Standards

Last updated: Apr 23, 2026

---

Supported

Fluid Attacks supports the following security standards across security testing and compliance operations:

Correlation

Standards available in the platform's Compliance section to monitor your organization's security posture, with requirements mapped to AppSec findings in the compliance database:

• Agile Alliance: Requirements are supported as a correlation framework for AppSec findings.
• BSIMM14: Requirements are supported as a correlation framework for AppSec findings.
• BIZEC APP/11 V2.0 (2012): Requirements are supported as a correlation framework for AppSec findings.
• BSA Framework for Secure Software v1.1 (2020): Requirements are supported as a correlation framework for AppSec findings.
• CAPEC™ List v3.9: Requirements are supported as a correlation framework for AppSec findings.
• CASA: Requirements are supported as a correlation framework for AppSec findings.
• C2M2 v2.1: Requirements are supported as a correlation framework for AppSec findings.
• CCPA of 2018: Requirements are supported as a correlation framework for AppSec findings.
• SEI CERT® C Coding Standard 2016 Edition: Requirements are supported as a correlation framework for AppSec findings.
• SEI CERT® Oracle® Secure Coding Standard for Java™ (2011): Requirements are supported as a correlation framework for AppSec findings.
• CIS Controls v8: Requirements are supported as a correlation framework for AppSec findings.
• CMMC 2.0: Requirements are supported as a correlation framework for AppSec findings.
• CPRA of 2018 v2: Requirements are supported as a correlation framework for AppSec findings.
• CWE™ List v4.13: Requirements are supported as a correlation framework for AppSec findings.
• CWE Top 25 (2023): Requirements are supported as a correlation framework for AppSec findings.
• ePrivacy Directive 2002/58/EC: Requirements are supported as a correlation framework for AppSec findings.
• FACTA of 2003: Requirements are supported as a correlation framework for AppSec findings.
• FCRA (September 2018): Requirements are supported as a correlation framework for AppSec findings.
• FedRAMP: Requirements are supported as a correlation framework for AppSec findings.
• FERPA (amended July 6, 2000): Requirements are supported as a correlation framework for AppSec findings.
• FISMA (via NIST SP 800-53 Rev. 5): Requirements are supported as a correlation framework for AppSec findings.
• GLBA: Requirements are supported as a correlation framework for AppSec findings.
• HIPAA (2013 Rules Update): Requirements are supported as a correlation framework for AppSec findings.
• HITRUST CSF v9.6.0: Requirements are supported as a correlation framework for AppSec findings.
• IEC 62443-3-3 ed. 1.0 (2013): Requirements are supported as a correlation framework for AppSec findings.
• ISO/IEC 27002:2022: Requirements are supported as a correlation framework for AppSec findings.
• ISSAF 0.2.1B: Requirements are supported as a correlation framework for AppSec findings.
• LGPD: Requirements are supported as a correlation framework for AppSec findings.
• MITRE ATT&CK®: Requirements are supported as a correlation framework for AppSec findings.
• MISRA-C:2004: Requirements are supported as a correlation framework for AppSec findings.
• MVSP: Requirements are supported as a correlation framework for AppSec findings.
• NERC CIP v5: Requirements are supported as a correlation framework for AppSec findings.
• NIST SP 800-53 Rev. 5: Requirements are supported as a correlation framework for AppSec findings.
• NIST SP 800-63B: Requirements are supported as a correlation framework for AppSec findings.
• NIST SP 800-115 (September 2008): Requirements are supported as a correlation framework for AppSec findings.
• NIST SP 800-171 Rev. 2: Requirements are supported as a correlation framework for AppSec findings.
• NIST CSF v2.0: Requirements are supported as a correlation framework for AppSec findings.
• NIST SSDF v1.1: Requirements are supported as a correlation framework for AppSec findings.
• NYDFS Cybersecurity Regulation (23 NYCRR 500), February 2017: Requirements are supported as a correlation framework for AppSec findings.
• New York SHIELD Act: Requirements are supported as a correlation framework for AppSec findings.
• OSSTMM 3.0: Requirements are supported as a correlation framework for AppSec findings.
• OWASP API Security Top 10 (2023): Requirements are supported as a correlation framework for AppSec findings.
• OWASP ASVS v4.0.3: Requirements are supported as a correlation framework for AppSec findings.
• OWASP MASVS v2.0: Requirements are supported as a correlation framework for AppSec findings.
• OWASP Mobile Top 10 (2016): Requirements are supported as a correlation framework for AppSec findings.
• OWASP SAMM v1.0: Requirements are supported as a correlation framework for AppSec findings.
• OWASP Secure Coding Practices v2.0.1: Requirements are supported as a correlation framework for AppSec findings.
• OWASP Top 10:2021: Requirements are supported as a correlation framework for AppSec findings.
• OWASP Top 10 for LLM Applications: Requirements are supported as a correlation framework for AppSec findings.
• OWASP Top 10 Privacy Risks v2.0: Requirements are supported as a correlation framework for AppSec findings.
• PA-DSS v3.0: Requirements are supported as a correlation framework for AppSec findings.
• PDPA (2020): Requirements are supported as a correlation framework for AppSec findings.
• PDPO (2021 update): Requirements are supported as a correlation framework for AppSec findings.
• POPIA (2021): Requirements are supported as a correlation framework for AppSec findings.
• PTES v1.1 (2014): Requirements are supported as a correlation framework for AppSec findings.
• Resolution SB-2021-2126: Requirements are supported as a correlation framework for AppSec findings.
• CWE/SANS Top 25 (2020): Requirements are supported as a correlation framework for AppSec findings.
• SIG Core (2019): Requirements are supported as a correlation framework for AppSec findings.
• SIG Lite (2019): Requirements are supported as a correlation framework for AppSec findings.
• SWIFT CSCF v2024: Requirements are supported as a correlation framework for AppSec findings.
• WASC Threat Classification v2.0: Requirements are supported as a correlation framework for AppSec findings.
• WASSEC v1.0: Requirements are supported as a correlation framework for AppSec findings.

Others

Standards that Fluid Attacks holds certifications for or applies across its services and processes, some also mapped to AppSec findings in the compliance database.

• CREST Penetration Testing: Fluid Attacks holds a CREST Penetration Testing accreditation.
• CVE: Used as the primary identifier for known vulnerabilities in platform findings.
• CVSS v4.0: Used to score vulnerability severity in platform findings, with support up to version 4.0.
• CycloneDX: Generated by the platform as SBOM exports in JSON and XML formats.
• EPSS: Daily exploit prediction scores from FIRST are integrated to enhance vulnerability prioritization.
• GDPR, Regulation (EU) 2016/679: Fluid Attacks holds a GDPR alignment document, with privacy controls implemented across compliance policies. Additionally, GDPR - OJ L 119, 4.5.2016 requirements are supported as a correlation framework for AppSec findings.
• ISO/IEC 27001:2022: Fluid Attacks holds an ISO/IEC 27001:2022 certificate, with controls implemented across compliance policies. Additionally, ISO/IEC 27001:2022 Annex A requirements are supported as a correlation framework for AppSec findings.
• ISO/IEC 27017:2015: Fluid Attacks holds an ISO/IEC 27017:2015 certificate, with controls implemented across compliance policies.
• ISO/IEC 27018:2019: Fluid Attacks holds an ISO/IEC 27018:2019 certificate, with privacy controls implemented across compliance policies.
• ISO/IEC 27701:2019: Fluid Attacks holds an ISO/IEC 27701:2019 certificate, with privacy controls implemented across compliance policies.
• KEV: CISA's catalog of actively exploited vulnerabilities is integrated to prioritize high-risk findings.
• OAuth 2.0: Used as the authorization framework for platform authentication.
• PCI DSS v4.0.1: Fluid Attacks holds a PCI DSS v4.0.1 Attestation of Compliance. Additionally, PCI DSS v4.0 requirements are supported as a correlation framework for AppSec findings.
• SARIF v2.1.0: Generated by the CLI in scanner outputs and GitHub Actions integrations; accepted as input for third-party tool findings via platform upload.
• SOC 2®: Fluid Attacks holds a SOC 2® Type II report, with controls implemented across compliance policies. Additionally, SOC 2® Trust Services Criteria requirements are supported as a correlation framework for AppSec findings.
• SOC 3: Fluid Attacks holds a SOC 3 report.
• SPDX: Generated by the platform as SBOM exports in JSON and XML formats.

Unsupported

Currently, Fluid Attacks has not mapped security requirements to these standards:

• 21 CFR
• APRA PPG 234
• AWS Foundational Technical Review (FTR)
• Catalog of Problematic Data Actions and Problems (PDAP)
• Cloud Controls Matrix (CCM)
• Cloud Security Alliance (CSA)
• DCID 6/3
• Digital Operational Resilience Act (DORA)
• DISA STIG
• DoD Instruction 8500.1
• DoD Instruction 8550.1
• Enduring Security Framework (ESF)
• European Directive 1995/46/EC (DPD)
• European Directive 2002/58/EC (e-PD)
• European Directive 2022/2555 (NIS2)
• European Regulation 2019/881 (Cybersecurity Act)
• European Regulation 2024/1689 (AI Act)
• European Regulation 2024/2847 (CRA)
• FFIEC
• FIPPA
• FS-ISAC
• Japan's Personal Information Protection Act
• Massachusetts 201 CMR 17.00
• Microsoft SSPA
• MITS
• NIST IR 8397
• NIST SP 800-108 Rev. 1
• NIST SP 800-161 Rev. 1
• NIST SP 800-163 Rev. 1
• OCC
• OWASP Web Security Testing Guide
• PCI
• PIPED Act
• Privacy Act of 1974
• Safe Harbor
• Secure Supply Chain Consumption Framework (S2C2F)
• SOX
• SOX ITGC
• TISAX
• Transparency & Consent Framework (TCF)
• TCPA
• TSS-WEB