List of Obligations

Modified on Thu, 26 Sep at 1:08 PM

Below is the latest list of obligation. In order to add this to your C1Risk instance, click here. 


Last Updated September 26, 2024

Obligation NameVersion
21 CFR Part 11 Electronic Records; Electronic SignaturesFDA 2017
29 CFR Part 1910 OSHAOSHA 06/18/1998
29 CFR Part 1926 OSHAOSHA 06/18/1998
A2LA: Accreditation2021
ANSI/X9 TR-39-2009ANSI 2009
APEC Privacy Framework (Asia Pacific Economic Cooperation)APEC 2015 (Revised)
AUP v2 Shared AssessmentsAUP 2016 v2 (Copyright)
BSA (Bank Secrecy Act)1970
BSA (FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual)FFIEC 2014 - 2021
CCM-Cloud Controls Matrix v3.0.1CSA CCM v3.0.1
CCPA California Consumer Privacy ActCA DOJ 2018
CFR PART 748—SECURITY PROGRAM, SUSPICIOUS TRANSACTIONS, CATASTROPHIC ACTS, CYBER INCIDENTS, AND BANK SECRECY ACT COMPLIANCEFebruary 5, 2019
CFR PART 749—RECORDS PRESERVATION PROGRAM AND APPENDICES—RECORD RETENTION GUIDELINES; CATASTROPHIC ACT PREPAREDNESS GUIDELINESFeb. 5, 2019
China: Cyber Security Law of the People's Republic of ChinaChina 2017
China: Personal Information Protection Law of the People's Republic of ChinaNovember 1, 2021
CIS 6.0 (Center for Internet Security Controls v6.0) )CIS v6.0.2015)
CIS 7.0 (Center for Internet Security Controls v7.0)2018.v7.0
CIS 7.1 (Center for Internet Security Controls v7.1)4/19/2020 Version 7.1
CIS 8.0 (Center for Internet Security Controls v8.0)Version 8.0 May 2021
CIS AWS FoundationsCIS v1.1.0
CMMC Cybersecurity Maturity Model Certification 2020DOD v1.02 03/18/2020
COBIT 5ISACA COBIT® 5
Colorado Statutes2021
CRI Cyber Profile 1.0 (Cyber Risk Institute - CRI)v1.1
CRI Cyber Profile 2.0 (Cyber Risk Institute - CRI)v2.0
CSA 3.0.1 (Cloud Security Alliance CCM - CAIQ)CAIQ v3.0.1
CSA 4.0 (Cloud Security Alliance CCM - CAIQ)CAIQ v4.02
Dell Tier 1 Compliance Protocol2022
DORA (Digital Operations Resiliency Act)Janaury 2023
European Market Infrastructure Regulation (EMIR)EU FCA 2016
FCA PS17/19FCA 2017
FedRAMP High Baseline / NIST SP 800-53 Revision 42018
FedRAMP High Baseline / NIST SP 800-53 Revision 5NIST SP 800-53r5
FedRAMP Low Baseline / NIST SP 800-53 Revision 42018
FedRAMP Low Baseline / NIST SP 800-53 Revision 5NIST SP 800-53r5
FedRAMP Moderate Baseline / NIST SP 800-53 Revision 42018
FedRAMP Moderate Baseline / NIST SP 800-53 Revision 5NIST SP 800-53r5
FFIEC Cybersecurity Assessment Tool (CAT)FFIEC 2015
FFIEC IT Examination Handbook (Management)November 2015
FFIEC IT Examination Handbook (Architecture, Infrastructure, and Operations)June 2021
FFIEC IT Examination Handbook (Audit)April 2012
FFIEC IT Examination Handbook (Business Continuity Planning)FFIEC 2015
FFIEC IT Examination Handbook (Development and Acquisition)April 2004
FFIEC IT Examination Handbook (Outsourcing Technology Services)June 2004
FFIEC IT Examination Handbook Information SecurityFFIEC 2016
FFIEC Supplement to Authentication in an Internet Banking EnvironmentFFIEC 2011
FFIEC UBPR (Uniform Bank Performance Report)FFIEC 2017
FIAML (Mauritius)2018
FTC Standards for safeguarding customer informationJune 09 2023
GDPR General Data Protection RegulationEU 2016
GLBA (16 CFR Part 313 Privacy)May 24, 2002
GLBA (16 CFR Part 314 including Elements)May 23, 2002
GLBA (Gramm-Leach-Bliley Act)1999
Higher Education Vendor Assessment Tool (HECVAT)Lite
HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414HITECH Act 2009
HIPAA Privacy2013
HIPAA Security 20132013
HITRUST CSF v11.3.011.3.0
HiTRUST CSF v8.12017 (Copyright)
ISO / IEC 14001: 2015Third edition 2015-09-15
ISO / IEC 17025:20172017
ISO / IEC 20243: 20182018
ISO / IEC 22301: 20122012
ISO / IEC 27001 (es): 2013Spanish
ISO / IEC 27001: 20132013 (Copyright)
ISO / IEC 27001:2022October 2022
ISO / IEC 27002: 20132013
ISO / IEC 27002: 2022Third Edition, March 2022
ISO / IEC 27017: 20152015
ISO / IEC 27018: 20192019
ISO / IEC 27031: 20112011
ISO / IEC 27701:2019 First Edition2019 - 08
ISO / IEC 28000: 20072007
ISO / IEC 420012023
ISO / IEC 9001: 20152015 (Copyright)
LGDP (English Version) (Brazilian General Data Protection)PNM 8/14/2018
LGDP (Portuguese version) (Brazilian GDPR)August 2018
Michigan Statutes Debt Management Act2015
MiFIDIIEU/ESMA 2016
New Hampshire StatutesStatutes: 399-D Debt Adjustment Services
NIST AI 100-1 (Artificial Intelligence Risk Management Framework (AI RMF 1.0))AI RMF 1.0
NIST CSF 1.1 (Cybersecurity Framework 1.1)v1.1.2018
NIST CSF 2.0 (Cybersecurity Framework 2.0)2024
NIST Privacy Framework Core2020 version 1.0
NIST SP 800-171 (2016)2016
NIST SP 800-171 Revision 2 with NIST 800-171A2020 Revision 2
NIST SP 800-171 Revision 3Revision 3, 2024
NIST SP 800-218 (Secure Software Development Framework (SSDF)2022 Version 1.1
NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software VulnerabilitiesFebruary 2022
NIST SP 800-223 (High-Performance Computing Security)February 2024
NIST SP 800-30 Guide for Conducting Risk Assessments2012 (Revision 1)
NIST SP 800-37 (Risk Management)2018 (Revision 1)
NIST SP 800-37 Revision 2 (Risk Management)2018 Revision 2
NIST SP 800-53 Revision 4Revision 4
NIST SP 800-53 Revision 52020 (with 2023 updates)
NYDFS 23 NYCRR PART 500NY DFS v1.0 2017
NYDFS 500 23 NYCRR Part 500 Amendment 22023 2nd Amendment
Nymity GDPR 2017 Accountability Framework2017 by Nymity
ODP Ohio Data Protection ActOhio ORC 11/2/2018
OWASP Top 10 Privacy Risk ProjectsCountermeasures v1.0
PAC2021
PACE (Best Practice Guidelines for Residential PACE Financing Programs)DOE 11/18/2016
Payment Card Industry (PCI) Point-to-Point EncryptionVersion 3.1, 2021
Payment Services Directive (PSD2)2015
PCCFDIControles Seguridad
PCI Payment Card Industry- PCI / DSS v3.1v3.1
PCI Payment Card Industry- PCI / DSS v3.2.1v3.2.1 2018
PCI Payment Card Industry- PCI / DSS v4.02022 v4.0
PCI PIN 3.1.A1 – Remote Key Distribution Using Asymmetric Techniques OperationsAnnex A
PCI PIN 3.1.A2 – Certification and Registration Authority Operations2021
PCI PIN 3.1.B - Key Injection Facilities2021
PCI PIN Security 3.02018 version 3.0
PCI PIN Security 3.12021 version 3.1
PCI Point-to-Point Encryption2019
Personal Information Protection and Electronic Documents Act (PIPEDA)2017
PHIPA 20042004
PRIIPS REGULATION (EU) No 1286/2014EU 2014
PRISM Privacy +2020
Prudential Standard CPS 234 Information SecurityJuly 2019
SACS-002 Third Party Cybersecurity StandardFebruary 2022
SACS-002 Third Party Cybersecurity Standard 2020January 2020
SEC Cybersecurity Disclosure2018
Secure Controls Framework (SCF)2022-23
SOC 1 (AICPA SOC 1)2020
SOC 2 (old) (AICPA TSC SOC 2 100A Type 1 and Type 2)AICPA TSC 2016
SOC 2 (AICPA TSC SOC 2 Type 1 and Type 2)AICPA 2017 (with 2022 TSC Revisions)
SOC 2 (AICPA TSC SOC 2 Type 1 and Type 2)AICPA 2017 (with 2022 TSC Revisions)
SOX 20022002
The Payment Services Regulations 20172017 No. 752
The Payment Services Regulations 2017 Schedules2017 No. 752
TL9000R6.3
UK Cyber Essentials 2021April 2021 version 2.2
UK Cyber Essentials 2022 (with IASME Assessment Controls)January 2022 version 3.0
Virginia Data Breach Notification § 18.2-186.62017
WebTrust for Certification AuthoritiesCPA Canada v2.3

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article