · 28 controls Georgia Law on Personal Data Protection (2012) · 28 controls OECD/G20 Principles of Corporate Governance · 28 controls Oman Personal Data Protection Law (Royal Decree 6/2022) · 28 controls Singapore Payment Services Act (PSA) — Digital Payment Token Regulation · 28 controls South Korea Cloud Security Assurance Program (CSAP) · 28 controls WCO SAFE Framework of Standards to Secure and Facilitate Global Trade (2021) · 28 controls Zimbabwe Data Protection Act (2021) · 28 controls EU Digital Services Act — Online Gaming Platform Requirements · 27 controls EU PSD3 and Payment Services Regulation (Proposed) · 27 controls Egypt Personal Data Protection Law (Law No. 151 of 2020) · 27 controls FFIEC Cybersecurity Assessment Tool (CAT) · 27 controls Goleman Emotional Intelligence Leadership Framework · 27 controls ILO Tripartite Declaration of Principles concerning Multinational Enterprises (MNE Declaration) · 27 controls ISO/IEC 27011:2024 · 27 controls ITAR — International Traffic in Arms Regulations · 27 controls Peru Personal Data Protection Law (Law No. 29733) · 27 controls SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) · 27 controls UAE Virtual Asset Regulatory Authority (VARA) Regulations · 27 controls Uzbekistan Law on Personal Data (No. ZRU-547) · 27 controls Australia Online Safety Act 2021 · 26 controls Basel III International Banking Framework · 26 controls Denmark Data Protection Act (Databeskyttelsesloven, 2018) · 26 controls EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) · 26 controls EU SFDR (Sustainable Finance Disclosure Regulation) · 26 controls Extractive Industries Transparency Initiative (EITI) Standard (2023) · 26 controls IATA Operational Safety Audit (IOSA) Standards Manual · 26 controls ISO 37000:2021 — Governance of Organizations · 26 controls ISO/IEC 27014:2020 · 26 controls Jamaica Data Protection Act 2020 · 26 controls Mauritius Data Protection Act 2017 · 26 controls OCC Heightened Standards (12 CFR Part 30, Appendix D) · 26 controls Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016) · 26 controls UK Security and Emergency Measures Direction (SEMD) — Water Industry · 26 controls Uganda Data Protection and Privacy Act (2019) · 26 controls Vermont Artificial Intelligence and Consumer Data Act (AICDA) · 26 controls WELL Building Standard v2 (International WELL Building Institute) · 26 controls AICPA SOC 1 · 25 controls AICPA SOC 3 · 25 controls APRA CPS 234 · 25 controls AWS Well-Architected Security Pillar · 25 controls AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) · 25 controls Australia AI Ethics Framework · 25 controls Australia NHMRC National Statement on Ethical Conduct in Human Research · 25 controls Azure Security Benchmark · 25 controls BCBS 239 · 25 controls Brazil AI Framework · 25 controls C5 (Germany) · 25 controls CAIQ (CSA) · 25 controls CDP Corporate Questionnaire · 25 controls CWE Top 25 Most Dangerous Software Weaknesses (2024) · 25 controls China AI Regulations · 25 controls Consumer Data Right (CDR) Framework (Australia) · 25 controls DORA · 25 controls ECB TIBER-EU · 25 controls ESA ECSS-E-ST-40C — Space Software Engineering Standard · 25 controls ESRB Privacy Certified Programme · 25 controls EU European Health Data Space (EHDS) · 25 controls FFIEC IT Examination Handbook · 25 controls GLBA · 25 controls HKMA SPM · 25 controls IATF 16949:2016 — Quality Management System for Automotive Production · 25 controls IEEE 7000 · 25 controls ISMAP (Japan) · 25 controls ISO 27017 · 25 controls ISO 27018 · 25 controls ISO 8000 — Data Quality · 25 controls ISO/IEC 27010:2015 · 25 controls Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) · 25 controls Japan AI Guidelines · 25 controls MAS TRM · 25 controls MTCS (Singapore) · 25 controls NIST SP 800-144 · 25 controls NIST SP 800-145 · 25 controls NIST SP 800-146 · 25 controls NIST SP 800-190 · 25 controls NRC 10 CFR 73.54 — Nuclear Facility Cybersecurity · 25 controls OECD AI Principles · 25 controls OSFI B-13 · 25 controls Open Banking Security · 25 controls PCI P2PE · 25 controls PCI SSF · 25 controls PSD2 SCA · 25 controls SASB Standards (ISSB Integrated) · 25 controls SWIFT CSCF · 25 controls SWIFT CSP · 25 controls Singapore AI Governance Framework · 25 controls Singapore Protection from Online Falsehoods and Manipulation Act (POFMA, 2019) · 25 controls Tanzania Personal Data Protection Act (Draft) · 25 controls UK AI Regulation Framework · 25 controls UK Bribery Act 2010 · 25 controls UNESCO Recommendation on the Ethics of AI · 25 controls APEC Cross-Border Privacy Rules (CBPR) System · 24 controls API 1164 · 24 controls BIMCO Cyber Security · 24 controls Brazil Open Finance (Resolução Conjunta No. 1/2020) · 24 controls C2M2 · 24 controls Canada Artificial Intelligence and Data Act (AIDA) · 24 controls Canada ITSG-33 — IT Security Risk Management · 24 controls Czech Republic Act on Personal Data Processing (Act No. 110/2019 Sb.) · 24 controls DO-326A · 24 controls EDM Council DCAM — Data Management Capability Assessment Model · 24 controls FCC Customer Proprietary Network Information (CPNI) and Data Breach Rules (47 CFR 64.2001-2011) · 24 controls FDA 21 CFR Part 11 · 24 controls HKMA Cyber Resilience Assessment Framework (C-RAF) · 24 controls IAIS Insurance Core Principles (ICPs) · 24 controls IEC 62443 · 24 controls IEEE 1686 · 24 controls ISO 13485 · 24 controls ISO 27019 · 24 controls ISO 27799 · 24 controls ISO/IEC 27004:2016 · 24 controls ISO/IEC 27400:2022 · 24 controls ISO/IEC 38500:2024 — Governance of IT · 24 controls Illinois Biometric Information Privacy Act (BIPA) · 24 controls Kenya Data Protection Act 2019 · 24 controls MARS-E · 24 controls MDS2 (Medical Device) · 24 controls NIST SP 1800-32 · 24 controls NIST SP 800-66 · 24 controls Nevada Gaming Control Board Cybersecurity Requirements · 24 controls New Zealand Information Security Manual (NZISM) · 24 controls PAS 1192-5:2015 — Security-Minded Approach to BIM and Digital Built Environments · 24 controls Senegal Law on Personal Data Protection (Law No. 2008-12) · 24 controls Senge Fifth Discipline — Learning Organization · 24 controls TSA Pipeline Security · 24 controls Tunisia Organic Law on Personal Data Protection (Law No. 2004-63) · 24 controls Turkey Personal Data Protection Law (KVKK — Law No. 6698) · 24 controls UK Building Safety Act 2022 · 24 controls UK GDPR (UK General Data Protection Regulation) · 24 controls US Executive Order 14028 — Improving the Nation's Cybersecurity · 24 controls WHO Global Competency Model · 24 controls Armenia Law on Protection of Personal Data (2015) · 23 controls Barbados Data Protection Act 2019 · 23 controls China Cybersecurity Law (CSL) · 23 controls EU Better Internet for Kids (BIK+) Strategy · 23 controls EU GMP Annex 11 — Computerised Systems · 23 controls EU In Vitro Diagnostic Medical Devices Regulation (IVDR) · 23 controls Greece Law 4624/2019 — Hellenic Data Protection Authority (HDPA) Implementation Act · 23 controls ICAO Annex 17 — Aviation Security (AVSEC) · 23 controls ISO 9001 · 23 controls ISO/IEC 29134:2023 · 23 controls Lithuania Law on Legal Protection of Personal Data (2018) · 23 controls Morocco Data Protection Law (09-08) · 23 controls NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205) · 23 controls SASB Standards · 23 controls Solvency II · 23 controls TEFCA — Trusted Exchange Framework and Common Agreement · 23 controls Trinidad and Tobago Data Protection Act 2011 · 23 controls UK ONR Cyber Security and Information Assurance (CSIA) for Nuclear Facilities · 23 controls UNICEF Policy Guidance on AI for Children (2021) · 23 controls WHO Global Strategy on Digital Health 2020-2025 · 23 controls 3GPP Security Architecture (TS 33.501 — 5G Security) · 22 controls ASIC Cyber Resilience Good Practices · 22 controls ASIS SPC.1-2009 — Organizational Resilience Standard · 22 controls Aged Care Quality Standards (Australia) · 22 controls Australia My Health Records Act 2012 · 22 controls EU AI Liability Directive · 22 controls EU Cyber Solidarity Act (Regulation (EU) 2025/38) · 22 controls EU ePrivacy Directive (2002/58/EC) · 22 controls FATF Recommendation 16 — Virtual Asset Travel Rule · 22 controls FIDO2 and W3C WebAuthn Standard · 22 controls Ghana Data Protection Act 2012 (Act 843) · 22 controls IACS Unified Requirements E26/E27 — Cyber Resilience of Ships and On-Board Systems · 22 controls IAEA Nuclear Security Series — Computer Security at Nuclear Facilities (NSS-17-T Rev 1) · 22 controls ICH E6(R2) Good Clinical Practice — Data Integrity and Electronic Systems · 22 controls IFRS 17 — Insurance Contracts · 22 controls ISO 14064 — Greenhouse Gas Accounting and Verification (Parts 1-3) · 22 controls ISO/IEC 23837 — Security Requirements for Quantum Key Distribution · 22 controls ISO/IEC 27031:2011 · 22 controls ISO/IEC 27557:2022 — Organisational Privacy Risk Management · 22 controls ISO/IEC 30111:2019 · 22 controls India CERT-In Cyber Security Directions 2022 · 22 controls PCI PIN Security · 22 controls Science Based Targets initiative (SBTi) Corporate Standard · 22 controls CCSDS 350.0-G-3 — Space Communications Security (Consultative Committee for Space Data Systems) · 21 controls CISA Secure by Design Principles · 21 controls Colombia Data Protection Law (Law 1581 of 2012 — SIC Oversight) · 21 controls DAMA-DMBOK2 — Data Management Body of Knowledge (2nd Edition) · 21 controls EU Audiovisual Media Services Directive (AVMSD, Directive 2018/1808) · 21 controls EU Carbon Border Adjustment Mechanism (CBAM) · 21 controls ISO 19650 — Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM) · 21 controls ISO 28001:2007 Supply Chain Security Management · 21 controls ISO 37000:2021 · 21 controls ISO/IEC 29115:2023 — Entity Authentication Assurance Framework · 21 controls Kazakhstan Law on Personal Data and Their Protection (No. 94-V) · 21 controls MARS-E — Minimum Acceptable Risk Standards for Exchanges · 21 controls Myanmar Cybersecurity Law (2023) · 21 controls NIST SP 800-82 Rev 3 — Guide to OT Security · 21 controls Nigeria Data Protection Act 2023 (NDPA) · 21 controls OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update) · 21 controls Online Safety Act 2021 (Australia) · 21 controls Science Based Targets Initiative (SBTi) — Net-Zero Standard · 21 controls UK Defence Standard 05-138 — Cyber Security for Defence Suppliers · 21 controls UK Open Banking Standard · 21 controls US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements · 21 controls US NRC 10 CFR 73.54 — Cyber Security for Nuclear Power Plants · 21 controls Ukraine Law on Personal Data Protection (Law No. 2297-VI) · 21 controls CNCF Cloud Native Security (Cloud Native Computing Foundation) · 20 controls COSO ERM · 20 controls COSO Enterprise Risk Management (ERM) Framework (2017) · 20 controls Colorado AI Act (SB 24-205) · 20 controls EU Data Act · 20 controls EU Medical Devices Regulation (MDR 2017/745) · 20 controls EU Taxonomy for Sustainable Activities (Regulation 2020/852) · 20 controls EU Union Customs Code (UCC) — Data Protection and Security Provisions (Regulation 952/2013) · 20 controls Florida Digital Bill of Rights (SB 262) · 20 controls HITECH Act · 20 controls IEC 60601-1 — Medical Electrical Equipment Safety · 20 controls ISO 22301 · 20 controls ISO 22316 · 20 controls ISO 22317 · 20 controls ISO 22318 · 20 controls ISO 22320:2018 · 20 controls ISO 27005 · 20 controls ISO 31000 · 20 controls ISO/IEC 29100:2024 · 20 controls LEADS in a Caring Environment · 20 controls LEED v4.1 — Green Building Rating System (US Green Building Council) · 20 controls NATO AQAP 2110 — Quality Assurance Requirements for Design, Development, and Production · 20 controls NIST SP 800-30 · 20 controls NIST SP 800-37 · 20 controls NIST SP 800-39 · 20 controls PCAOB AS 2201 — Audit of Internal Control Over Financial Reporting (ICFR) · 20 controls Privacy and Other Legislation Amendment Act 2024 (Australia) · 20 controls RBI Cybersecurity Framework for Banks · 20 controls South Korea ISMS-P · 20 controls Space ISAC (Information Sharing and Analysis Center) — Threat Framework · 20 controls Tonga Communications Act (2015) — Privacy & Data Protection · 20 controls UK FCA/PRA Operational Resilience Framework · 20 controls UN Guiding Principles on Business and Human Rights (UNGPs) · 20 controls US Automated Commercial Environment (ACE) — CBP Trade Data Requirements · 20 controls US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates · 20 controls US Consumer Product Safety Commission (CPSC) — Connected Product Safety · 20 controls US Foreign Corrupt Practices Act (FCPA) · 20 controls US Section 508 — ICT Accessibility Standards (Revised 2017) · 20 controls APRA Prudential Standard CPS 234 — Information Security (Australia) · 19 controls BS 65000:2014 — Guidance on Organizational Resilience · 19 controls Croatia Act on Implementation of the GDPR (Official Gazette 42/2018) · 19 controls Defence Industry Security Program (DISP) · 19 controls EU Energy Performance of Buildings Directive (EPBD Recast, Directive 2024/1275) · 19 controls ISO 20000-1 · 19 controls ISO 20400:2017 — Sustainable Procurement · 19 controls ISO 22739:2024 — Blockchain and Distributed Ledger Technologies Vocabulary · 19 controls ISO 37301 · 19 controls ISO/IEC 27007:2020 · 19 controls ITIL 4 · 19 controls Japan FSA Cybersecurity Guidelines for Financial Institutions · 19 controls Privacy by Design (PbD) — Seven Foundational Principles · 19 controls SA8000:2014 — Social Accountability Standard · 19 controls SANS Incident Handler's Handbook and PICERL Methodology · 19 controls Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023) · 19 controls Authorised Economic Operator (AEO) Programmes — Global Standards · 18 controls Bermuda Monetary Authority (BMA) Cyber Risk Management Code of Conduct · 18 controls China Data Security Law (DSL) · 18 controls EASA Part-IS — Information Security in Aviation · 18 controls EN 50126/50128/50129 — Railway RAMS and Safety · 18 controls EU Code of Conduct for Research Data Management (GDPR Article 40) · 18 controls EU Web Accessibility Directive (Directive 2016/2102) · 18 controls Global Cross-Border Privacy Rules (Global CBPR) Forum · 18 controls ISO 19011 · 18 controls ISO 30401 · 18 controls ISO 37001 · 18 controls ISO 55001 · 18 controls ISO/IEC 25012:2008 — Data Quality Model · 18 controls NIST Privacy Framework Version 1.0 · 18 controls RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) · 18 controls Section 508 — ICT Accessibility (Revised) · 18 controls South Africa Promotion of Access to Information Act (PAIA) · 18 controls UK Age Appropriate Design Code (Children's Code) · 18 controls UNCITRAL Model Law on Electronic Commerce (1996, updated 2005) · 18 controls USMCA Chapter 19 — Digital Trade (United States-Mexico-Canada Agreement) · 18 controls W3C Verifiable Credentials (VC) Data Model 2.0 · 18 controls ASEAN Guide on AI Governance and Ethics · 17 controls ECB TIBER-EU Framework · 17 controls EU Clinical Trials Regulation (CTR 536/2014) · 17 controls EU Data Governance Act (DGA) · 17 controls FIRST CSIRT Services Framework and Standards · 17 controls ICH E6(R3) — Good Clinical Practice · 17 controls ISO/IEC 27050 — Electronic Discovery (Parts 1-4) · 17 controls ISPE GAMP 5 — A Risk-Based Approach to Compliant GxP Computerised Systems · 17 controls Maslach Burnout Prevention Model · 17 controls NFPA 1600 — Standard on Continuity, Emergency, and Crisis Management · 17 controls NIST SP 800-34 Rev 1 — Contingency Planning Guide · 17 controls Oman National Cybersecurity Framework · 17 controls PIC/S Guide to Good Manufacturing Practice for Medicinal Products · 17 controls TSA Pipeline Cybersecurity Directives · 17 controls APRA SPS 220 Risk Management (Superannuation) · 16 controls EU Whistleblower Protection Directive (2019/1937) · 16 controls FSSC 22000 — Food Safety System Certification · 16 controls GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6 · 16 controls ICC Incoterms 2020 — International Commercial Terms · 16 controls Kids Online Safety Act (KOSA) · 16 controls Kuwait National Cybersecurity Framework · 16 controls Lloyd's Minimum Standards — Cyber Security · 16 controls OWASP Top 10:2025 · 16 controls PEGI — Pan European Game Information Age Rating System · 16 controls Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016) · 16 controls SOC for Cybersecurity — Cybersecurity Risk Management Examination · 16 controls Singapore Model AI Governance Framework (2nd Edition) · 16 controls Sri Lanka Personal Data Protection Act (No. 9 of 2022) · 16 controls Sweden Data Protection Act (Dataskyddslag, 2018:218) · 16 controls Azerbaijan Law on Personal Data (2010) · 15 controls CSA STAR (Security, Trust, Assurance, and Risk) · 15 controls Critical Infrastructure Risk Management Program (CIRMP) Rules 2023 · 15 controls EMV 3-D Secure (3DS2) — Payment Authentication Protocol · 15 controls ENISA Privacy Enhancing Technologies (PETs) Guidance · 15 controls ICH Q10 — Pharmaceutical Quality System · 15 controls IRM Enterprise Risk Management Framework (Institute of Risk Management) · 15 controls ISO 22000 · 15 controls ISO 45001 · 15 controls NABERS — National Australian Built Environment Rating System · 15 controls NIST SP 800-124 Rev 2 — Mobile Device Security · 15 controls SWIFT Customer Security Programme (CSP) · 15 controls Singapore Cybersecurity Act 2018 · 15 controls UK Concordat on Open Research Data (UKRI) · 15 controls Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018) · 14 controls Belgium Data Protection Act (Wet van 30 juli 2018, Loi du 30 juillet 2018) · 14 controls CSRD · 14 controls Cyber Security Act 2024 (Australia) · 14 controls EDM Council CDMC — Cloud Data Management Capabilities Framework · 14 controls GRI Standards · 14 controls IEC 62351 — Power Systems Communication Security · 14 controls ISO 14001 · 14 controls ISSB Standards · 14 controls ITU-T X.805 — Security Architecture for End-to-End Communications · 14 controls Israel Protection of Privacy Law (5741-1981) · 14 controls Nigeria Open Banking Regulatory Framework (CBN, 2023) · 14 controls OECD AI Principles (2024 Update) · 14 controls PropTech Security Standards — Smart Building Cybersecurity · 14 controls Regional Comprehensive Economic Partnership (RCEP) — E-Commerce Chapter · 14 controls Responsible Minerals Initiative (RMI) — Responsible Minerals Assurance Process · 14 controls SEC Cybersecurity Disclosure Rules · 14 controls TCFD Recommendations · 14 controls Australian Privacy Principles (APPs) · 13 controls Bermuda Personal Information Protection Act 2016 (PIPA) · 13 controls Equator Principles (EP4, 2020) · 13 controls German Supply Chain Due Diligence Act (LkSG) · 13 controls HL7 FHIR Security Framework · 13 controls ISAE 3402 — Assurance Reports on Controls at a Service Organisation · 13 controls NATO Cyber Defence Standards and NCIRC (NATO Computer Incident Response Capability) · 13 controls NERC CIP · 13 controls O-RAN Alliance Security Specifications (O-RAN.WG11) · 13 controls Philippines Data Privacy Act (RA 10173) · 13 controls Sigstore — Software Artifact Signing and Verification · 13 controls Student Privacy Pledge 2020 · 13 controls Argyris Double-Loop Learning · 12 controls Australia IRAP — Information Security Registered Assessors Program · 12 controls GS1 Global Standards — Supply Chain Traceability and Data Security · 12 controls IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2) · 12 controls IRS Publication 1075 — Tax Information Security Guidelines · 12 controls ITU Radio Regulations and Space Security Standards · 12 controls India Account Aggregator Framework (RBI) · 12 controls RICS Professional Standards — Data and Technology in Property · 12 controls Right to Disconnect (Australia) · 12 controls VUCA Leadership Framework · 12 controls Virginia Consumer Data Protection Act (VCDPA) · 12 controls ETSI QKD Standards — Quantum Key Distribution (ETSI ISG QKD) · 11 controls FIDO2 / WebAuthn — Passwordless Authentication Standard · 11 controls French Sapin II Law (Law No. 2016-1691) · 11 controls Hersey & Blanchard Situational Leadership Model · 11 controls NATO STANAG 4774/4778 — Confidentiality Metadata Labels · 11 controls NSA CNSA Suite 2.0 — Commercial National Security Algorithm Suite · 11 controls Own Risk and Solvency Assessment (ORSA) — NAIC Model Act · 11 controls SEC Climate Disclosure Rule · 11 controls ICMM Mining Principles (2024 Update) · 10 controls ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions) · 10 controls Lloyd's of London Cyber Insurance Requirements and Underwriting Standards · 10 controls OWASP API Security Top 10:2023 · 10 controls OWASP Top 10 for LLM Applications 2025 · 10 controls Ethical Trading Initiative (ETI) Base Code · 9 controls Fair Labor Association (FLA) Workplace Code of Conduct · 9 controls NSA Quantum-Resistant (QR) Cryptography Migration Guidance · 9 controls APRA CPS 220 Risk Management · 8 controls BSI C5 — Cloud Computing Compliance Criteria Catalogue · 8 controls Kolb Experiential Learning Cycle · 8 controls Kotter 8-Step Change Model · 8 controls MTCS — Multi-Tier Cloud Security (Singapore) · 4 controls Samoa Telecommunications Act (2005) — Privacy & Data Protection · 4 controls Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) · 3 controls Sarbanes-Oxley Act (SOX)

Frequently Asked Questions

What is the Compliance Intelligence API?▾

A REST and MCP API providing programmatic access to 692 compliance frameworks, 13,700+ controls, and 819,000+ cross-framework control mappings. Query framework details, map controls between standards, run gap analyses, and get coverage reports.

Is there a free tier?▾

Yes. Anonymous access gives you 10 API calls per day with no signup required. Free accounts get 100 calls/month with an API key. Professional plans start at $49/month with 10,000 calls included.

Does it work with AI agents?▾

Yes. The API is available as an MCP (Model Context Protocol) server at api.theartofservice.com/mcp. Add it to Claude Desktop, Cursor, Windsurf, or any MCP client. AI agents can query compliance data directly.

What frameworks are available?▾

692 frameworks including ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, PCI DSS, CMMC, NIS2, DORA, EU AI Act, and hundreds more. Each framework includes controls, domains, and cross-framework mappings.

Start building with the Compliance API

No signup required for 10 free API calls per day. Create a free account for 100 calls/month.

Create Free Account