Skip to main content

Compliance Frameworks

The tables on this page list all available compliance frameworks that can be used within Lacework's cloud security posture management (CSPM) platform, which includes:

Cloud Compliance Dashboard - Frameworks tab
Kubernetes Compliance Dashboard - Frameworks tab
Reports - Report Configuration templates
- Not available for Kubernetes.

AWS
Google Cloud
Azure
OCI
Kubernetes

Framework Name	API Format	Notes
AWS CIS 1.4.0 Benchmark	`AWS_CIS_14`
AWS Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5	`AWS_CSA_CCM_4_0_5`	Comprised of CIS 1.4.0 policies
AWS Cyber Essentials 2.2 Report	`AWS_Cyber_Essentials_2_2`	Comprised of CIS 1.4.0 policies
AWS ISO/IEC 27002:2022	`AWS_CIS_1_4_ISO_IEC_27002_2022`	Comprised of CIS 1.4.0 policies
AWS Cybersecurity Maturity Model Certification (CMMC) v1.02	`AWS_CMMC_1.02`	Comprised of CIS 1.4.0 policies
AWS HIPAA Report	`AWS_HIPAA`	Comprised of CIS 1.4.0 policies
AWS ISO 27001:2013 Report	`AWS_ISO_27001:2013`	Comprised of CIS 1.4.0 policies
AWS NIST 800-171 rev2 Report	`AWS_NIST_800-171_rev2`	Comprised of CIS 1.4.0 policies
AWS NIST 800-53 rev5 Report	`AWS_NIST_800-53_rev5`	Comprised of CIS 1.4.0 policies
AWS NIST CSF	`AWS_NIST_CSF`	Comprised of CIS 1.4.0 policies
AWS PCI DSS 3.2.1 Report	`AWS_PCI_DSS_3.2.1`	Comprised of CIS 1.4.0 policies
AWS SOC 2 Report	`AWS_SOC_2`	Comprised of CIS 1.4.0 policies
AWS PCI DSS 4.0.0 Report	`AWS_PCI_DSS_4.0.0`	Comprised of CIS 1.4.0 policies
Lacework AWS Security Addendum 1.0	`LW_AWS_SEC_ADD_1_0`
AWS FSBP Standard	`FSBP`	This framework uses Lacework AWS Security Addendum and AWS CIS 1.4.0 benchmark policies when there is an overlap with the AWS FSBP Standard.

Framework Name	API Format	Notes
CIS Google Cloud Benchmark 1.3.0	`GCP_CIS13`
GCP Cybersecurity Maturity Model Certification (CMMC) v1.02	`GCP_CMMC_1_02`	Comprised of CIS 1.3.0 policies
GCP HIPAA (2013) Report	`GCP_HIPAA_2013`	Comprised of CIS 1.3.0 policies
GCP ISO 27001:2013 Report	`GCP_ISO_27001_2013`	Comprised of CIS 1.3.0 policies
GCP NIST 800-171 rev2 Report	`GCP_CIS_1_3_0_NIST_800_171_rev2`	Comprised of CIS 1.3.0 policies
GCP NIST 800-53 rev5 Report	`GCP_CIS_1_3_0_NIST_800_53_rev5`	Comprised of CIS 1.3.0 policies
GCP NIST CSF Report	`GCP_CIS_1_3_0_NIST_CSF`	Comprised of CIS 1.3.0 policies
GCP PCI DSS 3.2.1 Report	`GCP_PCI_DSS_3_2_1`	Comprised of CIS 1.3.0 policies
GCP SOC 2 Report	`GCP_SOC_2`	Comprised of CIS 1.3.0 policies
GCP PCI DSS 4.0.0 Report	`GCP_PCI_DSS_4_0_0`	Comprised of CIS 1.3.0 policies
GCP Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5	`GCP_CSA_CCM_4_0_5`	Comprised of CIS 1.3.0 policies

Framework Name	API Format	Notes
CIS Azure Benchmark 1.5.0	`AZURE_CIS_1_5`
Azure HIPAA Report	`AZURE_HIPAA_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure ISO 27001:2013 Report	`AZURE_ISO_27001:2013_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure NIST 800-171 rev2 Report	`AZURE_NIST_800-171_rev2_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure NIST 800-53 rev5 Report	`AZURE_NIST_800-53_rev5_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure NIST CSF Report	`AZURE_NIST_CSF_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure PCI DSS 3.2.1 Report	`AZURE_PCI_DSS_3_2_1_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure SOC 2 Report	`AZURE_SOC_2_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure PCI DSS 4.0.0 Report	`AZURE_PCI_DSS_4_0_0_CIS_1_5`	Comprised of CIS 1.5.0 policies
Azure Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5	`AZURE_CSA_CCM_4_0_5`	Comprised of CIS 1.5.0 policies

Framework Name	API Format	Notes
CIS Oracle Cloud Infrastructure Foundations Benchmark v1.2.0	`CIS_OCI_1_2_0`
Oracle Cloud Infrastructure Configuration (OCI CFG) Detector Rules	`OCI_CFG_DETECTOR`	This framework uses CIS 1.2.0 policies when there is an overlap with the OCI CFG Detector Rules.