Compliance Frameworks
The tables on this page list all available compliance frameworks that can be used within Lacework's cloud security posture management (CSPM) platform, which includes:
- Cloud Compliance Dashboard - Frameworks tab
- Kubernetes Compliance Dashboard - Frameworks tab
- Reports - Report Configuration templates
- Not available for Kubernetes.
- AWS
- Google Cloud
- Azure
- OCI
- Kubernetes
Framework Name | API Format | Notes |
---|---|---|
AWS CIS 1.4.0 Benchmark | AWS_CIS_14 | |
AWS Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5 | AWS_CSA_CCM_4_0_5 | Comprised of CIS 1.4.0 policies |
AWS Cyber Essentials 2.2 Report | AWS_Cyber_Essentials_2_2 | Comprised of CIS 1.4.0 policies |
AWS ISO/IEC 27002:2022 | AWS_CIS_1_4_ISO_IEC_27002_2022 | Comprised of CIS 1.4.0 policies |
AWS Cybersecurity Maturity Model Certification (CMMC) v1.02 | AWS_CMMC_1.02 | Comprised of CIS 1.4.0 policies |
AWS HIPAA Report | AWS_HIPAA | Comprised of CIS 1.4.0 policies |
AWS ISO 27001:2013 Report | AWS_ISO_27001:2013 | Comprised of CIS 1.4.0 policies |
AWS NIST 800-171 rev2 Report | AWS_NIST_800-171_rev2 | Comprised of CIS 1.4.0 policies |
AWS NIST 800-53 rev5 Report | AWS_NIST_800-53_rev5 | Comprised of CIS 1.4.0 policies |
AWS NIST CSF | AWS_NIST_CSF | Comprised of CIS 1.4.0 policies |
AWS PCI DSS 3.2.1 Report | AWS_PCI_DSS_3.2.1 | Comprised of CIS 1.4.0 policies |
AWS SOC 2 Report | AWS_SOC_2 | Comprised of CIS 1.4.0 policies |
AWS PCI DSS 4.0.0 Report | AWS_PCI_DSS_4.0.0 | Comprised of CIS 1.4.0 policies |
Lacework AWS Security Addendum 1.0 | LW_AWS_SEC_ADD_1_0 | |
AWS FSBP Standard | FSBP | This framework uses Lacework AWS Security Addendum and AWS CIS 1.4.0 benchmark policies when there is an overlap with the AWS FSBP Standard. |
Framework Name | API Format | Notes |
---|---|---|
CIS Google Cloud Benchmark 1.3.0 | GCP_CIS13 | |
CIS Google Cloud Benchmark 2.0.0 | GCP_CIS_2_0_0 | |
GCP Cybersecurity Maturity Model Certification (CMMC) v1.02 | GCP_CMMC_1_02 | Comprised of CIS 1.3.0 policies |
GCP HIPAA (2013) Report | GCP_HIPAA_2013 | Comprised of CIS 1.3.0 policies |
GCP ISO 27001:2013 Report | GCP_ISO_27001_2013 | Comprised of CIS 1.3.0 policies |
GCP NIST 800-171 rev2 Report | GCP_CIS_1_3_0_NIST_800_171_rev2 | Comprised of CIS 1.3.0 policies |
GCP NIST 800-53 rev5 Report | GCP_CIS_1_3_0_NIST_800_53_rev5 | Comprised of CIS 1.3.0 policies |
GCP NIST CSF Report | GCP_CIS_1_3_0_NIST_CSF | Comprised of CIS 1.3.0 policies |
GCP PCI DSS 3.2.1 Report | GCP_PCI_DSS_3_2_1 | Comprised of CIS 1.3.0 policies |
GCP SOC 2 Report | GCP_SOC_2 | Comprised of CIS 1.3.0 policies |
GCP PCI DSS 4.0.0 Report | GCP_PCI_DSS_4_0_0 | Comprised of CIS 1.3.0 policies |
GCP Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5 | GCP_CSA_CCM_4_0_5 | Comprised of CIS 1.3.0 policies |
Framework Name | API Format | Notes |
---|---|---|
CIS Azure Benchmark 1.5.0 | AZURE_CIS_1_5 | |
Azure HIPAA Report | AZURE_HIPAA_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure ISO 27001:2013 Report | AZURE_ISO_27001:2013_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure NIST 800-171 rev2 Report | AZURE_NIST_800-171_rev2_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure NIST 800-53 rev5 Report | AZURE_NIST_800-53_rev5_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure NIST CSF Report | AZURE_NIST_CSF_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure PCI DSS 3.2.1 Report | AZURE_PCI_DSS_3_2_1_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure SOC 2 Report | AZURE_SOC_2_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure PCI DSS 4.0.0 Report | AZURE_PCI_DSS_4_0_0_CIS_1_5 | Comprised of CIS 1.5.0 policies |
Azure Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5 | AZURE_CSA_CCM_4_0_5 | Comprised of CIS 1.5.0 policies |
Framework Name | API Format | Notes |
---|---|---|
CIS Oracle Cloud Infrastructure Foundations Benchmark v1.2.0 | CIS_OCI_1_2_0 | |
Oracle Cloud Infrastructure Configuration (OCI CFG) Detector Rules | OCI_CFG_DETECTOR | This framework uses CIS 1.2.0 policies when there is an overlap with the OCI CFG Detector Rules. |
Framework Name | API Format | Notes |
---|---|---|
CIS Amazon Elastic Kubernetes Service (EKS) 1.1.0 | Unavailable | |
CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0 | K8S_CIS_GKE_1_4_0 |