Compliance Platform ↗Academy ↗Store ↗

The Art of Service

Compliance Intelligence API

718 frameworks, 20,400+ controls (99.7% with auditor evidence), and 330,000+ verified cross-framework mappings. REST API and MCP server for AI agents.

Add to Claude Desktop, Cursor, or any MCP client:

{ "mcpServers": { "compliance": { "url": "https://api.theartofservice.com/mcp" } } }

Popular Framework APIs

ISO 27001:2022 API

56 controls · 5 domains · 79+ mappings

SOC 2 API

54 controls · 17 domains · 148+ mappings

NIST Cybersecurity Framework 2.0 API

106 controls · 12 domains · 251+ mappings

GDPR API

27 controls · 13 domains · 241+ mappings

HIPAA Security Rule API

66 controls · 8 domains · 7+ mappings

PCI DSS 4.0 API

168 controls · 12 domains · 5+ mappings

CMMC 2.0 API

110 controls · 14 domains · 11+ mappings

NIST SP 800-53 Rev 5 API

192 controls · 22 domains · 244+ mappings

EU AI Act API

36 controls · 10 domains · 8+ mappings

ISO 42001 API

25 controls · 5 domains · 544+ mappings

CIS Controls v8 API

153 controls · 18 domains · 2+ mappings

NIS2 Directive API

8 controls · 8 domains · 147+ mappings

All 803 Framework APIs

Australian Information Security Manual · 1081 controls FedRAMP High · 417 controls NIST SP 800-53 Revision 5.1 HIGH · 317 controls NIST SP 800-53 Rev 5 MODERATE · 275 controls FedRAMP Moderate · 238 controls Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1 · 197 controls NIST SP 800-53 Rev 5 LOW · 173 controls CSA CCM v4 · 171 controls ISO 39001:2012 - Road Traffic Safety Management · 169 controls ISO 41001:2018 - Facility Management Systems · 168 controls ISO 22313:2020 - Guidance on Business Continuity Management Systems · 167 controls ISO 56002 · 164 controls ISO 37002:2021 - Whistleblowing Management Systems · 159 controls ASD Information Security Manual (ISM) · 136 controls ISO 27701:2019 · 136 controls C5 (Germany) · 121 controls NIST SP 800-171 Rev 3 · 97 controls ISO 27002:2022 · 94 controls NIST SP 800-171 · 93 controls ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories · 90 controls AWS Well-Architected Security Pillar · 89 controls ISO/IEC 23894:2023 · 85 controls ISO 27018:2019 · 84 controls ISO 13485:2016 · 83 controls IEC 62443 · 81 controls ISO/IEC 42001:2023 · 80 controls 21 CFR Part 211 - Current Good Manufacturing Practice · 78 controls FFIEC IT Examination Handbook · 78 controls ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence · 77 controls ISO/IEC 27003:2017 · 72 controls ISO 9001:2015 · 71 controls ISO 22000:2018 · 70 controls ISO 26262:2018 - Functional Safety for Road Vehicles · 69 controls COBIT 2019 · 68 controls SSAE 18 - Attestation Standards (SOC Reporting) · 67 controls ISO/IEC 38500:2024 · 66 controls NIST SP 800-66 Rev 2 · 65 controls PCI DSS v4.0 · 63 controls AS9100D - Aerospace Quality Management System · 61 controls ISO 26000:2010 · 60 controls Colorado Privacy Act (CPA) · 59 controls ISO 37000:2021 · 59 controls ASD Essential Eight Maturity Model · 57 controls ISO 31000:2018 · 57 controls ISO 30414:2018 - Human Resource Management: Guidelines for Internal and External Human Capital Reporting · 56 controls ISO 45001:2018 · 56 controls BSI IT-Grundschutz · 55 controls ISO 19011:2018 · 55 controls eIDAS 2.0 - EU Digital Identity Regulation · 55 controls Azure Security Benchmark · 54 controls ISO/IEC TR 24028:2020 · 54 controls ISO 50001:2018 - Energy Management Systems · 53 controls ITIL 4 · 53 controls China Personal Information Protection Law (PIPL) · 52 controls ISO 27043 · 52 controls ISO/IEC 27006:2024 · 52 controls NIST AI Risk Management Framework (AI RMF 1.0) · 52 controls NIST SP 800-207 · 51 controls ISO/SAE 21434 · 50 controls Egypt Personal Data Protection Law (Law No. 151 of 2020) · 49 controls FFIEC Cybersecurity Assessment Tool (CAT) · 49 controls NIST SP 800-160 · 49 controls PCI SSF · 49 controls Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) · 48 controls COSO Internal Control - Integrated Framework (2013) · 48 controls ISO 14004:2016 · 48 controls ISO 9001 · 48 controls NIST SP 800-53A Rev. 5 · 48 controls NIST SP 800-82 Rev 3 · 48 controls APRA CPS 230 Operational Risk Management · 47 controls BREEAM - Building Research Establishment Environmental Assessment Method · 47 controls IAIS Insurance Core Principles (ICPs) · 47 controls ISO 14001:2015 · 47 controls ISO 37301:2021 · 47 controls CISA Zero Trust Maturity Model · 46 controls DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) · 46 controls ISO 27019 · 46 controls ISO 27799 · 46 controls DoD Zero Trust Reference Architecture · 45 controls ISO 27005:2022 · 45 controls ISO 27018 · 45 controls NIST SP 800-190 · 45 controls North Macedonia Law on Personal Data Protection (2020) · 45 controls Act on the Implementation of the General Data Protection Regulation (OG 42/2018) · 44 controls Bank Secrecy Act / Anti-Money Laundering (BSA/AML) · 44 controls Belgium CyberFundamentals · 44 controls ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM) · 44 controls ISO 22301:2019 · 44 controls ISO/IEC 27011:2024 · 44 controls NIST SP 1800-32 · 44 controls PCI P2PE · 44 controls 3GPP 5G Security Architecture (TS 33.501) · 43 controls ISO 31000 · 43 controls ISO 37301 · 43 controls ISO/IEC 29134:2023 · 43 controls PCI PIN Security · 43 controls South Korea Personal Information Protection Act (PIPA) · 43 controls AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence · 42 controls ASIS SPC.1-2009 - Organizational Resilience Standard · 42 controls Aged Care Quality Standards (Australia) · 42 controls CISA ICS-CERT Advisories and Industrial Control Systems Security Guidelines · 42 controls EN 301 549 - Accessibility requirements for ICT products and services · 42 controls ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3) · 42 controls ISO 27017:2015 · 42 controls ISO 30401 · 42 controls ISO 37001 · 42 controls ISO/IEC 23837 - Security Requirements for Quantum Key Distribution · 42 controls ISO/IEC 38500:2024 - Governance of IT · 42 controls NIST SP 800-161 Rev 1 · 42 controls NIST SP 800-218 · 42 controls UK Cyber Essentials · 42 controls EU NIS2 Directive — Energy Sector Cybersecurity Requirements (Directive 2022/2555) · 41 controls ISO 37001:2016 · 41 controls ISO/IEC 17025:2017 - General Requirements for Testing and Calibration · 41 controls ISO/IEC 27557:2022 - Organisational Privacy Risk Management · 41 controls ISO/IEC 29115:2023 - Entity Authentication Assurance Framework · 41 controls ISO 20400:2017 - Sustainable Procurement · 40 controls ISO 55001 · 40 controls ISO/IEC 29100:2024 · 40 controls ISO/IEC 29147:2018 · 40 controls SANS Incident Handler's Handbook and PICERL Methodology · 40 controls Space ISAC (Information Sharing and Analysis Center) - Threat Framework · 40 controls AML/CTF Act 2006 (Australia) · 39 controls BRCGS Global Standard for Food Safety Issue 9 · 39 controls Cook Islands Electronic Transactions Act & Privacy Provisions (2003) · 39 controls ISO 22000 · 39 controls ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary · 39 controls ISO 45001 · 39 controls ISO/IEC 27014:2020 · 39 controls NIST SP 800-128 · 39 controls IEC 60601-1 - Medical Electrical Equipment Safety · 38 controls ISO/IEC 27701:2019 · 38 controls NIST SP 800-181 · 38 controls ASD Strategies to Mitigate Cyber Security Incidents · 37 controls ASEAN Guide on AI Governance and Ethics · 37 controls AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) · 37 controls EU Taxonomy Regulation (Regulation 2020/852) · 37 controls ISO 22320:2018 · 37 controls ISO 27017 · 37 controls Authorised Economic Operator (AEO) Programmes - Global Standards · 36 controls BSIMM · 36 controls Digital Services Act (DSA) - Regulation (EU) 2022/2065 · 36 controls ISO 22317 · 36 controls ISO 22318 · 36 controls ISO 28001:2007 Supply Chain Security Management · 36 controls ISO/IEC 25012:2008 - Data Quality Model · 36 controls NIST SP 800-172 · 36 controls APRA CPS 234 · 35 controls CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0 · 35 controls Digital Economy Partnership Agreement (DEPA) · 35 controls EU Markets in Crypto-Assets Regulation (MiCA, Regulation 2023/1114) · 35 controls NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management · 35 controls NIST SP 800-150 · 35 controls NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements · 35 controls NYDFS Cybersecurity Regulation (23 NYCRR Part 500) · 35 controls Argentina Law 25.326 (Personal Data Protection Law) · 34 controls Brunei Personal Data Protection Order 2024 (PDPO) · 34 controls EASA Part-IS - Information Security in Aviation · 34 controls IEC 62351 - Power Systems Communication Security · 34 controls ISAE 3402 - Assurance Reports on Controls at a Service Organisation · 34 controls ISO 19011 · 34 controls ISO/IEC 30111:2019 · 34 controls Illinois Biometric Information Privacy Act (BIPA) · 34 controls NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices · 34 controls NIST SP 800-161 · 34 controls Consumer Data Right (CDR) Framework (Australia) · 33 controls EU Pay Transparency Directive (Directive 2023/970) · 33 controls FBI CJIS Security Policy · 33 controls IEC 62304:2015 Medical Device Software Lifecycle Processes · 33 controls ISO 22316 · 33 controls Australian Energy Sector Cyber Security Framework (AESCSF) · 32 controls Botswana Data Protection Act (2024) · 32 controls FTC Safeguards Rule (16 CFR Part 314) · 32 controls ISO/IEC 27018:2019 · 32 controls ISO/IEC 27400:2022 · 32 controls NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI) · 32 controls NIST SP 800-171A — Assessing CUI Security Requirements · 32 controls NIST SP 800-187 · 32 controls NIST SP 800-53A · 32 controls SOC 1 (SSAE 18 / ISAE 3402) · 32 controls 21 CFR Part 58 - Good Laboratory Practice (GLP) · 31 controls 3GPP Security · 31 controls Automotive SPICE (ASPICE) v4.0 - Process Assessment Model · 31 controls Brazil Open Finance (Resolução Conjunta No. 1/2020) · 31 controls Brunei Personal Data Protection Order 2022 (PDPO) · 31 controls CCPA/CPRA · 31 controls Canadian PIPEDA · 31 controls Costa Rica Personal Data Protection Law (Law No. 8968) · 31 controls Côte d'Ivoire Law on Personal Data Protection (Law No. 2013-450) · 31 controls EU Platform Work Directive (Directive 2024/2831) · 31 controls NIST SP 800-115 · 31 controls NIST SP 800-63 · 31 controls Chile Personal Data Protection Law (Law No. 21.719) · 30 controls EU Audiovisual Media Services Directive (AVMSD, Directive 2010/13/EU as amended by Directive 2018/1808 and Directive (EU) 2023/2586) · 30 controls EU Clinical Trials Regulation (CTR 536/2014) · 30 controls ISO/IEC 27004:2016 · 30 controls NIST SP 800-183 · 30 controls ASIC Cyber Resilience Good Practices · 29 controls Argentina PDPA · 29 controls Bahrain PDPL · 29 controls Brazil AI Framework · 29 controls Chile DPL · 29 controls China PIPL · 29 controls Colombia Habeas Data Law · 29 controls Connecticut DPA · 29 controls FERPA · 29 controls ISO 13485 · 29 controls ISO 27701 · 29 controls ISO 8000 - Data Quality · 29 controls ISO/IEC 27050 - Electronic Discovery (Parts 1-4) · 29 controls Iceland DPA · 29 controls Jamaica DPA · 29 controls Kenya DPA · 29 controls Maryland Online Data Privacy Act · 29 controls NIST SP 800-88 Rev 1 · 29 controls NSA Guidance for Transition to Quantum-Resistant Cryptography · 29 controls New Hampshire Privacy Act · 29 controls New Zealand Privacy Act · 29 controls Nigeria NDPR · 29 controls Norway PDPA · 29 controls PIPEDA · 29 controls UAE PDPL · 29 controls APRA SPS 220 Risk Management (Superannuation) · 28 controls African Union Malabo Convention · 28 controls Australia Consumer Data Right - Banking (CDR) · 28 controls Basel III International Banking Framework · 28 controls Colombia Data Protection Law (Law 1581 of 2012) · 28 controls Customs-Trade Partnership Against Terrorism (C-TPAT) · 28 controls EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07) · 28 controls ENISA Data Protection Engineering - From Theory to Practice · 28 controls ISO/IEC 27007:2020 · 28 controls ISO/IEC 27010:2015 · 28 controls ASEAN Data Management Framework · 27 controls Argyris Double-Loop Learning · 27 controls Australia NHMRC National Statement on Ethical Conduct in Human Research · 27 controls Bermuda Monetary Authority (BMA) Cyber Risk Management Code of Conduct · 27 controls Connecticut Data Privacy Act (CTDPA) · 27 controls EDM Council DCAM - Data Management Capability Assessment Model · 27 controls EU Data Act · 27 controls EU PSD3 and Payment Services Regulation (Proposed) · 27 controls ISO 10005:2005 · 27 controls ISO 20000-1 · 27 controls ISO/IEC 27031:2011 · 27 controls SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) · 27 controls AICPA Privacy Management Framework (PMF) · 26 controls BIMCO Cyber Security · 26 controls BS 65000:2014 - Guidance on Organizational Resilience · 26 controls Canada ITSG-33 - IT Security Risk Management · 26 controls DORA · 26 controls EU Chips Act (Regulation (EU) 2023/1781) · 26 controls EU Digital Markets Act · 26 controls EU In Vitro Diagnostic Medical Devices Regulation (IVDR) · 26 controls EU Medical Devices Regulation (MDR 2017/745) · 26 controls ISO 27005 · 26 controls ISO 37000:2021 - Governance of Organizations · 26 controls Mauritius Data Protection Act 2017 · 26 controls AICPA SOC 1 · 25 controls CAIQ (CSA) · 25 controls CDP Corporate Questionnaire · 25 controls CWE Top 25 Most Dangerous Software Weaknesses (2024) · 25 controls China AI Regulations · 25 controls EIOPA Guidelines on ICT Security and Governance (EIOPA-BoS-20/600) · 25 controls Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019) · 25 controls MAS TRM · 25 controls ACSC Essential Eight · 24 controls API 1164 · 24 controls Bermuda Personal Information Protection Act 2016 (PIPA) · 24 controls Bosnia and Herzegovina Law on Protection of Personal Data (2006, amended 2011) · 24 controls CNCF Security Technical Advisory Group (TAG) · 24 controls CSA STAR (Security, Trust, Assurance, and Risk) · 24 controls Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP · 24 controls Czech Republic Act on Personal Data Processing (Act No. 110/2019 Sb.) · 24 controls EAR - Export Administration Regulations · 24 controls EU Carbon Border Adjustment Mechanism (CBAM) · 24 controls EU Cyber Resilience Act · 24 controls Ethiopia Personal Data Protection Proclamation (No. 1321/2024) · 24 controls Kenya Data Protection Act 2019 · 24 controls NY DFS 23 NYCRR 500 · 24 controls ANSSI Cybersecurity Framework · 23 controls APRA CPS 220 Risk Management · 23 controls Angola Personal Data Protection Law (Law No. 22/11) · 23 controls Barbados Data Protection Act 2019 · 23 controls Morocco Data Protection Law (09-08) · 23 controls 3GPP Security Architecture (TS 33.501 — 5G Security) · 22 controls AICPA SOC 3 · 22 controls Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014) · 22 controls Australia My Health Records Act 2012 · 22 controls C2M2 · 22 controls CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) · 22 controls CSRD · 22 controls Canada's Anti-Spam Legislation (CASL) · 22 controls Cayman Islands Data Protection Act 2017 (DPA) · 22 controls China Cybersecurity Law (CSL) · 22 controls Colorado Privacy Act · 22 controls Critical Raw Materials Act (Proposed Regulation COM(2023) 192) · 22 controls DISA Security Technical Implementation Guides (STIGs) · 22 controls Danish Data Protection Act (Databeskyttelsesloven) · 22 controls Data Protection Act 2017 · 22 controls Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law · 22 controls Directive (EU) 2023/970 on pay transparency · 22 controls EMV 3‑D Secure (3DS) - Payment Authentication Protocol · 22 controls EU General Product Safety Regulation (GPSR, Regulation 2023/988) · 22 controls EU Markets in Crypto-Assets Regulation (MiCA) · 22 controls FIDO2 and W3C WebAuthn Standard · 22 controls ICH E6(R2) Good Clinical Practice — Data Integrity and Electronic Systems · 22 controls AASB S2 Climate-related Disclosures · 21 controls APPI · 21 controls Belgium Data Protection Act (Wet van 30 juli 2018, Loi du 30 juillet 2018) · 21 controls CFTC System Safeguards (17 CFR 37, 38, 39, 49) · 21 controls CISA Secure by Design Principles · 21 controls COPPA · 21 controls China Data Security Law (DSL) · 21 controls Colombia Data Protection Law (Law 1581 of 2012 — SIC Oversight) · 21 controls Czech Republic Act on the Protection of Personal Data (Act No. 110/2019 Coll.) · 21 controls Defence Security Principles Framework (DSPF) · 21 controls EU Energy Performance of Buildings Directive (EPBD Recast) - Directive (EU) 2024/1275 · 21 controls EU European Media Freedom Act (EMFA) · 21 controls ISO 55001:2014 · 21 controls NIST SP 800-82 Rev 3 — Guide to OT Security · 21 controls Online Safety Act 2021 (Australia) · 21 controls 6th Anti-Money Laundering Directive (AMLD6, Directive (EU) 2018/1673) - superseded by AMLD7 · 20 controls APEC Cross-Border Privacy Rules (CBPR) System · 20 controls Australian Privacy Principles (APPs) · 20 controls CNCF Cloud Native Security (Cloud Native Computing Foundation) · 20 controls COSO ERM · 20 controls COSO Enterprise Risk Management (ERM) Framework (2017) · 20 controls Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) · 20 controls Canada Artificial Intelligence and Data Act (AIDA) · 20 controls Code of Conduct on Data Protection for Research (GDPR Article 40) · 20 controls Colorado AI Act (SB 24-205) · 20 controls Cyber Essentials Plus · 20 controls ECB TIBER-EU Framework · 20 controls ESRB Privacy Certified · 20 controls EU Better Internet for Kids (BIK+) Strategy · 20 controls EU Machinery Regulation (Regulation (EU) 2023/1230) · 20 controls EU Taxonomy for Sustainable Activities (Regulation 2020/852) · 20 controls EU Union Customs Code (UCC) — Data Protection and Security Provisions (Regulation 952/2013) · 20 controls Florida Digital Bill of Rights (SB 262) · 20 controls ISO 22301 · 20 controls APRA Prudential Standard CPS 234 — Information Security (Australia) · 19 controls Colorado Artificial Intelligence Act (proposed SB 24-205) · 19 controls Croatia Act on Implementation of the GDPR (Official Gazette 42/2018) · 19 controls EU Data Governance Act (DGA) · 19 controls EU Payment Services Directive (PSD2) · 19 controls IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems · 19 controls Armenia Law on Protection of Personal Data (2015) · 18 controls Australia eSafety Commissioner - Online Safety Expectations for Industry · 18 controls Data (Use and Access) Act 2025 · 18 controls Defence Industry Security Program (DISP) · 18 controls EU AI Liability Directive · 18 controls EU Cyber Solidarity Act (Regulation (EU) 2025/38) · 18 controls EU Product Liability Directive (Directive (EU) 2024/2853) · 18 controls EU SFDR (Sustainable Finance Disclosure Regulation) · 18 controls ISO 10006:2003 · 18 controls Annex 11 to EU GMP - Computerised Systems · 17 controls CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems) · 17 controls CMMC 2.0 Level 1 · 17 controls Cook Islands Electronic Transactions Act 2003 · 17 controls Cyber Security Act 2024 (Australia) · 17 controls EU Network Code on Cybersecurity for the Electricity Sector · 17 controls EU Seveso III Directive (Directive 2012/18/EU) · 17 controls ISPE GAMP 5 — A Risk-Based Approach to Compliant GxP Computerised Systems · 17 controls Jamaica Data Protection Act 2020 · 17 controls Maslach Burnout Prevention Model · 17 controls NIST SP 800-34 Rev 1 — Contingency Planning Guide · 17 controls Australia IRAP - Information Security Registered Assessors Program · 16 controls CISA Industrial Control Systems (ICS) Security Guidance · 16 controls EU Taxonomy Regulation · 16 controls EU Whistleblower Protection Directive (2019/1937) · 16 controls European Accessibility Act (Directive (EU) 2019/882) · 16 controls FATF 40 Recommendations · 16 controls FIDO2 / WebAuthn · 16 controls Australia Online Safety Act 2021 · 15 controls Azerbaijan Law on Personal Data (2010) · 15 controls ETSI EN 303 645 · 15 controls EU ePrivacy Directive (2002/58/EC) · 15 controls Extractive Industries Transparency Initiative (EITI) Standard (2023) · 15 controls FAA Cybersecurity Framework for Aviation · 15 controls Family Educational Rights and Privacy Act (FERPA) · 15 controls ISO 14001 · 15 controls NIST SP 800-124 Rev 2 — Mobile Device Security · 15 controls Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018) · 14 controls BCBS 239 · 14 controls Commercial National Security Algorithm Suite (CNSA) 2.0 · 14 controls EDM Council CDMC - Cloud Data Management Capability Framework · 14 controls EU Web Accessibility Directive (Directive 2016/2102) · 14 controls French Sapin II Law (Law No. 2016-1691) · 14 controls OECD AI Principles (2024 Update) · 14 controls OWASP ASVS · 14 controls CDP (formerly Carbon Disclosure Project) · 13 controls FATF Recommendation 16 - Virtual Asset Travel Rule · 13 controls FCC Customer Proprietary Network Information (CPNI) and Data Breach Rules (47 CFR 64.2001-2011) · 13 controls FDA 21 CFR Part 11 · 13 controls FDA Quality Management System Regulation (QMSR) · 13 controls Fair Labor Association (FLA) Workplace Code of Conduct · 13 controls GS1 Global Standards - Supply Chain Traceability and Data Security · 13 controls Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) · 13 controls ITU-T X.805 - Security Architecture for End-to-End Communications · 13 controls Japan AI Guidelines · 13 controls NATO Cyber Defence Standards and NCIRC (NATO Computer Incident Response Capability) · 13 controls O-RAN Alliance Security Specifications (O-RAN.WG11) · 13 controls C-TPAT - Customs-Trade Partnership Against Terrorism · 12 controls DFARS 252.204-7012 - Safeguarding Covered Defense Information · 12 controls FIRST CSIRT Services Framework and Standards · 12 controls FISMA · 12 controls FedRAMP Rev 5 · 12 controls Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) · 12 controls Florida Digital Bill of Rights (FDBR) · 12 controls GHG Protocol · 12 controls GLBA · 12 controls GLI-33 - Gaming Laboratories International Event Wagering Systems · 12 controls GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6 · 12 controls GRI Standards · 12 controls Ghana Cybersecurity Act · 12 controls Ghana Data Protection Act 2012 (Act 843) · 12 controls Global Cross-Border Privacy Rules (Global CBPR) Forum · 12 controls Goleman Emotional Intelligence Leadership Framework · 12 controls Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act · 12 controls Heifetz Adaptive Leadership Framework · 12 controls ICN Leadership for Change Programme · 12 controls IRS Publication 1075 — Tax Information Security Guidelines · 12 controls Critical Infrastructure Risk Management Program (CIRMP) Rules 2023 · 11 controls EU NIS2 Directive - Transport Sector Requirements · 11 controls FIDO2 / WebAuthn — Passwordless Authentication Standard · 11 controls FSSC 22000 - Food Safety System Certification · 11 controls FTC GLBA Safeguards Rule (16 CFR Part 314) · 11 controls FTC Health Breach Notification Rule · 11 controls Finland Data Protection Act (Tietosuojalaki, 1050/2018) · 11 controls GAMP 5 - Good Automated Manufacturing Practice · 11 controls Georgia Law on Personal Data Protection (2012) · 11 controls German Supply Chain Due Diligence Act (LkSG) · 11 controls HITECH Act · 11 controls HKMA Cyber Resilience Assessment Framework (C-RAF) · 11 controls HKMA SPM · 11 controls Hersey & Blanchard Situational Leadership Model · 11 controls IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1) · 11 controls ISO 10007:2017 · 11 controls Japan FSA Cybersecurity Guidelines for Financial Institutions · 11 controls NATO STANAG 4774/4778 — Confidentiality Metadata Labels · 11 controls NSA CNSA Suite 2.0 — Commercial National Security Algorithm Suite · 11 controls ECSS-E-ST-40C: Space Engineering - Software · 10 controls Equator Principles (EP4, 2020) · 10 controls Full Range Leadership Model (Bass & Avolio) · 10 controls Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act) · 10 controls IATF 16949:2016 - Quality Management System for Automotive Production · 10 controls ICAO Annex 17 - Aviation Security (AVSEC) · 10 controls Indonesia PDP Law · 10 controls OWASP Top 10:2025 · 10 controls Ethical Trading Initiative (ETI) Base Code · 9 controls IATA Operational Safety Audit (IOSA) Standards Manual · 9 controls ICH E6(R3) - Good Clinical Practice · 9 controls IEEE 7000 · 9 controls ISSB Standards · 9 controls Israel Protection of Privacy Law (5741-1981) · 9 controls NSA Quantum-Resistant (QR) Cryptography Migration Guidance · 9 controls PIC/S Guide to Good Manufacturing Practice for Medicinal Products · 9 controls Australia AI Ethics Framework · 8 controls BSI C5 — Cloud Computing Compliance Criteria Catalogue · 8 controls Delaware Online Privacy and Protection Act (proposed) · 8 controls HKMA TM-G-1 · 8 controls ICC Incoterms 2020 - International Commercial Terms · 8 controls ICMM Mining Principles (2024 Update) · 8 controls IFRS 17 - Insurance Contracts · 8 controls ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions) · 8 controls ILO Nursing Personnel Convention C149 (1977) · 8 controls ILO Tripartite Declaration of Principles concerning Multinational Enterprises (MNE Declaration) · 8 controls IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2) · 8 controls IRS Publication 1075 · 8 controls ISMAP (Japan) · 8 controls ITAR - International Traffic in Arms Regulations · 8 controls ITU Radio Regulations and Space Security Standards · 8 controls Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018) · 8 controls India Account Aggregator Framework (RBI) · 8 controls India CERT-In Cyber Security Directions 2022 · 8 controls India DPDP Act · 8 controls Indiana Consumer Data Protection Act · 8 controls Iowa Consumer Data Protection Act · 8 controls Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) · 8 controls Japan Act on Specified Commercial Transactions (ASCT) - Digital Services · 8 controls Jordan Draft Personal Data Protection Law (2022) · 8 controls Kazakhstan Law on Personal Data and Their Protection (No. 94-V) · 8 controls Kentucky Consumer Data Protection Act · 8 controls Kenya Data Protection Act · 8 controls Kids Online Safety Act (KOSA) · 8 controls Kolb Experiential Learning Cycle · 8 controls Kotter 8-Step Change Model · 8 controls Kuwait Data Privacy Protection Regulation (KDPPR, 2021 - CMA Directive) · 8 controls Kuwait National Cybersecurity Framework · 8 controls LEED v4.1 - Green Building Rating System (US Green Building Council) · 8 controls LGPD · 8 controls Laos Law on Prevention and Combating Cybercrime (2015) · 8 controls Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018) · 8 controls Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data · 8 controls Law No. 172-13 on the Protection of Personal Data · 8 controls Law No. 2013-450 of 19 June 2013 on the Protection of Personal Data · 8 controls Law on Personal Data Protection (Official Gazette No. 42/2020) · 8 controls Lebanon Electronic Transactions and Personal Data Protection Law (Law No. 81/2018) · 8 controls Ley Orgánica de Protección de Datos Personales (LOPDP) · 8 controls Liechtenstein DPA · 8 controls Lithuania Law on Legal Protection of Personal Data (2018) · 8 controls Lloyd's Minimum Standards - Cyber Security · 8 controls Lloyd's of London Cyber Insurance Requirements and Underwriting Standards · 8 controls Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) · 8 controls MARS-E · 8 controls MDS2 (Medical Device) · 8 controls MITRE ATT&CK · 8 controls MITRE D3FEND · 8 controls MTCS (Singapore) · 8 controls Malaysia PDPA 2010 · 8 controls Malta Data Protection Act (Cap. 586, 2018) · 8 controls Maryland Online Data Privacy Act of 2024 · 8 controls Maslach Burnout Inventory (MBI) and Areas of Worklife Survey (AWS) Model · 8 controls Mauritius DPA · 8 controls Mexico LFPDPPP · 8 controls MiFID II / MiFIR · 8 controls Minnesota Consumer Data Privacy Act · 8 controls Modern Slavery Act 2018 (Australia) · 8 controls Monetary Authority of Singapore Technology Risk Management Guidelines · 8 controls Montana Consumer Data Privacy Act · 8 controls Montenegro Law on Personal Data Protection (2023) · 8 controls Myanmar Cybersecurity Law (2023) · 8 controls NABERS - National Australian Built Environment Rating System · 8 controls NAIC Insurance Data Security Model Law (MDL-668) · 8 controls NATO AQAP 2110 - Quality Assurance Requirements for Design, Development, and Production · 8 controls NATO Cyber Defence Policy and NATO Computer Incident Response Capability (NCIRC) · 8 controls NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding) · 8 controls NERC CIP · 8 controls NHS Healthcare Leadership Model · 8 controls NIS2 Directive Implementing Acts · 8 controls NIST AI 600-1: Generative AI Profile · 8 controls NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205) · 8 controls NIST Privacy Framework · 8 controls NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment) · 8 controls NIST SP 800-122 · 8 controls NIST SP 800-123 · 8 controls NIST SP 800-137 · 8 controls NIST SP 800-144 · 8 controls NIST SP 800-145 · 8 controls NIST SP 800-146 · 8 controls NIST SP 800-30 · 8 controls NIST SP 800-37 · 8 controls NIST SP 800-39 · 8 controls NIST SP 800-61 · 8 controls NIST SP 800-63 Digital Identity Guidelines · 8 controls NIST SP 800-63-4 · 8 controls NIST SP 800-66 · 8 controls NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security · 8 controls NIST SP 800-88 · 8 controls NIST SP 800-92 · 8 controls NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems · 8 controls NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity · 8 controls NRF Cybersecurity and Data Privacy Framework (National Retail Federation) · 8 controls Nebraska Data Privacy Act · 8 controls Netherlands GDPR Implementation Act (UAVG - Uitvoeringswet AVG, 2018) · 8 controls Nevada Gaming Control Board Cybersecurity Requirements · 8 controls New Hampshire Data Privacy Act · 8 controls New Jersey Data Privacy Act · 8 controls New Zealand Information Security Manual (NZISM) · 8 controls Nigeria Data Protection Act 2023 (NDPA) · 8 controls Nigeria Data Protection Regulation (NDPR) · 8 controls Nigeria Open Banking Regulatory Framework (CBN, 2023) · 8 controls Notifiable Data Breaches Scheme (Australia) · 8 controls O-RAN WG11 Security Specification · 8 controls OCC Heightened Standards (12 CFR Part 30, Appendix D) · 8 controls OECD AI Principles · 8 controls OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update) · 8 controls OECD Recommendation on Artificial Intelligence (2024 Update) · 8 controls OECD/G20 Principles of Corporate Governance · 8 controls OSFI B-13 · 8 controls OWASP API Security Top 10 - 2023 · 8 controls OWASP MASVS · 8 controls OWASP Top 10 for LLM Applications 2025 · 8 controls Oman National Cybersecurity Framework · 8 controls Oman Personal Data Protection Law (Royal Decree 6/2022) · 8 controls Ontario Accessibility for Ontarians with Disabilities Act (AODA) - IASR Web Standard · 8 controls Open Banking Security · 8 controls OpenSSF Scorecard · 8 controls Oregon Consumer Privacy Act · 8 controls PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR) · 8 controls PDPA Singapore · 8 controls PDPA Thailand · 8 controls POPIA · 8 controls Pakistan Personal Data Protection Bill 2023 · 8 controls Panama Law on Personal Data Protection (Law No. 81 of 2019) · 8 controls Paraguay Law on Protection of Personal Data (Law No. 6534/2020) · 8 controls Personal Data Act (personopplysningsloven) · 8 controls Peru DPL · 8 controls Philippines Data Privacy Act · 8 controls Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018) · 8 controls Portugal Law No. 58/2019 - Data Protection Implementation Act · 8 controls Privacy Act 1988 (Australia) · 8 controls Privacy Act 2020 · 8 controls Privacy and Other Legislation Amendment Act 2024 (Australia) · 8 controls Qatar DPL · 8 controls RBI Cybersecurity Framework for Banks · 8 controls Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation) · 8 controls Russia Federal Law on Personal Data (152-FZ) · 8 controls Rwanda DPL · 8 controls SIG (Shared Assessments) · 8 controls SWIFT CSCF · 8 controls Saudi Arabia PDPL · 8 controls South Korea PIPA · 8 controls Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023) · 8 controls Taiwan PDPA · 8 controls ETSI Industry Specification Group (ISG) on Quantum Key Distribution (QKD) · 7 controls Fiji Data Protection Bill (2020) · 7 controls HL7 FHIR Security Framework · 7 controls IEEE 1686 · 7 controls IRM Enterprise Risk Management Framework (Institute of Risk Management) · 7 controls PTES · 7 controls Privacy by Design (PbD) - Seven Foundational Principles · 7 controls Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) · 7 controls SA8000:2014 - Social Accountability Standard · 7 controls Tennessee Information Protection Act (TIPA) · 7 controls Turkey KVKK · 7 controls California IoT Security Law · 6 controls ICH Q10 - Pharmaceutical Quality System · 6 controls OWASP DevSecOps Maturity Model (DSOMM) · 6 controls PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments · 6 controls PSD2 SCA · 6 controls Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016) · 6 controls Philippines Cybercrime Prevention Act (RA 10175) · 6 controls Proposal for a Directive on improving working conditions in platform work (COM(2023) 491) · 6 controls Regulation on the European Health Data Space (EHDS) · 6 controls SASB Standards · 6 controls SOC for Cybersecurity - Cybersecurity Risk Management Examination · 6 controls Science Based Targets Initiative (SBTi) - Net-Zero Standard · 6 controls Senegal Law on Personal Data Protection (Law No. 2008-12) · 6 controls Singapore MAS TRM Guidelines · 6 controls Texas Data Privacy Act · 6 controls UK GDPR (UK General Data Protection Regulation) · 6 controls US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates · 6 controls Uruguay DPL · 6 controls Vietnam PDPD · 6 controls Virginia CDPA · 6 controls Washington My Health My Data Act (MHMD) · 6 controls LEADS in a Caring Environment · 5 controls OWASP SAMM · 5 controls PropTech Security Standards - Smart Building Cybersecurity · 5 controls Protection of Privacy Law (1981) · 5 controls Protective Security Policy Framework (PSPF) Release 2024 · 5 controls SEC Climate Disclosure Rule · 5 controls SOX 404 / ICFR · 5 controls SQF Code Edition 9 - Safe Quality Food · 5 controls Saudi NCA ECC · 5 controls Security of Critical Infrastructure Act 2018 (SOCI) · 5 controls Senge Fifth Discipline - Learning Organization · 5 controls Serbia Law on Personal Data Protection (2018) · 5 controls Singapore AI Governance Framework · 5 controls Singapore Cybersecurity Act 2018 · 5 controls Singapore Government Instruction Manual on ICT&SS Management (IM8) · 5 controls Singapore Payment Services Act (PSA) - Digital Payment Token Regulation · 5 controls South Korea Credit Information Act · 5 controls South Korea ISMS-P · 5 controls Spain ENS · 5 controls Sri Lanka Personal Data Protection Act (No. 9 of 2022) · 5 controls Tanzania Personal Data Protection Act (Draft) · 5 controls The Leadership Challenge (Kouzes & Posner) · 5 controls Trinidad and Tobago Data Protection Act 2011 · 5 controls UAE Virtual Asset Regulatory Authority (VARA) Regulations · 5 controls UK AI Regulation Framework · 5 controls UK Age Appropriate Design Code (Children's Code) · 5 controls UK Bribery Act 2010 · 5 controls UK Building Safety Act 2022 · 5 controls UK Data Protection Act 2018 · 5 controls UK Defence Standard 05-138 - Cyber Security for Defence Suppliers · 5 controls UK FCA/PRA Operational Resilience Framework · 5 controls UK Gambling Commission - Cyber Resilience Requirements · 5 controls UK Modern Slavery Act 2015 · 5 controls UK Online Safety Act 2023 · 5 controls US Executive Order 14028 - Improving the Nation's Cybersecurity · 5 controls US Foreign Corrupt Practices Act (FCPA) · 5 controls US ITAR and EAR - Export Control and Data Security · 5 controls US NRC 10 CFR 73.54 - Cyber Security for Nuclear Power Plants · 5 controls US OFAC Sanctions Compliance Framework · 5 controls US SEC Digital Assets and Crypto Regulatory Framework · 5 controls Utah Consumer Privacy Act · 5 controls WCAG 2.2 · 5 controls WCO Authorised Economic Operator (AEO) Framework · 5 controls Zambia Data Protection Act (2021) · 5 controls Zimbabwe Data Protection Act (2021) · 5 controls Own Risk and Solvency Assessment (ORSA) - NAIC Model Act · 4 controls PEGI - Pan European Game Information Age Rating System · 4 controls RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) · 4 controls RICS Professional Standards - Data and Technology in Property · 4 controls Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter · 4 controls Regulation (EU) 2019/1239 on the Maritime Single Window (MSW) · 4 controls Regulation (EU) 2023/1115 on deforestation-free supply chains · 4 controls Responsible Minerals Initiative (RMI) - Responsible Minerals Assurance Process · 4 controls Right to Disconnect (Australia) · 4 controls SEC Cybersecurity Disclosure Rule · 4 controls SLSA · 4 controls SSDF (NIST) · 4 controls Samoa Telecommunications Act (2005) - Privacy & Data Protection · 4 controls Section 508 - ICT Accessibility (Revised) · 4 controls Sigstore - Software Artifact Signing and Verification · 4 controls Singapore Protection from Online Falsehoods and Manipulation Act (POFMA, 2019) · 4 controls Solvency II · 4 controls South Africa Promotion of Access to Information Act (PAIA) · 4 controls South Korea Cloud Security Assurance Program (CSAP) · 4 controls Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD) · 4 controls Student Privacy Pledge 2020 · 4 controls Sweden Data Protection Act (Dataskyddslag, 2018:218) · 4 controls TCFD Recommendations · 4 controls TEFCA - Trusted Exchange Framework and Common Agreement · 4 controls TISAX - Trusted Information Security Assessment Exchange · 4 controls TNFD Recommendations · 4 controls TSA Pipeline Cybersecurity Directives · 4 controls Tonga Communications Act (2015) - Privacy & Data Protection · 4 controls Tunisia Organic Law on Personal Data Protection (Law No. 2004-63) · 4 controls UK Construction (Design and Management) Regulations 2015 (CDM 2015) · 4 controls UK NCSC Cyber Assessment Framework · 4 controls UK ONR Cyber Security and Information Assurance (CSIA) for Nuclear Facilities · 4 controls UK Open Banking Standard · 4 controls UK Product Security and Telecommunications Infrastructure Act (PSTI) · 4 controls UK Telecommunications (Security) Act 2021 · 4 controls UN Guiding Principles on Business and Human Rights (UNGPs) · 4 controls UNECE WP.29 R155 · 4 controls UNECE WP.29 R156 · 4 controls UNESCO Recommendation on the Ethics of AI · 4 controls UNICEF Policy Guidance on AI for Children (2021) · 4 controls US Americans with Disabilities Act (ADA) - Title III Digital Accessibility · 4 controls US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule · 4 controls US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements · 4 controls USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement) · 4 controls Uganda Data Protection and Privacy Act (2019) · 4 controls Ukraine Law on Personal Data Protection (Law No. 2297-VI) · 4 controls Union Customs Code (UCC) - Regulation (EU) No 952/2013 · 4 controls Uzbekistan Law on Personal Data (No. ZRU-547) · 4 controls VUCA Leadership Framework · 4 controls Vermont Artificial Intelligence and Consumer Data Act (AICDA) · 4 controls Vietnam Law on Cybersecurity (No. 24/2018/QH14) · 4 controls W3C Verifiable Credentials (VC) Data Model 2.0 · 4 controls WCO SAFE Framework of Standards to Secure and Facilitate Global Trade (2021) · 4 controls WELL Building Standard v2 (International WELL Building Institute) · 4 controls WHO Global Strategy on Digital Health 2020-2025 · 4 controls Wisconsin Data Privacy Act (SB 670) · 4 controls ISO/IEC 17050-2:2004 · 3 controls MARS-E - Minimum Acceptable Risk Standards for Exchanges · 3 controls Secure by Design: A Guide for Manufacturers (CISA) · 3 controls South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics · 3 controls Telecommunications Sector Security Reforms (TSSR) · 3 controls UK Concordat on Open Research Data (UKRI) · 3 controls UK Security and Emergency Measures Direction (SEMD) - Water Industry · 3 controls UNCITRAL Model Law on Electronic Commerce (1996, updated 2005) · 3 controls US Automated Commercial Environment (ACE) - CBP Trade Data Requirements · 3 controls US Consumer Product Safety Commission (CPSC) - Connected Product Safety · 3 controls US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements · 3 controls Voluntary Principles on Security and Human Rights (VPs) · 3 controls WHO Global Competency Model · 3 controls ISO/IEC 17050-1:2004 · 1 controls DO-178C / ED-12C - Software Considerations in Airborne Systems DO-326A / ED-202A EN 50126 / EN 50128 / EN 50129 - Railway Applications RAMS MTCS - Multi-Tier Cloud Security (Singapore)NAIC MDL-668 NIST Privacy Framework 1.0 NIST Privacy Framework Version 1.0 Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)Peru Personal Data Protection Law (Law No. 29733)Philippines DPA Philippines Data Privacy Act (RA 10173)Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016)Russia FZ-152 Rwanda Law No. 058/2021 Relating to the Protection of Personal Data SASB Standards (ISSB Integrated)SEC Cybersecurity Disclosure Rules SWIFT CSCF v2024 SWIFT CSP SWIFT Customer Security Programme (CSP)Sarbanes-Oxley Act (SOX)Saudi PDPL Science Based Targets initiative (SBTi) Corporate Standard Singapore Model AI Governance Framework (2nd Edition)Singapore PDPA Singapore Payment Services Act 2019 (PSA) - Digital Payment Token Provisions South African POPIA Switzerland FADP TSA Pipeline Security Tennessee IPA Texas TDPSA Thailand PDPA Turkey Personal Data Protection Law (KVKK - Law No. 6698)UK Data Protection Act 2018 + UK GDPR UK PSTI Act US Section 508 - ICT Accessibility Standards (Revised 2017)Uruguay Personal Data Protection Act (Law No. 18.331)Utah Consumer Privacy Act (UCPA)Vietnam PDPL (Decree 13)Virginia Consumer Data Protection Act (VCDPA)Virginia VCDPA

Frequently Asked Questions

What is the Compliance Intelligence API?▾

A REST and MCP API providing programmatic access to 718 compliance frameworks, 20,400+ controls (99.7% with auditor evidence), and 330,000+ verified cross-framework control mappings. Query framework details, map controls between standards, run gap analyses, and get coverage reports.

Is there a free tier?▾

Yes. Anonymous access gives you 10 API calls per day with no signup required. Free accounts get 100 calls/month with an API key. Professional plans start at $149/month with 10,000 calls included.

Does it work with AI agents?▾

Yes. The API is available as an MCP (Model Context Protocol) server at api.theartofservice.com/mcp. Add it to Claude Desktop, Cursor, Windsurf, or any MCP client. AI agents can query compliance data directly.

What frameworks are available?▾

718 frameworks (526 source-grounded) including ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, PCI DSS, CMMC, NIS2, DORA, EU AI Act, and hundreds more. Each framework includes controls, domains, and cross-framework mappings.

Start building with the Compliance API

No signup required for 10 free API calls per day. Create a free account for 100 calls/month.

Create Free Account