Control Frameworks
Veri-Guard assesses your Microsoft 365 tenant against 582 security controls sourced from 14 independent frameworks across 8 domains.
582
Total Controls
361
Auto-Remediable
8
Assessment Domains
Framework Visual Guide
View all 14 frameworks with color-coded badges, score grids, and comparison cards
619 controls
177 controls
44 controls
How framework mapping works: Each security control in the Veri-Guard registry is sourced from one primary detection framework (e.g., CISA, CIS, EIDSCA) and cross-referenced to compliance standards (NIST 800-53, NIST CSF, ISO 27001, SOC 2, HIPAA, GDPR). Every cross-framework mapping is sourced from authoritative public data — official NIST crosswalks, CISA CSVs, and AICPA mappings. A single control may satisfy requirements from multiple frameworks simultaneously.
This multi-framework approach means one assessment run provides compliance evidence across all twelve mapped standards — no need to run separate audits for each framework.
Framework Sources
U.S. federal security baselines for Microsoft 365, developed by CISA as part of the Secure Cloud Business Applications (SCuBA) project.
Industry-consensus security configuration benchmarks from the Center for Internet Security.
Microsoft Entra ID security configuration checks maintained by the identity security community with Microsoft endorsement.
U.S. federal security and privacy controls catalog. Includes both NIST-prefixed detection controls and cross-framework tags on all controls.
Community-maintained Pester tests for Microsoft 365 security, contributed by the open-source Maester project.
Community-developed checks for Defender for Office 365 configuration, originally created by Cam Murray.
Recommended controls developed by Veri-Tech to fill compliance and operational hygiene gaps not addressed by other frameworks.
Risk-based cybersecurity framework organized by Identify, Protect, Detect, Respond, and Recover functions. Mapped via official NIST CSF-to-800-53 crosswalk.
International information security management standard with 93 Annex A controls. Mapped via the official NIST OLIR 800-53-to-ISO 27001 crosswalk.
AICPA Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. Mapped via the official AICPA TSC-to-NIST 800-53 crosswalk.
GDPR-supportive controls mapped via the ISO 27001 Annex A to GDPR article bridge (ISO 27701).
HHS-published voluntary cybersecurity practices for the healthcare sector under §405(d) of the Cybersecurity Act of 2015. Implementation can support HITECH safe-harbor benefit (PL 116-321). Mapped from HICP Technical Volumes 1 and 2 sub-practices to M365-observable controls.
Veri-Tech curated readiness lens. Grades a tenant against the data-protection prerequisites Microsoft documents in the Copilot setup guide and the Secure and Governed Data Foundation deployment blueprint. Subset of existing Veri-Guard controls plus Copilot-specific items.
U.S. healthcare security standard (45 CFR 164 Subpart C) protecting electronic Protected Health Information. Assessed via the dedicated HIPAA scanner.