PCI-DSS 4.0
Payment Card Industry Data Security Standard v4.0. Mandatory for any organisation that stores, processes or transmits cardholder data.
22 controls · 66 mapped findings
Compliance Hardening Guide
Concrete, copy-paste configurations for every web-scannable compliance control across PCI-DSS 4.0, ISO 27001:2022, SOC 2, NIS 2, GDPR and ANSSI public guides. Each control page lists the UnveilScan findings that map to it, the effort to remediate, and the risk if left unfixed.
ISO 27001:2022
International standard for information security management. Annex A lists the controls auditors check against during certification.
18 controls · 122 mapped findings
SOC 2
Trust Services Criteria audit framework operated by AICPA. Required by most SaaS B2B procurement processes.
6 controls · 6 mapped findings
NIS 2
EU Directive 2022/2555 — Network and Information Systems Directive 2. Mandatory for essential and important entities operating in the EU (deadline October 2024).
9 controls · 48 mapped findings
GDPR
EU Regulation 2016/679 — General Data Protection Regulation. Article 32 (security of processing) is the primary trigger for web-scan-detectable controls.
10 controls · 22 mapped findings
ANSSI
French national cybersecurity agency (Agence nationale de la sécurité des systèmes d'information) public guides — Hygiène, Reco-TLS v1.2, Reco-WebSec, Reco-DNS, Reco-Messagerie.
49 controls · 62 mapped findings
This guide is informational and reflects the UnveilScan scanner's automated control mappings. Full compliance certification requires additional process evidence outside the scope of any automated scan.