Compliance

NIST CSF 2.0 · hub6 frameworksACME Corp
See what to do about it →
  1. Stand
  2. Diagnose
  3. Act
  4. Prove
Step 2 · Diagnose
What's wrong — and what does it expose us to?

Assess once against the CSF hub; every framework inherits the result. Click a framework to open it, or a gap to see exactly what it exposes ACME to.

The Rosetta Stone

NIST CSF 2.0 · hub
NIST CSF hub PCI-DSS 68% HIPAA 59% GDPR 74% SOC 2 77% FedRAMP 52%
RISKTAPE
Assess once. Prove every framework.
ACME is evaluated against the CSF hub. One body of evidence — 3 open gaps and all — translates automatically into PCI, HIPAA, GDPR, SOC 2 and FedRAMP scores. No six separate audits.
NIST CSF 2.0
NIST CSF
Primary
81 B
106 of 120 subcategories covered
SOC 2 Type II
SOC 2
77 B
Access reviews 9 months overdue
GDPR
GDPR
74 C
3 data-mapping gaps open
PCI-DSS v4.0
PCI-DSS
68 C
MFA + segmentation evidence pending
HIPAA Security Rule
HIPAA
59 D
Unencrypted PHI — 5 safeguards unmet
FedRAMP Moderate
FedRAMP
52 D
Privileged-access MFA blocks ATO

The three gaps that drive the score

Plan the fixes →
critical
MFA not enforced for privileged cloud access

A single phished admin = card-data + PHI access. This is the control PCI and FedRAMP assessors test first.

PCI-DSSFedRAMPNIST CSF
Open →critical
Unencrypted patient data in a legacy datastore

A breach here is an automatic HIPAA + GDPR reportable event — penalties scale with revenue and record count.

HIPAAGDPRNIST CSF
Open →high
Quarterly access reviews are 9 months overdue

Stale access is the finding that fails a SOC 2 audit and undermines every other attestation you sign.

SOC 2PCI-DSSFedRAMP
Open →
Next
See what to do about it
Continue →