supernav-iconJoin Us at AWS re:Invent 2024

Contact Sales

  • Sign In
  • Get Started
HomeAll Frameworks

Compliance and Privacy Frameworks, Automated

Automate evidence collection and tests, manage multiple frameworks simultaneously without added effort, and achieve continuous compliance.

Quickly achieve continuous compliance with Drata’s pre-built frameworks

Automate Compliance With 20+ Supported Frameworks

Before Drata, meeting compliance and privacy regulations and requirements was an arduous and manual effort. With hundreds of integrations that power Drata's automation, we can take you from security novice to continuous monitoring in a few hours. With 20+ pre-built frameworks and easy-to-use tools to build custom frameworks, your team will thrive through the GRC process.

Automate Compliance With 14 Supported Frameworks Image
A platform experience designed by experts so you don’t have to be one

Enjoy Built-In Controls and Requirements Library

From startups to enterprise companies, Drata scales with you. With a library of built-in controls and standard framework requirements, we empower teams to rapidly deploy frameworks without prior experience—all with the customization and flexibility needed by GRC pros, such as custom controls and frameworks. Whether you’re pursuing ISO 27001 or need to manage multiple frameworks, you only need to do the work once.

Get Started
Built-In Controls and Requirements Library Image
Build Trust With Customers Daily, Not Annually

Drata Upgrades You to Automated Continuous Compliance

Drata's automated continuous control monitoring gives you a complete view of your compliance status at all times. Refocus on business objectives knowing that Drata is always working behind the scenes collecting evidence for your GRC processes and audits across your entire tech stack through hundreds of integrations. The platform helps you prioritize issues that need to be addressed to manage your security posture proactively.

Drata Upgrades You to Automated Continuous Compliance Image

20+ Supported Frameworks

Drata's control mapping means any compliance framework, standard, or regulation is available at your fingertips—yes, even custom ones you may need to create.

SOC 2

SOC 2

SOC 2 defines criteria for managing data based on: security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

ISO 27001

ISO 27001 is an information security management system (ISMS) that helps keep consumer data safe.

HIPAA Badge

HIPAA

HIPAA is a law requiring organizations that handle protected health information (PHI) to keep it protected and secure.

GDPR

GDPR

GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

PCI DSS Badge

PCI DSS

PCI DSS is a set of controls to make sure companies that handle credit card information maintain a secure environment.

Cyber Essentials icon

Cyber Essentials

Cyber Essentials helps companies guard against the most common cyber threats and demonstrate commitment to cyber security.

NIST-AI-RMF-ICON

NIST AI RMF

Safely navigate the implementation and usage of artificial intelligence with this risk management framework.

CCPA Framework Icon

CCPA

CCPA gives consumers control over the personal information that businesses collect and guidance on how to implement the law.

CMMC Badge

CMMC

CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB).

MS SSPA Icon

Microsoft SSPA

SSPA sets privacy and security requirements for Microsoft suppliers and drives compliance to these requirements.

NIST CSF

NIST CSF

National Institute of Standards and Technology’s framework for Improving Critical Infrastructure Cybersecurity (CSF).

NIST 800-53 Icon

NIST SP 800-53

NIST SP 800-53 is a catalog of controls for all U.S. federal information systems except those related to national security.

NIST 800-171

NIST SP 800-171

NIST SP 800-171 recommends requirements for protecting the confidentiality of controlled unclassified information (CUI).

ISO 27701

ISO 27701

ISO 27701 specifies requirements for establishing and continually improving a privacy information management system.

FFIEC Icon

FFIEC

The FFIEC provides a set of technology standards for online banking that financial institutions must follow.

CCM Logo

CCM

The Cloud Controls Matrix by Cloud Security Alliance (CSA) is a cybersecurity control framework for cloud computing.

Fedramp Logo

FedRAMP

FedRAMP compliance and authorization enables SaaS companies (referred to as CSPs) to work with federal government agencies.

ISO 27017

ISO 27017

ISO 27017 contains controls specifically in the area of cloud security.

ISO 27018

ISO 27018

ISO 27018 contains controls directed at cloud providers that process personal data.

NIS 2 Framework

NIS 2

NIS 2 Directive is a EU-wide cybersecurity law that improves the resilience and incident response across the European Union.

Custom Frameworks

Custom Frameworks

Tailor Drata to your unique business needs with easy to build custom frameworks and custom controls.

Read More from APL NextEd
The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
Chris Bake-01

Chris Bake

CTO

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

NextED-padding
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
Lemonade Logo
NextED-padding
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
Lemonade Logo
See Customer Stories

Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
Airbase
BambooHR Logo
Clearco Logo
Clearbit Logo
Superhuman
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

Frequently Asked Questions About Supported Frameworks

Drata supports 20+ frameworks, plus you have the ability to create custom frameworks. We currently support SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, CCPA, Microsoft SSPA, ISO 27701, NIST CSF, NIST 800-53, NIST AI RMF, CMMC, FFIEC, SOX ITGC, NIST 800-171, ISO 27017, ISO 27018, Cyber Essentials and your own custom frameworks.

As frameworks adjust requirements, we take care of ensuring the Drata platform has all of the latest requirements so you don't have to keep up with the changes. 

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.

Connect

Easily integrate your tech stack with Drata.

Configure

Pre-map auditor validated controls.

Comply

Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.

Get Started