Compliance Frameworks
Compliance frameworks are structured sets of security controls organized into control groups. They provide the foundation for your audit programs and define which controls need to be tested.
SecureHive supports two types of frameworks: platform frameworks (pre-built standards like ISO 27001, SOC 2, and PCI-DSS available in the marketplace) and custom frameworks you create with your own control groups and controls.
Framework structure
Each framework is organized into control groups — logical groupings of related controls such as “Access Control” or “Cryptography.” Each control group contains individual controls with an ID, name, description, and assessment questions.
Framework (ISO 27001:2022)
├── Control Group (A.9 - Access Control)
│ ├── Control (A.9.1.1 - Access control policy)
│ ├── Control (A.9.2.1 - User registration)
│ └── Control (A.9.2.3 - Privileged access rights)
├── Control Group (A.10 - Cryptography)
│ └── ...
└── Control Group (A.12 - Operations Security)
└── ...Licensing a framework
Browse the marketplace
Navigate to Assurance Reviews → Audit Frameworks and browse available frameworks. Review framework details including control groups, individual controls, and coverage.
License the framework
Click License Framework on the standard you want to use. The framework is copied to your tenant with all its control groups and individual controls.
Verify in My Frameworks
The licensed framework appears in the My Frameworks section, ready to use when creating audit programs.
Available frameworks
SecureHive includes several industry-standard frameworks:
| Framework | Description |
|---|---|
| ISO 27001:2022 | International standard for information security management systems |
| SOC 2 Type II | Trust services criteria covering security, availability, processing integrity, confidentiality, and privacy |
| PCI-DSS | Payment card industry data security standard for organizations handling credit card information |
| NIST CSF 2.0 | Framework for improving critical infrastructure cybersecurity with five core functions |
| HITRUST CSF v11.2 | Common security framework combining multiple regulatory requirements |
| CMMC 2.0 | Cybersecurity Maturity Model Certification for defense contractors |
Additional frameworks including ISO 42001 (AI management), EU AI Act 2024, and custom ITGC templates are available. See the configuration page for the full list of supported frameworks.
Custom frameworks
If your organization has unique compliance requirements, you can create custom frameworks with your own control groups and controls. Custom frameworks work the same way as platform frameworks — they can be used in audit programs, linked to control tests, and included in reports.
Next steps
After licensing a framework, create an audit program to define how the framework will be used in your organization.