Compliance & Frameworks

2026 Industry Compliance & Regulatory Frameworks

AdVran maintains compliance expertise across every major regulatory framework. We don't just help you pass audits—we operationalize compliance as a continuous part of your IT and security management.

Aerospace & Defense

4
CMMC

CMMC 2.0 (Level 2/3)

Cybersecurity Maturity Model Certification

Mandatory for DoD contractors handling CUI. Level 2 requires alignment with all 110 NIST 800-171 controls.

Learn more
DFARS

DFARS 252.204-7012

Defense Federal Acquisition Regulation Supplement

DoD contract clause requiring adequate security for covered defense information and cyber incident reporting within 72 hours.

Learn more
ITAR

ITAR / EAR Export Controls

International Traffic in Arms Regulations

Export controls requiring strict data residency and US-person access restrictions for defense articles and services.

Learn more
NIST 800-171

NIST SP 800-171

Protecting Controlled Unclassified Information in Nonfederal Systems

The underlying technical requirement for protecting non-federal systems handling CUI—110 security controls across 14 families.

Learn more

Financial Services

6
EU DORA

EU DORA

Digital Operational Resilience Act

EU regulation establishing digital resilience standards for financial entities and their ICT service providers.

Learn more
FFIEC

FFIEC IT Examination Handbook

Federal Financial Institutions Examination Council

Interagency guidance for IT examination of financial institutions covering information security, business continuity, and outsourcing.

Learn more
GLBA

GLBA (Gramm-Leach-Bliley Act)

Gramm-Leach-Bliley Act

Requires financial institutions to safeguard consumer data, provide transparency, and implement comprehensive information security programs.

Learn more
PCI-DSS

PCI DSS 4.0.1

Payment Card Industry Data Security Standard

Global standard for credit card data security; mandates automated log reviews, MFA, and strict network segmentation.

Learn more
SEC

SEC / FINRA Regulations

Securities and Exchange Commission / FINRA Rules

Focus on data retention, electronic communication archiving, and the WORM (Write Once, Read Many) storage requirements for broker-dealers.

Learn more
SOX

SOX (Sarbanes-Oxley Act)

Sarbanes-Oxley Act

Requires public companies to maintain internal controls over financial reporting, with IT controls playing a critical role in audit compliance.

Learn more

Healthcare & Life Sciences

3
FDA 21 CFR Part 11

21 CFR Part 11

FDA Electronic Records and Electronic Signatures

FDA requirement for electronic records and signatures in clinical trials, R&D, and pharmaceutical manufacturing environments.

Learn more
HIPAA

HIPAA Security & Privacy Rules

Health Insurance Portability and Accountability Act

The baseline for Protected Health Information (PHI) privacy and security in healthcare organizations.

Learn more
HITECH

HITECH Act

Health Information Technology for Economic and Clinical Health Act

Mandates strict breach notifications, increases penalties for HIPAA non-compliance, and extends requirements to business associates.

Learn more

Public Sector

6
CJIS

CJIS Security Policy

Criminal Justice Information Services Security Policy

Strict data security standards for organizations handling law enforcement and criminal justice information.

Learn more
FedRAMP

FedRAMP / StateRAMP

Federal Risk and Authorization Management Program

Security authorizations for cloud service providers selling to federal and state government agencies.

Learn more
FIPS 140-2

FIPS 140-2/3

Federal Information Processing Standard 140-2

NIST standard specifying security requirements for cryptographic modules used to protect sensitive information.

Learn more
FISMA

FISMA

Federal Information Security Modernization Act

Federal framework requiring agencies and contractors to develop, document, and implement agency-wide information security programs.

Learn more
NIST 800-53

NIST SP 800-53

Security and Privacy Controls for Information Systems and Organizations

Comprehensive catalog of security and privacy controls for federal systems and organizations, the foundation for FedRAMP and FISMA.

Learn more
StateRAMP

StateRAMP

State Risk and Authorization Management Program

Security authorization framework for cloud service providers serving state and local government agencies.

Learn more

Manufacturing & Automotive

4
IEC 62443

ISA/IEC 62443

Industrial Automation and Control Systems Security

The primary standard for securing Industrial Control Systems (ICS) and operational technology environments.

Learn more
NIST CSF

NIST Cybersecurity Framework 2.0

NIST Cybersecurity Framework

Widely adopted security maturity framework organized around Identify, Protect, Detect, Respond, Recover, and Govern functions.

Learn more
TISAX

TISAX

Trusted Information Security Assessment Exchange

Automotive industry information security assessment based on ISO 27001, required by major OEMs for supply chain partners.

Learn more
UNECE WP.29

UNECE WP.29

UN Regulation on Cybersecurity and Software Updates

International regulation requiring automotive manufacturers to implement cybersecurity management systems for vehicle type approval.

Learn more

Education

4
CIPA

CIPA

Children's Internet Protection Act

Requires schools and libraries receiving E-Rate funding to implement internet safety policies and content filtering.

Learn more
COPPA

COPPA

Children's Online Privacy Protection Act

Restricts data collection on minors under 13, critical for K-12 EdTech providers and school districts.

Learn more
FERPA

FERPA

Family Educational Rights and Privacy Act

Protects the privacy of student educational records at institutions receiving federal funding.

Learn more
StateEd Standards

State Education Standards

State Education Data Privacy Standards

State-specific data privacy regulations for educational institutions, varying by jurisdiction but generally extending FERPA protections.

Learn more

Energy & Utilities

3
API Standards

API Cybersecurity Standards

American Petroleum Institute Cybersecurity Standards

Industry standards for cybersecurity in petroleum and natural gas operations, including API 1164 for pipeline SCADA security.

Learn more
NERC CIP

NERC CIP Standards

North American Electric Reliability Corporation Critical Infrastructure Protection

Mandatory security standards for the North American bulk power system, enforced with significant financial penalties.

Learn more
TSA Pipeline Security

TSA Pipeline Security Directives

Transportation Security Administration Pipeline Security Directives

Required cyber incident reporting and audit readiness for oil and gas pipeline operators.

Learn more

Cross-Industry

6
CPNI Rules

CPNI Protection Rules

Customer Proprietary Network Information Rules

FCC rules protecting customer calling records, service usage data, and billing information held by telecommunications carriers.

Learn more
FCC Regulations

FCC Cybersecurity Regulations

Federal Communications Commission Cybersecurity Requirements

FCC regulations requiring telecommunications providers to protect network infrastructure and customer data.

Learn more
GDPR

GDPR / CCPA / CPRA

General Data Protection Regulation / California Consumer Privacy Act

Comprehensive data privacy laws for consumer protection, requiring data minimization, consent management, and breach notification.

Learn more
ISO 27001

ISO/IEC 27001:2022

Information Security Management Systems

Global standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Learn more
SOC 2

SOC 2 Type II

System and Organization Controls 2

Independent audit proving operational and security excellence across trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

Learn more
State Charity Regulations

State Charity Regulations

State Charitable Organization Data Protection Regulations

State-level regulations governing data protection and security requirements for charitable organizations and nonprofits.

Learn more