Frameworks, Controls, and Control Correlation Identifiers (CCI)

A Cyber Compliance Framework is structured set of guidelines, standards, and best practices that organizations use to manage cyber risks, protect sensitive data, and meet regulatory obligations. It provides a roadmap for organizations to identify, assess, and mitigate threats by implementing security policies, controls, and procedures, thereby strengthening their overall security posture and fostering trust with stakeholders.

OpenRMF^® Professional has always included NIST 800-53 based control frameworks used for frameworks such as RMF, FedRAMP and StateRamp/GovRAMP. With version 2.13 onward, this framework expands to include additional frameworks. These can include CMMC, CSF, HITRUST, IEC 62443, ISO 27001 and others. It can also included any custom framework and framework levels (if any), mapped to current or custom controls, and include current or custom CCIs as well.

The same model of automated scans, statements, inheritance, compliance engine, automated POAM and more still work. They are just mapped to different frameworks.

See the information and links below on how to setup and use additional frameworks in this solution.

Frameworks and Framework Levels

To understand and use frameworks and framework levels in OpenRMF^® Professional go to the main Framework Help Area.

Control Families

To understand and use control families and control family sections in OpenRMF^® Professional go to the main Control Family Help Area.

Controls

To understand and use controls in OpenRMF^® Professional go to the main Control Help Area.

Control Correlation Identifiers (CCI)

To understand and use CCIs in OpenRMF^® Professional go to the main CCI Help Area.