Aikido
Start for Free
No CC required
Learn
/
Compliance Frameworks Hub

Chapter 2: Major Compliance Frameworks Explained

Alright, you get why compliance matters (or at least why you can't ignore it). Now, let's cut through the alphabet soup of specific frameworks. SOC 2, ISO 27001, PCI DSS, GDPR, HIPAA, CMMC... the list goes on. They all sound intimidating, complex, and designed by people who've never written a line of code.

This chapter breaks down the big players. We'll give you the developer-focused lowdown on each one: what it actually requires (minus the consultant-speak), how it impacts your tech stack and workflow, common pitfalls to avoid, and what auditors really look for. No fluff, just the practical stuff you need to know to navigate these mandatory hoops without losing your sanity or derailing your roadmap.

Let's decode the most common frameworks you'll likely run into. But first, here’s a clean overview.

Table of contents:
SOC 2 Compliance
ISO 27001
ISO 27017 / 27018
NIST SP 800-53
NIST SSDF (SP 800-218)
OWASP ASVS
GDPR
NIS2 Directive
DORA
EU Cyber Resilience Act (CRA)
CMMC
PCI DSS
FedRAMP
HIPAA / HITECH
Essential Eight
Singapore CCoP (for CII)
Japan Cybersecurity Act & Related (APPI)

Table of contents

Chapter 1: Understanding Compliance Frameworks

What Are Compliance Frameworks and Why Do They Matter?
How Compliance Frameworks Affect DevSecOps Workflows
Common Elements Across Frameworks

Chapter 2: Major Compliance Frameworks Explained

SOC 2 Compliance
ISO 27001
ISO 27017 / 27018
NIST SP 800-53
NIST SSDF (SP 800-218)
OWASP ASVS
GDPR
NIS2 Directive
DORA
EU Cyber Resilience Act (CRA)
CMMC
PCI DSS
FedRAMP
HIPAA / HITECH
Essential Eight
Singapore CCoP (for CII)
Japan Cybersecurity Act & Related (APPI)

Chapter 3: Implementing Compliance in Development

Choosing the Right Frameworks for Your Organization
Building Compliant DevSecOps Pipelines
Training Development Teams for Compliance
Audit Preparation for Developers
Maintaining Compliance Long-Term
The End

Related blog posts

See all
See all
June 4, 2024
Compliance

SOC 2 certification: 5 things we learned

What we learned about SOC 2 during our audit. ISO 27001 vs. SOC 2, why Type 2 makes sense, and how SOC 2 certification is essential for US customers.

January 16, 2024
Compliance

NIS2: Who is affected?

Who does NIS2 apply to? Who does it affect? What are essential and important sectors and company size thresholds? Aikido's app has a NIS2 report feature.

December 5, 2023
Compliance

ISO 27001 certification: 8 things we learned

What we wished we'd known before starting the ISO 27001:2022 compliance process. Here are our tips for any SaaS company going for ISO 27001 certification.