30+ Security & Compliance Frameworks

Pre-built control libraries and compliance mappings for the world's most recognised security standards. Covering NIST, ISO, Australian government, privacy, and industry-specific frameworks - all ready to go from day one.

All Frameworks

Choose Your Path to Compliance

Whether you need to meet government requirements, satisfy customer audits, or improve your security posture, we've got you covered with frameworks across every major standard.

Powered by the Secure Controls Framework

Every framework in Risk Ninja is mapped to the Secure Controls Framework (SCF) - a meta-framework that bridges across 100+ security and privacy standards. This means your compliance work in one framework automatically maps to others, eliminating duplicate effort.

Cross-framework mapping out of the box
Reduce duplicate assessments by up to 60%
Unified compliance posture across all active frameworks
Prioritise remediation for maximum multi-framework impact

Example: Cross-Framework Mapping

NIST 800-53 AC-2 → ISO 27001 A.5.18

NIST 800-53 AC-2 → CIS Controls 5.3

NIST 800-53 AC-2 → PCI DSS 7.1

NIST 800-53 AC-2 → ACSC ISM 0432

Built for Australian RFFR Compliance

For employment services providers under the Department of Employment and Workplace Relations' Right Fit For Risk programme, Risk Ninja ships an RFFR meta-framework that unifies the Essential Eight, ACSC ISM and ISO 27001 — and syncs directly to the DEWR Statement of Applicability spreadsheet.

Three frameworks, one assessor-ready posture view
Two-way SoA spreadsheet sync, formatting preserved
Seven DEWR obligations tracked with named owners
Daily E8 ↔ ISM reconciliation with weakest-sibling conflict resolution

See RFFR in Detail →

RFFR Meta-Framework

ACSC Essential Eight → RFFR

ACSC ISM (Mar 2026) → RFFR

ISO 27001:2022 → RFFR

DEWR Obligations → RFFR

NIST Family

10 frameworks

NIST CSF v2.0

Cybersecurity Framework 2.0 - the gold standard for cybersecurity risk management

NIST SP 800-53 R5.2

Security and Privacy Controls for Information Systems and Organizations

NIST SP 800-171 R3

Protecting Controlled Unclassified Information (Rev 3)

NIST SP 800-171 R2

Protecting Controlled Unclassified Information (Rev 2)

NIST SP 800-172 R3

Enhanced Security Requirements for CUI

NIST SP 800-161 R1

Cybersecurity Supply Chain Risk Management

NIST SP 800-207

Zero Trust Architecture

NIST SP 800-218 R1.1

Secure Software Development Framework (SSDF)

NIST AI 100-1

Artificial Intelligence Risk Management Framework

NIST AI 600-1

AI Safety and Security Guidelines

ISO Family

5 frameworks

ISO 27001:2022

Information Security Management System - the world's most recognised security standard

ISO 27002:2022

Information Security Controls - implementation guidance for ISO 27001

ISO 27701:2019

Privacy Information Management - extension to ISO 27001 for privacy

ISO 29100:2024

Privacy Framework - principles for processing personal data

ISO 42001:2023

AI Management System - governance framework for artificial intelligence

Australian Frameworks

8 frameworks

RFFR (Right Fit For Risk) →

DEWR meta-framework for Australian employment services providers. Unifies E8, ISM and ISO 27001 with native SoA spreadsheet sync.

ACSC Essential Eight

Essential Eight Maturity Model - prioritised mitigation strategies with maturity level tracking

ACSC ISM (March 2026)

Australian Government Information Security Manual - comprehensive security controls, latest control set imported

CPS 230

Operational Risk Management - APRA prudential standard for regulated entities

CPS 234

Information Security - APRA prudential standard for financial services

Privacy Act 1998

Australian Privacy Act - federal legislation governing personal information handling

Australian Privacy Principles

APPs - the cornerstone of the privacy protection framework under the Privacy Act

AU IoT Code of Practice

Voluntary code for securing Internet of Things devices in Australia

Industry & Regulatory

6 frameworks

CIS Controls v8.1

Center for Internet Security Critical Security Controls

PCI DSS v4.0.1

Payment Card Industry Data Security Standard

AICPA TSC 2017

Trust Services Criteria - the foundation for SOC 2 audits

TISAX

Trusted Information Security Assessment Exchange for the automotive industry

GovRAMP

Government Risk Assessment & Management Program

NAIC Insurance Model Law

Insurance Data Security Model Law for the insurance industry

Privacy Frameworks

3 frameworks

APEC Privacy Framework

Asia-Pacific Economic Cooperation privacy principles for cross-border data flows

OECD Privacy Guidelines

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

Data Privacy Mgmt Principles

Data Privacy Management Principles for organisational privacy programs

Any Framework or Standard, Supported on Request

If your organisation needs a framework, regulation, or internal control catalogue we don't yet ship, we'll add it. Sector-specific standards, customer control sets, regulator updates — ask us and we'll get it into the platform for you. You can also import fully custom frameworks from Excel or CSV today and track them alongside everything else.

Request a Framework

Ready to Streamline Your Compliance?

Get started with Risk Ninja and see how easy multi-framework compliance can be.

Start Free Trial View Pricing