Category | ProU | Standard | Independent | Threat Profiles | Licensed |
Count | 2 | 40 | 13 | 55 | 15 |
| Framework Name | Category | Description |
| ProcessUnity Core Controls | ProcessUnity Framework | The ProcessUnity questionnaire is a standardized, third-party cyber risk assessment that evaluates an organization's security posture across key risk domains, including governance, data protection, access management, and threat detection. It provides a dynamic, evidence-based risk profile that enables companies to assess and mitigate cybersecurity risks associated with their vendors and partners. The assessment aligns with industry frameworks such as NIST, ISO, and MITRE ATT&CK, offering actionable insights for improving overall cybersecurity resilience. |
| ProcessUnity Essential Controls | ProcessUnity Framework | The ProcessUnity Critical Controls questionnaire is a streamlined version of the ProcessUnity questionnaire focusing on a subset of controls that are often validated. |
| Payment Card Industry Data Security Standard v3.2.1 | Industry Standard | The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data and reduce credit card fraud. It includes requirements for securing networks, protecting stored data, and implementing strong access control measures to ensure safe handling of payment card information. |
| AUS Signals Directorate 37 | Industry Standard | The Australian Signals Directorate (ASD) 37 refers to a comprehensive framework that includes 37 strategies designed to mitigate cybersecurity incidents and enhance organizational security. These strategies provide best practices for protecting against cyber threats and improving overall cybersecurity posture. |
| CMMC Level 1 Cybersecurity Maturity Model Certification | Industry Standard | CMMC Level 1 certification is the foundational level of the Cybersecurity Maturity Model Certification, which requires defense contractors to implement basic cybersecurity practices to protect Federal Contract Information (FCI). It involves an annual self-assessment to ensure compliance with 15 specific security requirements. |
| CMMC Level 2 Cybersecurity Maturity Model Certification | Industry Standard | CMMC Level 2 certification is part of the Cybersecurity Maturity Model Certification program, which requires organizations to implement advanced cybersecurity practices to protect Controlled Unclassified Information (CUI). It includes 110 security controls based on NIST standards and necessitates a third-party assessment for compliance. |
| CMMC Level 3 Cybersecurity Maturity Model Certification | Industry Standard | CMMC Level 3 certification is part of the Cybersecurity Maturity Model Certification program, which requires organizations to implement advanced cybersecurity practices to protect Controlled Unclassified Information (CUI) from sophisticated threats. This level involves meeting stringent security requirements and undergoing assessments by the Defense Contract Management Agency to ensure compliance. |
| CMMC Level 5 Cybersecurity Maturity Model Certification | Industry Standard | CMMC Level 5 certification is the highest level in the Cybersecurity Maturity Model Certification framework, requiring organizations to implement advanced security practices to defend against complex cyber threats. This level is typically reserved for organizations managing highly sensitive Controlled Unclassified Information (CUI) and operating in high-risk environments. |
| NIST 800-171 | Industry Standard | NIST 800-171 is a cybersecurity framework that outlines security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. It provides 14 families of security controls, covering areas like access control, incident response, and encryption, to ensure that contractors and suppliers working with U.S. federal agencies maintain strong data protection measures. |
| NIST 800-53r5 | Industry Standard | NIST Special Publication 800-53 Revision 5 (NIST 800-53r5) is a comprehensive cybersecurity framework that provides a catalog of security and privacy controls for federal information systems and organizations. It introduces a more flexible, outcome-based approach to security, emphasizing the integration of privacy and supply chain risk management. This revision removes federal-specific language to encourage broader adoption across industries, enhances automation through control baselines, and strengthens protections against evolving threats, including those related to artificial intelligence, zero trust, and cloud security. |
| MITRE ATT&CK Framework - v14 Primary Controls | Industry Standard | The MITRE ATT&CK framework is a globally accessible knowledge base that documents real-world tactics, techniques, and procedures (TTPs) used by cyber adversaries throughout the attack lifecycle. It categorizes attacker behaviors into structured matrices based on phases such as initial access, execution, persistence, and exfiltration. Organizations use ATT&CK to improve threat intelligence, red teaming, incident response, and cybersecurity defense strategies by mapping attacks to known adversary techniques and developing more effective mitigations. |
| NATF SupplyChainSecCriteria | Industry Standard | The North American Transmission Forum (NATF) Supply Chain Security Criteria are a set of best-practice guidelines designed to assess and enhance the security posture of suppliers within the energy sector. These criteria assist organizations in evaluating supplier security measures, ensuring alignment with industry standards, and mitigating potential risks in the supply chain. |
| Department of Jobs Precincts Regions Cyber Sec Req | Industry Standard | The Department of Jobs, Precincts, and Regions (DJPR) Cyber Security Requirements outline the security measures and standards that organizations must follow to protect sensitive data, critical infrastructure, and digital assets. These requirements typically include risk management frameworks, compliance with industry standards (such as ISO 27001 and NIST), secure access controls, incident response protocols, data encryption, and continuous monitoring to mitigate cyber threats. The goal is to ensure a resilient cybersecurity posture that safeguards economic and regional development initiatives. |
| NIST SP 800-218 | Industry Standard | The NIST 800–218 Secure Software Development Framework (SSDF) promotes the integration of security testing across the software development life cycle, secure coding techniques, and a risk-based strategy. The framework strongly emphasizes ongoing observation, which promotes communication between the security and development teams. Organizations can improve software security, reduce vulnerabilities, and create resilient applications in the ever-changing world of cybersecurity threats by adhering to NIST 800–218. |
| Payment Card Industry Data Security Standard v4.0 | Industry Standard | The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data and reduce credit card fraud. It includes requirements for securing networks, protecting stored data, and implementing strong access control measures to ensure safe handling of payment card information. |
| AUS Govt Information Security Manual 2022 | Industry Standard | The Australian Government Information Security Manual (ISM), produced by the Australian Cyber Security Centre (ACSC), outlines a cybersecurity framework that organizations can apply, using their risk management framework, to protect their systems and data from cyber threats. |
| AUS Govt Information Security Manual 2020 | Industry Standard | The Australian Government Information Security Manual (ISM), produced by the Australian Cyber Security Centre (ACSC), outlines a cybersecurity framework that organizations can apply, using their risk management framework, to protect their systems and data from cyber threats. |
| NIST Privacy Framework | Industry Standard | The NIST Privacy Framework is a voluntary tool developed by the National Institute of Standards and Technology to help organizations identify and manage privacy risks while protecting individuals' privacy. It provides guidance for building innovative products and services in a way that respects personal data. |
| SingaporeMAS TRMG 20230710 | Industry Standard | MAS TRMG stands for the Monetary Authority of Singapore Technology Risk Management Guidelines, which are designed to help financial institutions in Singapore manage technology risks effectively. These guidelines provide best practices for risk governance, cybersecurity, and compliance to ensure the safety and resilience of financial operations. |
| Secure Controls Framework 2023 v2 | Industry Standard | The Secure Controls Framework (SCF) is a comprehensive set of cybersecurity and data privacy controls designed to help organizations meet their regulatory and compliance requirements. It provides a structured approach to implementing and maintaining secure practices across various industries. |
| UK NCSC CyberEssentials v3.0 | Industry Standard | Cyber Essentials is a UK government-backed certification scheme designed to help organizations protect themselves against common cyber threats by implementing a set of basic security controls. It emphasizes the importance of maintaining a minimum level of cybersecurity through annual assessments and includes guidelines for areas such as firewalls, secure configuration, access control, malware protection, and patch management. |
| UK NCSC Cyber Assessment Framework v3.1 | Industry Standard | Cyber Essentials is a UK government-backed certification scheme designed to help organizations protect themselves against common cyber threats by implementing a set of basic security controls. It emphasizes the importance of maintaining a minimum level of cybersecurity through annual assessments and includes guidelines for areas such as firewalls, secure configuration, access control, malware protection, and patch management. |
| CISCriticalSecurityCtrls v8 | Industry Standard | CIS Critical Security Controls are a set of 18 best practices designed to help organizations improve their cybersecurity posture and protect against common threats. They provide specific actions to enhance security and comply with various industry regulations. |
| AusGvmtASD Essential 8 Maturity Model v202311 | Industry Standard | The Essential 8 Maturity Model, developed by the Australian Cyber Security Centre (ACSC), provides a framework for organizations to assess and improve their cybersecurity practices. It outlines eight key strategies to mitigate cyber threats and defines three maturity levels for each strategy to help organizations gauge their implementation effectiveness. |
| EU DORA v12 2022 | Industry Standard | The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on January 16, 2023, and became applicable on January 17, 2025. It aims to strengthen the information and communication technology (ICT) security of financial entities, ensuring the European financial sector remains resilient against severe operational disruptions. |
| AUS Govt Information Security Manual vQ1 2024 | Industry Standard | The Australian Government Information Security Manual (ISM), produced by the Australian Cyber Security Centre (ACSC), outlines a cybersecurity framework that organizations can apply, using their risk management framework, to protect their systems and data from cyber threats. |
| NIST CSF 1.1 | Industry Standard | The NIST Cybersecurity Framework (CSF) 1.1 is a risk-based framework designed to help organizations manage and improve their cybersecurity posture. It consists of five core functions—Identify, Protect, Detect, Respond, and Recover—which provide a structured approach to managing cybersecurity risks. CSF 1.1 expands on the original version by incorporating better supply chain risk management, authentication and identity proofing, and self-assessment guidance. It is widely used across industries to enhance security resilience, align cybersecurity strategies with business objectives, and improve risk communication. |
| APRA CPS230 v0.4 | Industry Standard | APRA CPS refers to the Prudential Standards set by the Australian Prudential Regulation Authority (APRA), which are regulations aimed at ensuring the safety and soundness of financial institutions in Australia. These standards, including CPS 234, focus on areas like information security and operational risk management to protect consumers and maintain financial stability. |
| MITRE ATT&CK Framework - v15 Primary and Supporting Controls | Industry Standard | The MITRE ATT&CK framework is a globally accessible knowledge base that documents real-world tactics, techniques, and procedures (TTPs) used by cyber adversaries throughout the attack lifecycle. It categorizes attacker behaviors into structured matrices based on phases such as initial access, execution, persistence, and exfiltration. Organizations use ATT&CK to improve threat intelligence, red teaming, incident response, and cybersecurity defense strategies by mapping attacks to known adversary techniques and developing more effective mitigations. |
| NIST CSF 2.0 | Industry Standard | The NIST Cybersecurity Framework (CSF) 2.0 is an updated version of the original NIST CSF, providing guidelines, best practices, and standards to help organizations manage and reduce cybersecurity risks. CSF 2.0 expands upon the original framework by introducing a "Govern" function, emphasizing cybersecurity governance, risk management, and decision-making at the executive level. It retains the core functions—Identify, Protect, Detect, Respond, and Recover—while improving guidance for supply chain security, emerging threats, and adaptability for organizations of all sizes and industries. The framework is designed to be flexible, allowing organizations to align their cybersecurity strategies with business objectives and regulatory requirements. |
| IVP - Denial of Service | Industry Standard | IVP Denial of Service (DoS) refers to a type of attack that exploits vulnerabilities in IP Validation Protocols (IVP) or related network mechanisms, overwhelming a system to disrupt normal operations. Attackers may exploit weaknesses in packet validation, authentication mechanisms, or stateful connections, leading to resource exhaustion, degraded performance, or complete service unavailability. Mitigations typically include rate limiting, anomaly detection, and strengthening validation protocols to prevent abuse. |
| AUS Govt Information Security Manual vQ3 2024 | Industry Standard | The Australian Government Information Security Manual (ISM), produced by the Australian Cyber Security Centre (ACSC), outlines a cybersecurity framework that organizations can apply, using their risk management framework, to protect their systems and data from cyber threats. |
| ISA 62443 2-1 OT v2009 | Industry Standard | Security for industrial automation and control systems Part 3-3: System security requirements and security levels (2009 & 2013) |
| ISA 62443 OT v2009 v2013 | Industry Standard | Security for industrial automation and control systems Part 3-3: System security requirements and security levels (2009 & 2013) |
| ISA62443 4-2 OT IACS Components | Industry Standard | Security for industrial automation and IACS Components Part 4-2 |
| OWASP Top 10 v2021 | Industry Standard | The OWASP Top 10 for 2021 is a globally recognized framework that outlines the most critical security risks to web applications. |
| AICPA 2017 TSC Standards | Industry Standard | 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
| CSA Cloud Controls Matrix v4.0.13 | Industry Standard | The CSA Cloud Controls Matrix (CCM) is a cybersecurity framework developed by the Cloud Security Alliance to provide a structured set of security controls for cloud computing environments. It helps organizations assess the security posture of their cloud services and is aligned with various industry standards and regulations. |
| CSA Cloud Controls Matrix Lite v4.0.13 | Industry Standard | The CSA Cloud Controls Matrix (CCM) Lite is a subset cybersecurity framework developed by the Cloud Security Alliance to provide a structured set of security controls for cloud computing environments. It helps organizations assess the security posture of their cloud services and is aligned with various industry standards and regulations. |
| CSA-CAIQ v4.0.3 | Industry Standard | Cloud Security Alliance - Consensus Assessments Initiative Questionnaire v4.0.3 |
| CSA-CAIQ Lite v4.0.3 | Industry Standard | Cloud Security Alliance - Consensus Assessments Initiative Questionnaire LITE v4.0.3 |
| UK NCSC Cyber Essentials Willow v3.2 | Industry Standard | Cyber Essentials is a UK government-backed certification scheme designed to help organizations protect themselves against common cyber threats by implementing a set of basic security controls. It emphasizes the importance of maintaining a minimum level of cybersecurity through annual assessments and includes guidelines for areas such as firewalls, secure configuration, access control, malware protection, and patch management. |
| California Consumer Privacy Act | Independent | CA Consumer Privacy Act (CCPA) |
| Australian Prudential Regulation Authority CPS 234 | Independent | AUS Prudential Regulation Authority (APRA) CPS 234 |
| Australian Energy Sector Cyber Security Framework | Independent | AUS Energy Sector Cyber Security Framework (AESCSF) |
| NERC Critical Infrastructure Protection | Independent | NERC Critical Infrastructure Protection (CIP) |
| General Data Protection Regulation | Independent | General Data Protection Regulation (GDPR) |
| Health Insurance Portability and Accountability Act Security Rule | Independent | Health Insurance Portability and Accountability Act (HIPAA)_Security Rule |
| Insurance Data Security Law | Independent | Insurance Data Security Law |
| Dept of Health Cyber Sec Req | Independent | Dept of Health - Cyber Sec Req |
| Higher Education Community Vendor Assessment Tool v3.03 | Independent | HECVAT v3.03 |
| Higher Education Community Vendor Assessment Tool v3.04 | Independent | HECVAT v3.04 |
| Australia Department of Health v1.0 | Independent | AUS Department of Health_v1.0 |
| Cyber Risk Institute Profile | Independent | The Cyber Risk Institute (CRI) Profile is a cybersecurity risk assessment framework specifically designed for the financial sector. It aligns with industry standards, including the NIST Cybersecurity Framework (CSF) and regulatory requirements, to help financial institutions assess and manage cyber risks effectively. The CRI Profile streamlines compliance by mapping controls across multiple regulatory frameworks, reducing the burden of redundant assessments while ensuring comprehensive cybersecurity risk management. |
| NYDFS Cybersecurity Regulation | Independent | NYDFS Cybersecurity Regulation (23 NYCRR 500) |
| Accellion File Transfer Application Breach | Threat Profile | Threat Profile: Accellion File Transfer Application Breach |
| SolarGate Breach | Threat Profile | Threat Profile: SolarGate Breach |
| REvil Ransomware Kaseya Supply Chain Attack | Threat Profile | Threat Profile: REvil Ransomware - Kaseya Supply Chain Attack |
| LogJam CVE-2021-44228 | Threat Profile | Threat Profile: LogJam - CVE-2021-44228 |
| CISA Bad Practices | Threat Profile | Threat Profile: CISA's "Bad Practices" |
| CodeCov Breach | Threat Profile | Threat Profile: CodeCov Breach |
| Grp Profile Known Lapsus$ Extortion Techniques v.40 | Threat Profile | Threat Profile: Grp Profile_Known Lapsus$ Extortion Techniques |
| Hafnium Exchange Server Breach | Threat Profile | Threat Profile: Hafnium Exchange Server Breach |
| LockBit 2.0 | Threat Profile | Threat Profile: LockBit 2.0 |
| MedusaLocker | Threat Profile | Threat Profile: MedusaLocker |
| Ransomware Threat Profile | Threat Profile | Threat Profile: Ransomware Threat Profile |
| Online Retail PoS Fraud Card Not Present | Threat Profile | Threat Profile: Online Retail PoS Fraud_Card Not Present |
| Russian State-Sponsored Techniques and Tactics | Threat Profile | Threat Profile: RUS State-Sponsored Techniques and Tactics |
| Russian Destructive Malware v2 | Threat Profile | Threat Profile: RUS Destructive Malware_v2 |
| EvilProxy Phishing-As-A-Service | Threat Profile | Threat Profile: EvilProxy Phishing-As-A-Service |
| Cuban Ransomware | Threat Profile | Threat Profile: CUB Ransomware v1 |
| Russian Destructive Malware v3 | Threat Profile | Threat Profile: RUS Destructive Malware_v3 |
| StopRansomware Royal Ransomware | Threat Profile | Threat Profile: Royal Ransomware |
| StopRansomware LockBit 3.0 | Threat Profile | Threat Profile: LockBit 3.0 |
| LazarusGrp AppleJeusFallChill | Threat Profile | Threat Profile: LazarusGrp_AppleJeusFallChill |
| Clop Ransomware | Threat Profile | Threat Profile: Clop Ransomware |
| Blackcat ALPHV Ransomware | Threat Profile | Threat Profile: Blackcat ALPHV Ransomware |
| RUIntel SnakeMalware | Threat Profile | Threat profile: RUS Intel_SnakeMalware |
| PRC LivingotLand | Threat Profile | Threat profile: CHN_LivingotLand |
| MOVEit ClopGang CVE-2023-34362 v2.0 | Threat Profile | Threat Profile: MOVEit-ClopGang_CVE-2023-34362_v2.0 |
| QakBot Infra v1 | Threat Profile | Threat Profile: QakBot Infra_v1 |
| StopRansomware Rhysida Ransomware | Threat Profile | Threat Profile: Rhysida Ransomware |
| RUS StarBlizzard Spear Phishing 20231207 | Threat Profile | Threat Profile: RUS_StarBlizzard_Spear-phishing_07Dec23 |
| IoCs Androxgh0stMalware v1.0 | Threat Profile | Threat Profile: IoCs_Androxgh0stMalware_v1.0 |
| StopRansomware LockBit 3.0 v2 260124 | Threat Profile | Threat Profile: LockBit 3.0_v2_260124 |
| StopRansomware CitrixBleed v1 CVE 2023-4966 | Threat Profile | Threat Profile: CitrixBleed_v1_CVE 2023-4966 |
| JetBrains TeamCity v1 CVE 2023-42793 | Threat Profile | Threat Profile: JetBrains_TeamCity_v1_CVE 2023-42793 |
| JetBrains TeamCity v1 CVE 2023-42793 | Threat Profile | Threat Profile: JetBrains_TeamCity_v1_CVE 2023-42793 |
| StopRansomware CitrixBleed v1 CVE 2023-4966 | Threat Profile | Threat Profile: CitrixBleed_v1_CVE 2023-4966 |
| StopRansomware Phobos Ransomware 02292024 | Threat Profile | Threat Profile: Phobos Ransomware_02292024 |
| MultiVul IvantiConnect v02292024 | Threat Profile | Threat Profile: MultiVul_IvantiConnect_v02292024 |
| StopRansomware ALPHV Blackcat v1.0 | Threat Profile | Threat Profile: ALPHV Blackcat v1.0 |
| JetBrains TeamCity v1 CVE 2023-42793 | Threat Profile | Threat Profile: JetBrains_TeamCity_v1_CVE 2023-42793 |
| StopRansomware Phobos Ransomware | Threat Profile | Threat Profile: Phobos Ransomware |
| StopRansomware CitrixBleed v1 CVE 2023-4966 | Threat Profile | Threat Profile: CitrixBleed_v1_CVE 2023-4966 |
| StopRansomware Akira Ransomware | Threat Profile | Threat Profile: Akira_Ransomware v1 |
| VoltTyphoon PRC v1 20240430 | Threat Profile | Threat Profile: VoltTyphoon_CHN_v1_043024 |
| StopRansomware BlackBasta Ransomware v05152024 | Threat Profile | Threat Profile: BlackBasta Ransomware_v05152024 |
| ShinyHunters v20240604 | Threat Profile | Threat Profile: ShinyHunters_v06042024 v1 |
| North Korea Cyber Grp AA24-207A | Threat Profile | Threat Profile: PRK Cyber Grp_AA24-207A |
| Top 20 MITRE ATT&CK Tactics Threat Actors Use Now | Threat Profile | Threat Profile: Top 20 MITRE ATT&CK Tactics Threat Actors Use Now |
| Iran Ransomware AA24-241A | Threat Profile | Threat profile: IRN Ransomware_AA24-241A |
| StopRansomware RansomHub AA24-242AA | Threat Profile | Threat Profile: RansomHub_AA24-242AA |
| RUS Mil Unit29155 AA24-249AA | Threat Profile | Threat Profile: RUS Mil_Unit29155_AA24-249AA |
| Master CWE Mapping | Threat Profile | Master CWE Mapping |
| IranBruteForceCredentialAccess AA24-290A | Threat Profile | Threat Profile: IRN BruteForceCredentialAccess_AA24-290A |
| StopRansomware BianLian Ransomware Group AA23-136A | Threat Profile | Threat Profile: BianLian Ransomware Group AA23-136A |
| VoltTyphoon PRC v2 20250109 | Threat Profile | Threat Profile: Volt Typhoon is a stealthy, state-sponsored cyber threat actor linked to China, known for conducting long-term espionage campaigns targeting critical infrastructure, government, and defense sectors, primarily in the United States. |
| GhostCring PRC v1 20250219 | Threat Profile | Threat Profile: GhostCring PRC refers to the Ghost (also known as Cring) ransomware group, a financially motivated threat actor originating from the People's Republic of China (PRC). They are known for rotating their ransomware payloads, ransom notes, and file extensions, leading to associations with other ransomware groups such as Crypt3r, Hello, HsHarada, Phantom, Rapture, Strike, and Wickrme. |
| Scattered Spider v1 20250703 | Threat Profile | Scattered Spider is a financially motivated cybercriminal group, known for using sophisticated social engineering tactics such as voice phishing (vishing) and SIM swapping to gain unauthorized access to organizations. They primarily target high-profile sectors including telecommunications, retail, and aviation, deploying ransomware and engaging in data exfiltration for extortion. |
| SIG CORE 2020 | Licensed Content | The v2020 SIG CORE (Standardized Information Gathering - CORE) framework is a comprehensive vendor risk assessment tool used to evaluate an organization's cybersecurity, IT, and data protection practices. Developed by Shared Assessments, it standardizes due diligence by assessing risk across multiple domains, including security policies, compliance, data governance, privacy, and third-party risk management. SIG CORE provides a structured questionnaire that helps organizations efficiently gather and analyze risk-related information from vendors, ensuring alignment with industry best practices and regulatory requirements. |
| SIG FULL 2020 | Licensed Content | The v2020 SIG FULL (Standardized Information Gathering) Framework is a comprehensive security and risk assessment questionnaire designed to evaluate a third party’s cybersecurity, privacy, and compliance posture. It consists of detailed, structured questions covering a wide range of security domains, such as data protection, access control, incident response, and regulatory compliance. The SIG Full version is the most extensive, offering a deep dive into an organization's security controls to assess potential risks before engaging with vendors, partners, or service providers. |
| SIG Privacy 2020 | Licensed Content | The v2020 SIG Privacy Framework is a structured assessment methodology designed to evaluate an organization’s privacy controls, policies, and practices. It is part of the Shared Assessments Standardized Information Gathering (SIG) framework and focuses on identifying risks related to data protection, regulatory compliance (e.g., GDPR, CCPA), and privacy governance. The framework helps organizations assess third-party privacy risks, ensure alignment with industry standards, and maintain transparency in data handling and protection practices. |
| SIG LITE 2017 | Licensed Content | The v2017 SIG LITE (Standardized Information Gathering) framework is a streamlined version of the SIG (Standardized Information Gathering) questionnaire used for third-party risk assessments. It provides a high-level, standardized approach to evaluating a vendor’s security, privacy, and compliance posture without the depth of a full SIG assessment. SIG LITE is designed for efficiency, allowing organizations to quickly assess low-risk vendors or conduct preliminary reviews before a more in-depth evaluation. |
| SIG LITE 2023 | Licensed Content | The v2023 SIG LITE (Standardized Information Gathering) framework is a streamlined version of the SIG (Standardized Information Gathering) questionnaire used for third-party risk assessments. It provides a high-level, standardized approach to evaluating a vendor’s security, privacy, and compliance posture without the depth of a full SIG assessment. SIG LITE is designed for efficiency, allowing organizations to quickly assess low-risk vendors or conduct preliminary reviews before a more in-depth evaluation. |
| ISO 27002 2013 | Licensed Content | ISO 27002 is an international standard that provides best practices and guidelines for implementing information security controls. It serves as a companion to ISO 27001, offering detailed guidance on selecting and applying security measures to manage risks. The framework covers key areas such as access control, asset management, cryptography, incident response, and compliance, helping organizations strengthen their security posture and align with regulatory requirements. |
| SIG CORE 2023 | Licensed Content | The v2023 SIG CORE (Standardized Information Gathering) framework is a comprehensive vendor risk assessment tool used to evaluate an organization's cybersecurity, IT, and data protection practices. Developed by Shared Assessments, it standardizes due diligence by assessing risk across multiple domains, including security policies, compliance, data governance, privacy, and third-party risk management. SIG CORE provides a structured questionnaire that helps organizations efficiently gather and analyze risk-related information from vendors, ensuring alignment with industry best practices and regulatory requirements. |
| ISO 27002 2022 | Licensed Content | ISO 27002 is an international standard that provides best practices and guidelines for implementing information security controls. It serves as a companion to ISO 27001, offering detailed guidance on selecting and applying security measures to manage risks. The framework covers key areas such as access control, asset management, cryptography, incident response, and compliance, helping organizations strengthen their security posture and align with regulatory requirements. |
| Victorian Protective Data Security Standards v2.1 | Licensed Content | Custom mapping of customer controls to ProcessUnity controls. |
| ProcessUnity Workflow TPQ | Licensed Content | ProcessUnity TPQ stands for Third-Party Questionnaire. It is a core component of ProcessUnity’s Third-Party Risk Management (TPRM) platform, designed to assess the cybersecurity and operational risk of vendors, suppliers, partners, and other third parties. |
| SIG Lite 2024 | Licensed Content | The v2024 SIG LITE (Standardized Information Gathering) framework is a streamlined version of the SIG (Standardized Information Gathering) questionnaire used for third-party risk assessments. It provides a high-level, standardized approach to evaluating a vendor’s security, privacy, and compliance posture without the depth of a full SIG assessment. SIG LITE is designed for efficiency, allowing organizations to quickly assess low-risk vendors or conduct preliminary reviews before a more in-depth evaluation. |
| SIG Core 2024 | Licensed Content | The v2024 SIG CORE (Standardized Information Gathering) framework is a comprehensive vendor risk assessment tool used to evaluate an organization's cybersecurity, IT, and data protection practices. Developed by Shared Assessments, it standardizes due diligence by assessing risk across multiple domains, including security policies, compliance, data governance, privacy, and third-party risk management. SIG CORE provides a structured questionnaire that helps organizations efficiently gather and analyze risk-related information from vendors, ensuring alignment with industry best practices and regulatory requirements. |
| SIG LITE 2025 | Licensed Content | The v2025 SIG LITE (Standardized Information Gathering) framework is a streamlined version of the SIG (Standardized Information Gathering) questionnaire used for third-party risk assessments. It provides a high-level, standardized approach to evaluating a vendor’s security, privacy, and compliance posture without the depth of a full SIG assessment. SIG LITE is designed for efficiency, allowing organizations to quickly assess low-risk vendors or conduct preliminary reviews before a more in-depth evaluation. |
| SIG CORE 2025 | Licensed Content | The v2025 SIG CORE (Standardized Information Gathering) framework is a comprehensive vendor risk assessment tool used to evaluate an organization's cybersecurity, IT, and data protection practices. Developed by Shared Assessments, it standardizes due diligence by assessing risk across multiple domains, including security policies, compliance, data governance, privacy, and third-party risk management. SIG CORE provides a structured questionnaire that helps organizations efficiently gather and analyze risk-related information from vendors, ensuring alignment with industry best practices and regulatory requirements. |
| SIG Lite 2022 | Licensed Content
| The v2022 SIG LITE (Standardized Information Gathering - LITE) framework is a comprehensive vendor risk assessment tool used to evaluate an organization's cybersecurity, IT, and data protection practices. Developed by Shared Assessments, it standardizes due diligence by assessing risk across multiple domains, including security policies, compliance, data governance, privacy, and third-party risk management. SIG LITE provides a structured questionnaire that helps organizations efficiently gather and analyze risk-related information from vendors, ensuring alignment with industry best practices and regulatory requirements. |