Compliance standards
Compliance code name | Compliance full name | Applicability | AWS | Azure | GCP | Alibaba |
|---|---|---|---|---|---|---|
APRA | Australian Prudential Regulation Authority | Australia | Yes | No | Yes | No |
AWS-WAF | Amazon Web Services Web Application Firewall | Global | Yes | No | No | No |
BNM-RMIT | Bank Negara Malaysia - Risk Management in Technology | Malaysia | Yes | No | Yes | No |
BNM-RMIT-2023 | Bank Negara Malaysia - Risk Management in Technology (Year 2023) | Malaysia | Yes | Yes | Yes | No |
BNM-RMIT-APDX-10-CTRAG-DRAFT | Bank Negara Malaysia - Risk Management in Technology - Appendix 10 - Cyber Threat and Risk Assessment Guide (Draft) | Malaysia | Yes | Yes | Yes | Yes |
CCM-V4-0-5 | Cloud Controls Matrix Version 4.0.5 | Global | Yes | Yes | Yes | Yes |
CCOP-V2 | Cybersecurity Code of Practice For Critical Information Infrastructure – Second Edition (CCoP2.0) of Singapore | Singapore | Yes | Yes | Yes | Yes |
CIS-AWS | Center for Internet Security - Amazon Web Services | Global | Yes | No | No | Yes |
CIS-AWS-1-4 | Center for Internet Security - Amazon Web Services Benchmark Version 1.4 | Global | Yes | No | No | No |
CIS-AZR-1-4 | Center for Internet Security - Microsoft Azure Benchmark Version 1.4 | Global | No | Yes | No | No |
CIS-GCP | Center for Internet Security - Google Cloud Platform | Global | No | No | Yes | No |
CIS-GCP-1-2 | Center for Internet Security - Google Cloud Platform Benchmark Version 1.2 | Global | No | No | Yes | No |
CIS-GCP-1-3 | Center for Internet Security - Google Cloud Platform Benchmark Version 1.3 | Global | No | No | Yes | No |
CIS-GKE | Center for Internet Security - Google Kubernetes Engine | Global | No | No | Yes | No |
CIS-GKE-1-2 | Center for Internet Security - Google Kubernetes Engine Benchmark Version 1.2 | Global | No | No | Yes | No |
CYBER-ESSENTIALS-V3-1 | Cyber Essentials: Requirements for IT Infrastructure v3.1 | United Kingdom | Yes | Yes | Yes | Yes |
GDPR | General Data Protection Regulation for European Union | European Union | Yes | Yes | Yes | No |
INDO-PDPA-27-2022 | Indonesian Personal Data Protection Act (Year 2022) | Indonesia | Yes | Yes | Yes | Yes |
ISO-27001 | International Organization for Standardization - Information Security Management System | Global | Yes | No | Yes | No |
ISO-27001-2022 | International Organization for Standardization - Information Security Management System (Year 2022) | Global | Yes | Yes | Yes | Yes |
KOREAN-ISMS-P | Korea Personal Information and Information Security Management System | South Korea | Yes | Yes | Yes | Yes |
MAS-CYBER-HYGIENE | Monetary Authority of Singapore - Cyber Hygiene | Singapore | Yes | Yes | No | No |
MAS-TRM | Monetary Authority of Singapore - Technology Risk Management (Year 2013) | Singapore | Yes | No | No | No |
MAS-TRM-2021 | Monetary Authority of Singapore - Technology Risk Management (Year 2021) | Singapore | Yes | Yes | Yes | No |
NIS-2-DIRECTIVE | NIS 2 Directive for European Union | European Union | Yes | Yes | Yes | Yes |
NIST-CSF-V1-1 | National Institute of Standards and Technology - Cybersecurity Framework Version 1.1 | Global | Yes | Yes | Yes | Yes |
NIST-CSF-V2 | National Institute of Standards and Technology - Cybersecurity Framework Version 2.0 | Global | Yes | Yes | Yes | Yes |
NIST-SP-800-53-R5 | National Institute of Standards and Technology - Special Publication 800-53 Revision 5 | Global | Yes | Yes | Yes | Yes |
PCI-DSS | Payment Card Industry Data Security Standard Version 3.2.1 | Global | Yes | No | Yes | No |
PCI-DSS-V4-0 | Payment Card Industry Data Security Standard Version 4.0 | Global | Yes | Yes | Yes | Yes |
POJK-11-2022 | Peraturan Otoritas Jasa Keuangan - Regulation Number 11 (Year 2022) | Indonesia | Yes | Yes | Yes | Yes |
POJK-38 | Peraturan Otoritas Jasa Keuangan - Regulation Number 38 (Year 2017) | Indonesia | Yes | No | Yes | No |
SEOJK-21 | Surat Edaran Otoritas Jasa Keuangan - Circular Letter Number 21 (Year 2017) | Indonesia | Yes | No | Yes | No |
SEOJK-29-2022 | Surat Edaran Otoritas Jasa Keuangan - Circular Letter Number 29 (Year 2022) | Indonesia | Yes | Yes | Yes | Yes |
SG-PDPA-26-2012 | Singapore Personal Data Protection Act (Year 2012) | Singapore | Yes | Yes | Yes | Yes |
SOC-2 | Systems and Organization Controls 2 | Global | Yes | Yes | Yes | No |
THAI-BOT-11-2561 | Bank of Thailand - Regulation Number 11 (Year 2561 in the Buddhist calendar) | Thailand | Yes | Yes | Yes | Yes |
THAI-OIC-2563-2020-LIFE | Office of the Insurance Commission of Thailand - Regulation Number 2563 (Year 2020) - Life Insurance | Thailand | Yes | Yes | Yes | Yes |
THAI-OIC-2563-2020-NON-LIFE | Office of the Insurance Commission of Thailand - Regulation Number 2563 (Year 2020) - Non-Life Insurance | Thailand | Yes | Yes | Yes | Yes |