Frameworks
Built for the frameworks our buyers are graded on.
Nine frameworks at launch. Crosswalks are generated by Atlas and embedded in every AAR — no one glues them in after the fact.
- NIST
NIST CSF 2.0
NIST Cybersecurity Framework 2.0
Identify-Protect-Detect-Respond-Recover-Govern outcomes.
- NIST
NIST 800-84
NIST SP 800-84
Guide to test, training, and exercise programs for IT plans.
- FEMA
FEMA HSEEP
FEMA Homeland Security Exercise & Evaluation Program
Standardized exercise design, conduct, evaluation, and improvement planning.
- CISA
CISA CTEPs
CISA Tabletop Exercise Packages
Pre-built TTX scenarios for critical infrastructure sectors.
- FBI CJIS
CJIS v6.0
CJIS Security Policy v6.0
Criminal-justice-system data protection requirements.
- HHS
HIPAA §164.308
HIPAA Security Rule §164.308
Administrative safeguards including contingency plan testing.
- FFIEC
FFIEC
FFIEC IT Examination Handbook
Information-security and BCM exam expectations for financial institutions.
- PCI SSC
PCI 12.10
PCI DSS 12.10
Incident response plan + annual testing requirement.
- DoD CMMC PMO
CMMC IR.L2
CMMC IR.L2-3.6.3
Test the incident response capability for the organization.
How we keep crosswalks current
The crosswalks update the day the framework updates.
When NIST 800-61 moves to r3, or CJIS to v6.1, or CSF adds a new subcategory, Atlas is re-pointed at the new source document and the crosswalks are regenerated. Your AAR template stays aligned with the version your auditor is about to reference.