Compliance coverage

The frameworks CertRadar produces evidence for

Every domain and TLS certificate your company owns becomes structured evidence, mapped to specific controls in 15 frameworks your auditor already knows.

AICPA (American Institute of

SOC 2

US SaaS companies selling to enterprises — the most common compliance ask for B2B software.

Map controls →

International Organization for Standardization

ISO 27001

Globally — any company selling internationally or serving regulated industries. The non-US equivalent of SOC 2.

Map controls →

US Department of Health

HIPAA

Any US organization that creates, receives, maintains, or transmits electronic protected health information (ePHI) — and their business associates.

Map controls →

PCI Security Standards Council

PCI DSS

Any merchant, service provider, or processor that stores, processes, or transmits cardholder data.

Map controls →

European Commission

GDPR

Any organization offering goods or services to EU data subjects, or monitoring their behavior — regardless of where the organization is headquartered.

Map controls →

US General Services Administration

FedRAMP

Cloud Service Providers (CSPs) offering services to US federal agencies.

Map controls →

HITRUST Alliance

HITRUST

Healthcare organizations and their vendors — especially those needing to cover HIPAA, HITECH, PCI, and state laws in one certification.

Map controls →

US National Institute of

NIST CSF

US critical-infrastructure operators and any organization adopting a risk-based cybersecurity program.

Map controls →

Center for Internet Security

CIS Controls

Organizations adopting a prioritized set of security best practices — often a stepping stone to formal compliance.

Map controls →

US Department of Defense

CMMC

Defense Industrial Base (DIB) contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).

Map controls →

European Union

NIS2

EU 'essential' and 'important' entities across energy, transport, banking, health, digital infrastructure, public administration, and more — including cloud providers and managed service providers.

Map controls →

European Union

DORA

EU financial entities — banks, insurers, investment firms, crypto-asset service providers — and their critical ICT third-party providers.

Map controls →

California Attorney General

CCPA

Businesses operating in California meeting revenue / data-volume thresholds.

Map controls →

International Organization for Standardization

ISO 27017

Cloud service providers and their customers seeking a cloud-specific security certification overlay to ISO 27001.

Map controls →

Australian Signals Directorate (ASD)

IRAP

Australian government agencies and their ICT suppliers seeking to align with the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).

Map controls →

One evidence pack, every framework your auditor asks about.

CertRadar indexes your complete domain and certificate inventory, then emits the specific artifacts each framework requires — with the control IDs your auditor quotes.

Join the waitlist