A Survey of Major Cybersecurity Compliance Frameworks
Wenjia Wang, S. Masoud Sadjadi, Naphtali Rishe
Abstract
Motivated by the challenge of navigating the complex landscape of cybersecurity compliance, this study critically examines and evaluates seven major cybersecurity frameworks: SOC 2, GDPR, PCI DSS, HIPAA, CIS Controls V8, NIST CSF, and CMMC 2.0. Our research focuses on understanding their distinct features and operational nuances, addressing a significant gap in current compliance strategies. We contribute a novel set of risk management-based evaluation criteria, offering a comprehensive analysis of these frameworks. The study further explores the Secure Controls Framework (SCF) and its effective integration with these frameworks, summarizing a unified mapping approach. This mapping facilitates streamlined compliance across multiple standards, providing a strategic tool for organizations. Our findings offer pivotal insights into the efficacy of each framework in managing cybersecurity risks, underlining the necessity for an integrated, risk-focused approach to compliance in the digital era.