WIN WITH TRUST

Take Advantage of 30+ Pre-Built Frameworks

Get compliant fast and manage multiple frameworks more easily with Drata. Whether you’re just getting started with SOC 2, expanding to ISO 27001, or managing hundreds of requirements, Drata has you covered.

Get a Demo Discover Multi-Framework Compliance

Choose from dozens of pre-built frameworks.

Reduce repeat audit and assessment effort.

Monitor controls continuously across requirements.

Show your compliance externally via Trust Center.

SUPPORTED FRAMEWORKS

Designed to Support Your Compliance Needs.

SOC 2

Demonstrate audited controls that protect customer data and build trust.

ISO 27001

Certify an ISMS to manage security risk and improve governance.

GDPR

Comply with EU privacy requirements for lawful processing and data rights.

HIPAA

Safeguard PHI with HIPAA-aligned privacy and security controls.

CMMC

Meet DoD maturity requirements to protect CUI across the supply chain.

PCI DSS

Protect cardholder data with PCI DSS security requirements.

FedRAMP

Authorize your cloud for U.S. federal use with continuous monitoring.

HITRUST

Unify security and privacy controls under the HITRUST CSF.

TISAX

Satisfy automotive security requirements for suppliers and partners.

NIST AI RMF

Manage AI risk with NIST guidance for oversight.

NIS 2

Strengthen EU cyber resilience with required governance and incident readiness.

CCM

Map cloud controls to CSA CCM for assurance and risk visibility.

CIS

Harden your environment with CIS Controls to reduce common attack paths.

CCPA

Honor California privacy rights with access, deletion, and opt-out workflows.

Cyber Essentials

Validate core cyber hygiene against common internet threats.

DORA

Improve ICT resilience to meet EU financial-sector operational requirements.

Essential Eight

Reduce ransomware risk with Australia’s preferred mitigations.

ISO 27701

Extend ISO 27001 with a privacy information management system.

ISO 27017

Clarify cloud shared-responsibility security guidance.

ISO 27018

Protect PII in the public cloud with privacy controls.

ISO 42001

Govern responsible AI with a standardized management system.

Microsoft SSPA

Demonstrate supplier security alignment with Microsoft expectations.

NIST 800-171

Protect controlled unclassified information in non-federal systems.

NIST 800-53

Apply controls for comprehensive security and privacy coverage.

NIST CSF 2.0

Align governance to NIST CSF 2.0 risk management outcomes.

NYDFS

Meet New York’s cybersecurity regulation with required controls.

FFIEC

Prepare for financial services exams with aligned cyber maturity.

COBIT

Govern enterprise IT with COBIT 2019 objectives.

SOX ITGC

Demonstrate IT controls for reliable financial reporting.

FedRAMP 20x

Support Low and Moderate authorization under FedRAMP 20x

Custom Framework

Tailor to your unique customer, auditor, or internal needs.

Request a New Framework

Not seeing what you need? Let us know!

Get Compliant with Drata

See All Frameworks

Enterprise GRC

Centralize governance, controls, risks, policies, and evidence across the enterprise to stay continuously audit-ready.

Discover Enterprise GRC

Compliance Automation

Automate evidence collection and control monitoring across frameworks so you're always prepared for your next audit.

Discover Compliance Automation

Unlock the Power of Automation

Integrate Drata with your tech stack to power continuous trust.

See All Integrations

"The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality."

Read Customer Story

Jonathan JaffeCISO

"Drata has done a really good job creating a single pane of information from risk to vendor management to compliance."

Jodi PageInformation Security Program Manager

"By harnessing the arsenal of templates for policies and security documents, our compliance journey became more manageable. It's pretty hard to not do the right thing with Drata."

Read Customer Story