The unified control model
Most compliance frameworks share significant overlap in what they require. SecurAtlas takes advantage of this by maintaining a single library of 64 security controls that covers the requirements of all supported frameworks simultaneously. When you implement a control and attach evidence, that work is credited toward every framework requirement that the control maps to.Adding a framework to your workspace does not create new controls. It maps your existing controls to that framework’s requirements. If you have already implemented relevant controls, your readiness percentage will reflect that immediately.
Supported frameworks
SecurAtlas supports the following compliance frameworks:| Framework | Description |
|---|---|
| ISO 27001 | International standard for information security management systems |
| SOC 2 Type II | AICPA trust service criteria covering security, availability, and confidentiality |
| NIST CSF | NIST Cybersecurity Framework for identifying and managing cyber risk |
| HIPAA | US healthcare data privacy and security requirements |
| PCI DSS | Payment Card Industry Data Security Standard |
| CIS Controls | Prioritized security actions from the Center for Internet Security |
Adding a framework
To activate a framework for your workspace:Framework readiness
Your readiness percentage for a framework is calculated as the proportion of the framework’s aligned SecurAtlas controls that are markedimplemented out of the total number of aligned controls.
For example, if a framework maps to 40 SecurAtlas controls and you have implemented 30 of them, your readiness is 75%.
The Compliance page shows for each active framework:
- Readiness percentage — overall implementation progress
- Aligned controls count — total controls that contribute to this framework
- Implemented vs. not started — breakdown of control statuses