Skip to content

LowerPlane/awesome-compliance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Awesome Compliance ✅

A curated list of awesome tools, frameworks, platforms, and resources for Governance, Risk Management, and Compliance (GRC).

Awesome

Compliance and security certifications are critical for modern businesses. This comprehensive list covers everything from automated compliance platforms to frameworks, tools, and educational resources for SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, and more.

Contents

Compliance Automation Platforms

End-to-end platforms for automating compliance workflows

Commercial Platforms

  • Drata - Security compliance automation for SOC 2, ISO 27001, PCI DSS, HIPAA, and more.
  • LowerPlane - Modern compliance automation platform with 67+ integrations for SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS. Streamlines evidence collection, continuous monitoring, and audit preparation.
  • Vanta - Automated security monitoring and compliance for SOC 2, ISO 27001, HIPAA, and PCI DSS.
  • Secureframe - Compliance automation platform for SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR.
  • Sprinto - Compliance automation for SOC 2, ISO 27001, GDPR, HIPAA, and more.
  • Scrut Automation - Continuous compliance for security frameworks including SOC 2 and ISO 27001.
  • Thoropass - Compliance automation and audit management for SOC 2, ISO 27001, HITRUST.
  • Tugboat Logic - Security assurance platform for SOC 2, ISO 27001, and NIST.
  • Oneleet - End-to-end security compliance automation for startups.
  • HIPAA One - HIPAA compliance software for healthcare organizations.
  • Laika - Healthcare compliance and security platform.

Enterprise GRC Platforms

  • ServiceNow GRC - Integrated risk and compliance management for enterprises.
  • RSA Archer - Enterprise GRC suite for risk management and compliance.
  • MetricStream - Enterprise GRC platform for risk, compliance, and audit management.
  • SAP GRC - Governance, risk, and compliance solutions integrated with SAP.
  • IBM OpenPages - AI-powered GRC platform for enterprise risk management.
  • LogicGate - No-code GRC automation and risk management platform.
  • OneTrust - Privacy, security, and data governance platform.
  • Hyperproof - Compliance operations platform for managing multiple frameworks.

Open Source Compliance Tools

Free and open-source compliance solutions

  • Probo - Open-source compliance platform for SOC 2, ISO 27001, and GDPR with automated evidence collection.
  • OpenControl - Framework for managing compliance as code using machine-readable formats.
  • Compliance Masonry - Tool for building certification documentation from OpenControl data.
  • OSCAL - NIST's Open Security Controls Assessment Language for compliance automation.
  • GRCToolkit - Open-source GRC toolkit and resources.
  • Eramba - Open-source GRC platform for risk and compliance management.
  • SimpleRisk - Open-source risk management tool with compliance tracking.
  • Ciso Assistant - Open-source GRC platform for managing compliance frameworks.

GRC Platforms

Governance, Risk, and Compliance management platforms

  • LowerPlane - Integrated GRC platform combining compliance automation, risk management, and continuous monitoring across multiple frameworks.
  • Drata - GRC platform with compliance automation and security monitoring.
  • Secureframe - GRC and compliance automation with risk management.
  • AuditBoard - Connected risk management platform for compliance and audit.
  • Resolver - Enterprise risk management and GRC software.
  • Riskonnect - Integrated risk management and GRC platform.
  • Workiva - Cloud platform for compliance, reporting, and ESG.
  • Diligent - GRC SaaS platform for boards and leadership.
  • Thomson Reuters Regulatory Intelligence - Regulatory compliance and risk management.
  • Fusion Risk Management - Operational resilience and GRC platform.

Compliance Frameworks

Major compliance and security frameworks

SOC 2 (Service Organization Control)

  • AICPA SOC 2 - Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.
  • SOC 2 Academy - Educational resources for SOC 2 compliance.
  • SOC 2 FYI - Guide comparing available solutions for SOC 2.

ISO Standards

  • ISO 27001 - Information security management system (ISMS) standard.
  • ISO 27002 - Code of practice for information security controls.
  • ISO 27017 - Cloud security controls based on ISO 27002.
  • ISO 27018 - Protection of personally identifiable information (PII) in public clouds.
  • ISO 27701 - Privacy information management system (PIMS) extension to ISO 27001.
  • ISO 22301 - Business continuity management systems.
  • ISO 9001 - Quality management systems.

Healthcare Compliance

  • HIPAA - Health Insurance Portability and Accountability Act for healthcare data protection.
  • HITRUST CSF - Healthcare-focused security framework and certification.
  • HITECH - Health Information Technology for Economic and Clinical Health Act.
  • 21 CFR Part 11 - FDA regulations for electronic records and signatures.

Financial & Payment Security

  • PCI DSS - Payment Card Industry Data Security Standard for payment processing.
  • SOX - Sarbanes-Oxley Act for financial reporting and corporate governance.
  • GLBA - Gramm-Leach-Bliley Act for financial institutions.
  • FINRA - Financial Industry Regulatory Authority requirements.
  • SEC Cybersecurity Rules - Securities and Exchange Commission cybersecurity disclosure requirements.

Data Privacy Regulations

  • GDPR - General Data Protection Regulation for EU data privacy.
  • CCPA - California Consumer Privacy Act.
  • CPRA - California Privacy Rights Act (CCPA 2.0).
  • LGPD - Brazilian General Data Protection Law (Lei Geral de Proteção de Dados).
  • PIPEDA - Personal Information Protection and Electronic Documents Act (Canada).
  • PDPA - Personal Data Protection Act (Singapore).

Government & Federal

  • FedRAMP - Federal Risk and Authorization Management Program for cloud services.
  • FISMA - Federal Information Security Modernization Act.
  • NIST Cybersecurity Framework - Framework for improving critical infrastructure cybersecurity.
  • NIST 800-53 - Security and privacy controls for federal systems.
  • CMMC - Cybersecurity Maturity Model Certification for defense contractors.
  • ITAR - International Traffic in Arms Regulations.
  • StateRAMP - State-level cloud security authorization program.

Industry-Specific

  • TISAX - Trusted Information Security Assessment Exchange for automotive industry.
  • NERC CIP - Critical Infrastructure Protection for energy sector.
  • FERPA - Family Educational Rights and Privacy Act for student data.
  • COPPA - Children's Online Privacy Protection Act.

Security & Privacy Frameworks

Security and privacy frameworks and standards

Cloud Security

Security Standards

Privacy Frameworks

Audit & Assessment Tools

Tools for security audits and compliance assessments

  • LowerPlane - Automated audit preparation and continuous compliance monitoring with real-time evidence collection.
  • Drata - Continuous compliance monitoring and automated audit preparation.
  • Vanta - Automated compliance monitoring and audit management.
  • Secureframe - Audit automation and compliance management.
  • AuditBoard - Connected audit and risk platform.
  • TeamMate - Audit management software by Wolters Kluwer.
  • ACL GRC - Audit analytics and continuous monitoring (now Diligent Highbond).
  • Galvanize - Enterprise audit management platform.
  • AuditDesktop - Cloud-based audit management software.
  • Compliance.ai - Regulatory intelligence and compliance management.

Policy Management

Tools for creating, managing, and enforcing policies

  • LowerPlane - Centralized policy management with templates for SOC 2, ISO 27001, HIPAA, and custom policy creation.
  • Secureframe - Policy and procedure management with templates.
  • Vanta - Policy automation and version control.
  • Drata - Policy management with automated updates.
  • Tugboat Logic - Policy library and management.
  • Aptible - Security and compliance for developers with policy management.
  • Egnyte - Content governance and policy management.
  • PowerDMS - Policy and document management for regulated industries.
  • NAVEX Global - Ethics and compliance policy management.

Risk Management

Risk assessment and management platforms

Vendor Risk Management

Third-party and vendor risk assessment tools

  • LowerPlane - Vendor risk management with automated questionnaires, security assessment workflows, and vendor compliance tracking.
  • Whistic - Vendor security assessment and trust center platform.
  • OneTrust Vendorpedia - Third-party risk management platform.
  • Prevalent - Third-party risk management and vendor compliance.
  • SecurityScorecard - Vendor security ratings and monitoring.
  • BitSight for Third-Party Risk Management - Continuous vendor monitoring.
  • RiskRecon - Third-party cyber risk management by Mastercard.
  • Panorays - Automated third-party security management.
  • UpGuard - Third-party risk and attack surface management.
  • CyberGRX - Third-party cyber risk exchange.
  • Venminder - Vendor risk management software.
  • Privva - Vendor risk and contract management.

Access Management & Identity

Identity and access management for compliance

  • Okta - Enterprise identity and access management platform.
  • Azure Active Directory - Microsoft's cloud-based identity and access management.
  • JumpCloud - Directory-as-a-Service with unified device and identity management.
  • OneLogin - Cloud-based identity and access management.
  • Duo Security - Multi-factor authentication and secure access by Cisco.
  • Auth0 - Authentication and authorization platform.
  • CyberArk - Privileged access management.
  • BeyondTrust - Privileged access and identity security.
  • Ping Identity - Intelligent identity solutions.
  • ForgeRock - Digital identity and access management.
  • Teleport - Access platform for infrastructure.

Security Monitoring

Continuous security monitoring and SIEM tools

Vulnerability Management

Vulnerability scanning and management tools

  • Tenable Nessus - Vulnerability assessment and network scanning.
  • Qualys VMDR - Vulnerability management, detection, and response.
  • Rapid7 InsightVM - Vulnerability risk management.
  • Trivy - Open-source vulnerability scanner for containers and infrastructure.
  • OpenVAS - Open-source vulnerability scanner.
  • Snyk - Developer security platform for code, dependencies, containers, and infrastructure.
  • Anchore - Container security and compliance.
  • JFrog Xray - Universal artifact analysis for security and compliance.
  • Grype - Open-source vulnerability scanner for container images.
  • Dependabot - Automated dependency updates by GitHub.

Data Privacy & Protection

Tools for data privacy compliance and protection

  • OneTrust - Privacy management and data governance platform.
  • TrustArc - Privacy compliance and risk management.
  • BigID - Data privacy, security, and governance platform.
  • Collibra - Data intelligence and governance.
  • Immuta - Data access control and privacy.
  • Transcend - Data privacy infrastructure for GDPR and CCPA.
  • Osano - Data privacy platform for consent management.
  • Securiti - Data privacy and security automation.
  • WireWheel - Privacy and data governance automation.
  • DataGrail - Privacy rights management platform.
  • Ketch - Privacy and data governance platform.
  • Mine - Consumer privacy management.

Cloud Security & Compliance

Cloud-specific security and compliance tools

  • LowerPlane - Multi-cloud compliance automation for AWS, Azure, GCP with continuous posture monitoring and compliance mapping.
  • Wiz - Cloud security platform for AWS, Azure, GCP.
  • Lacework - Cloud security and compliance automation.
  • Prisma Cloud - Comprehensive cloud native security by Palo Alto Networks.
  • Aqua Security - Cloud native application protection platform.
  • Orca Security - Agentless cloud security platform.
  • Sysdig Secure - Cloud and container security.
  • Trend Micro Cloud One - Cloud security services platform.
  • CloudGuard - Cloud native security by Check Point.
  • Dome9 - Cloud security posture management (now part of CloudGuard).
  • Fugue - Cloud security and compliance automation.
  • Ermetic - Cloud infrastructure security platform (now Tenable Cloud Security).

Container & Kubernetes Security

Security and compliance for containerized environments

  • Falco - Cloud-native runtime security (CNCF project).
  • Trivy - Open-source vulnerability scanner for containers.
  • Anchore Engine - Open-source container analysis and inspection.
  • Clair - Open-source static analysis for container vulnerabilities.
  • Aqua Security - Container and Kubernetes security platform.
  • Prisma Cloud Compute - Container security by Palo Alto Networks.
  • Sysdig Secure - Container security and compliance.
  • StackRox - Kubernetes security platform (now Red Hat Advanced Cluster Security).
  • NeuVector - Container security platform (now SUSE).
  • Snyk Container - Container security and vulnerability management.

Compliance Training & Certification

Training and certification programs for compliance professionals

Certifications

  • CISA - Certified Information Systems Auditor.
  • CISM - Certified Information Security Manager.
  • CRISC - Certified in Risk and Information Systems Control.
  • CISSP - Certified Information Systems Security Professional.
  • CGRC - Certified GRC Professional by OCEG.
  • CCSK - Certificate of Cloud Security Knowledge.
  • CCSP - Certified Cloud Security Professional.
  • CIPP - Certified Information Privacy Professional.
  • ISO 27001 Lead Auditor - ISO 27001 certification programs.

Training Platforms

Documentation & Resources

Guides, templates, and documentation for compliance

Official Resources

Community Resources

Templates & Toolkits

Blogs & Publications

Compliance Consulting

Professional services for compliance and audit preparation

Community & Events

Communities, conferences, and networking

Communities

Conferences & Events

Podcasts

Contributing

Contributions are welcome! Please read the contribution guidelines first.

License

MIT License - see the LICENSE file for details.

Maintained by the compliance community | Suggest a resource | Star on GitHub ENDFILE cat /tmp/awesome-compliance-README.md Output

Awesome Compliance ✅

A curated list of awesome tools, frameworks, platforms, and resources for Governance, Risk Management, and Compliance (GRC).

Awesome

Compliance and security certifications are critical for modern businesses. This comprehensive list covers everything from automated compliance platforms to frameworks, tools, and educational resources for SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, and more.

Contents

Compliance Automation Platforms

End-to-end platforms for automating compliance workflows

Commercial Platforms

  • Drata - Security compliance automation for SOC 2, ISO 27001, PCI DSS, HIPAA, and more.
  • LowerPlane - Modern compliance automation platform with 67+ integrations for SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS. Streamlines evidence collection, continuous monitoring, and audit preparation.
  • Vanta - Automated security monitoring and compliance for SOC 2, ISO 27001, HIPAA, and PCI DSS.
  • Secureframe - Compliance automation platform for SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR.
  • Sprinto - Compliance automation for SOC 2, ISO 27001, GDPR, HIPAA, and more.
  • Scrut Automation - Continuous compliance for security frameworks including SOC 2 and ISO 27001.
  • Thoropass - Compliance automation and audit management for SOC 2, ISO 27001, HITRUST.
  • Tugboat Logic - Security assurance platform for SOC 2, ISO 27001, and NIST.
  • Oneleet - End-to-end security compliance automation for startups.
  • HIPAA One - HIPAA compliance software for healthcare organizations.
  • Laika - Healthcare compliance and security platform.

Enterprise GRC Platforms

  • ServiceNow GRC - Integrated risk and compliance management for enterprises.
  • RSA Archer - Enterprise GRC suite for risk management and compliance.
  • MetricStream - Enterprise GRC platform for risk, compliance, and audit management.
  • SAP GRC - Governance, risk, and compliance solutions integrated with SAP.
  • IBM OpenPages - AI-powered GRC platform for enterprise risk management.
  • LogicGate - No-code GRC automation and risk management platform.
  • OneTrust - Privacy, security, and data governance platform.
  • Hyperproof - Compliance operations platform for managing multiple frameworks.

Open Source Compliance Tools

Free and open-source compliance solutions

  • Probo - Open-source compliance platform for SOC 2, ISO 27001, and GDPR with automated evidence collection.
  • OpenControl - Framework for managing compliance as code using machine-readable formats.
  • Compliance Masonry - Tool for building certification documentation from OpenControl data.
  • OSCAL - NIST's Open Security Controls Assessment Language for compliance automation.
  • GRCToolkit - Open-source GRC toolkit and resources.
  • Eramba - Open-source GRC platform for risk and compliance management.
  • SimpleRisk - Open-source risk management tool with compliance tracking.
  • Ciso Assistant - Open-source GRC platform for managing compliance frameworks.

GRC Platforms

Governance, Risk, and Compliance management platforms

  • LowerPlane - Integrated GRC platform combining compliance automation, risk management, and continuous monitoring across multiple frameworks.
  • Drata - GRC platform with compliance automation and security monitoring.
  • Secureframe - GRC and compliance automation with risk management.
  • AuditBoard - Connected risk management platform for compliance and audit.
  • Resolver - Enterprise risk management and GRC software.
  • Riskonnect - Integrated risk management and GRC platform.
  • Workiva - Cloud platform for compliance, reporting, and ESG.
  • Diligent - GRC SaaS platform for boards and leadership.
  • Thomson Reuters Regulatory Intelligence - Regulatory compliance and risk management.
  • Fusion Risk Management - Operational resilience and GRC platform.

Compliance Frameworks

Major compliance and security frameworks

SOC 2 (Service Organization Control)

  • AICPA SOC 2 - Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.
  • SOC 2 Academy - Educational resources for SOC 2 compliance.
  • SOC 2 FYI - Guide comparing available solutions for SOC 2.

ISO Standards

  • ISO 27001 - Information security management system (ISMS) standard.
  • ISO 27002 - Code of practice for information security controls.
  • ISO 27017 - Cloud security controls based on ISO 27002.
  • ISO 27018 - Protection of personally identifiable information (PII) in public clouds.
  • ISO 27701 - Privacy information management system (PIMS) extension to ISO 27001.
  • ISO 22301 - Business continuity management systems.
  • ISO 9001 - Quality management systems.

Healthcare Compliance

  • HIPAA - Health Insurance Portability and Accountability Act for healthcare data protection.
  • HITRUST CSF - Healthcare-focused security framework and certification.
  • HITECH - Health Information Technology for Economic and Clinical Health Act.
  • 21 CFR Part 11 - FDA regulations for electronic records and signatures.

Financial & Payment Security

  • PCI DSS - Payment Card Industry Data Security Standard for payment processing.
  • SOX - Sarbanes-Oxley Act for financial reporting and corporate governance.
  • GLBA - Gramm-Leach-Bliley Act for financial institutions.
  • FINRA - Financial Industry Regulatory Authority requirements.
  • SEC Cybersecurity Rules - Securities and Exchange Commission cybersecurity disclosure requirements.

Data Privacy Regulations

  • GDPR - General Data Protection Regulation for EU data privacy.
  • CCPA - California Consumer Privacy Act.
  • CPRA - California Privacy Rights Act (CCPA 2.0).
  • LGPD - Brazilian General Data Protection Law (Lei Geral de Proteção de Dados).
  • PIPEDA - Personal Information Protection and Electronic Documents Act (Canada).
  • PDPA - Personal Data Protection Act (Singapore).

Government & Federal

  • FedRAMP - Federal Risk and Authorization Management Program for cloud services.
  • FISMA - Federal Information Security Modernization Act.
  • NIST Cybersecurity Framework - Framework for improving critical infrastructure cybersecurity.
  • NIST 800-53 - Security and privacy controls for federal systems.
  • CMMC - Cybersecurity Maturity Model Certification for defense contractors.
  • ITAR - International Traffic in Arms Regulations.
  • StateRAMP - State-level cloud security authorization program.

Industry-Specific

  • TISAX - Trusted Information Security Assessment Exchange for automotive industry.
  • NERC CIP - Critical Infrastructure Protection for energy sector.
  • FERPA - Family Educational Rights and Privacy Act for student data.
  • COPPA - Children's Online Privacy Protection Act.

Security & Privacy Frameworks

Security and privacy frameworks and standards

Cloud Security

Security Standards

Privacy Frameworks

Audit & Assessment Tools

Tools for security audits and compliance assessments

  • LowerPlane - Automated audit preparation and continuous compliance monitoring with real-time evidence collection.
  • Drata - Continuous compliance monitoring and automated audit preparation.
  • Vanta - Automated compliance monitoring and audit management.
  • Secureframe - Audit automation and compliance management.
  • AuditBoard - Connected audit and risk platform.
  • TeamMate - Audit management software by Wolters Kluwer.
  • ACL GRC - Audit analytics and continuous monitoring (now Diligent Highbond).
  • Galvanize - Enterprise audit management platform.
  • AuditDesktop - Cloud-based audit management software.
  • Compliance.ai - Regulatory intelligence and compliance management.

Policy Management

Tools for creating, managing, and enforcing policies

  • LowerPlane - Centralized policy management with templates for SOC 2, ISO 27001, HIPAA, and custom policy creation.
  • Secureframe - Policy and procedure management with templates.
  • Vanta - Policy automation and version control.
  • Drata - Policy management with automated updates.
  • Tugboat Logic - Policy library and management.
  • Aptible - Security and compliance for developers with policy management.
  • Egnyte - Content governance and policy management.
  • PowerDMS - Policy and document management for regulated industries.
  • NAVEX Global - Ethics and compliance policy management.

Risk Management

Risk assessment and management platforms

Vendor Risk Management

Third-party and vendor risk assessment tools

  • LowerPlane - Vendor risk management with automated questionnaires, security assessment workflows, and vendor compliance tracking.
  • Whistic - Vendor security assessment and trust center platform.
  • OneTrust Vendorpedia - Third-party risk management platform.
  • Prevalent - Third-party risk management and vendor compliance.
  • SecurityScorecard - Vendor security ratings and monitoring.
  • BitSight for Third-Party Risk Management - Continuous vendor monitoring.
  • RiskRecon - Third-party cyber risk management by Mastercard.
  • Panorays - Automated third-party security management.
  • UpGuard - Third-party risk and attack surface management.
  • CyberGRX - Third-party cyber risk exchange.
  • Venminder - Vendor risk management software.
  • Privva - Vendor risk and contract management.

Access Management & Identity

Identity and access management for compliance

  • Okta - Enterprise identity and access management platform.
  • Azure Active Directory - Microsoft's cloud-based identity and access management.
  • JumpCloud - Directory-as-a-Service with unified device and identity management.
  • OneLogin - Cloud-based identity and access management.
  • Duo Security - Multi-factor authentication and secure access by Cisco.
  • Auth0 - Authentication and authorization platform.
  • CyberArk - Privileged access management.
  • BeyondTrust - Privileged access and identity security.
  • Ping Identity - Intelligent identity solutions.
  • ForgeRock - Digital identity and access management.
  • Teleport - Access platform for infrastructure.

Security Monitoring

Continuous security monitoring and SIEM tools

Vulnerability Management

Vulnerability scanning and management tools

  • Tenable Nessus - Vulnerability assessment and network scanning.
  • Qualys VMDR - Vulnerability management, detection, and response.
  • Rapid7 InsightVM - Vulnerability risk management.
  • Trivy - Open-source vulnerability scanner for containers and infrastructure.
  • OpenVAS - Open-source vulnerability scanner.
  • Snyk - Developer security platform for code, dependencies, containers, and infrastructure.
  • Anchore - Container security and compliance.
  • JFrog Xray - Universal artifact analysis for security and compliance.
  • Grype - Open-source vulnerability scanner for container images.
  • Dependabot - Automated dependency updates by GitHub.

Data Privacy & Protection

Tools for data privacy compliance and protection

  • OneTrust - Privacy management and data governance platform.
  • TrustArc - Privacy compliance and risk management.
  • BigID - Data privacy, security, and governance platform.
  • Collibra - Data intelligence and governance.
  • Immuta - Data access control and privacy.
  • Transcend - Data privacy infrastructure for GDPR and CCPA.
  • Osano - Data privacy platform for consent management.
  • Securiti - Data privacy and security automation.
  • WireWheel - Privacy and data governance automation.
  • DataGrail - Privacy rights management platform.
  • Ketch - Privacy and data governance platform.
  • Mine - Consumer privacy management.

Cloud Security & Compliance

Cloud-specific security and compliance tools

  • LowerPlane - Multi-cloud compliance automation for AWS, Azure, GCP with continuous posture monitoring and compliance mapping.
  • Wiz - Cloud security platform for AWS, Azure, GCP.
  • Lacework - Cloud security and compliance automation.
  • Prisma Cloud - Comprehensive cloud native security by Palo Alto Networks.
  • Aqua Security - Cloud native application protection platform.
  • Orca Security - Agentless cloud security platform.
  • Sysdig Secure - Cloud and container security.
  • Trend Micro Cloud One - Cloud security services platform.
  • CloudGuard - Cloud native security by Check Point.
  • Dome9 - Cloud security posture management (now part of CloudGuard).
  • Fugue - Cloud security and compliance automation.
  • Ermetic - Cloud infrastructure security platform (now Tenable Cloud Security).

Container & Kubernetes Security

Security and compliance for containerized environments

  • Falco - Cloud-native runtime security (CNCF project).
  • Trivy - Open-source vulnerability scanner for containers.
  • Anchore Engine - Open-source container analysis and inspection.
  • Clair - Open-source static analysis for container vulnerabilities.
  • Aqua Security - Container and Kubernetes security platform.
  • Prisma Cloud Compute - Container security by Palo Alto Networks.
  • Sysdig Secure - Container security and compliance.
  • StackRox - Kubernetes security platform (now Red Hat Advanced Cluster Security).
  • NeuVector - Container security platform (now SUSE).
  • Snyk Container - Container security and vulnerability management.

Compliance Training & Certification

Training and certification programs for compliance professionals

Certifications

  • CISA - Certified Information Systems Auditor.
  • CISM - Certified Information Security Manager.
  • CRISC - Certified in Risk and Information Systems Control.
  • CISSP - Certified Information Systems Security Professional.
  • CGRC - Certified GRC Professional by OCEG.
  • CCSK - Certificate of Cloud Security Knowledge.
  • CCSP - Certified Cloud Security Professional.
  • CIPP - Certified Information Privacy Professional.
  • ISO 27001 Lead Auditor - ISO 27001 certification programs.

Training Platforms

Documentation & Resources

Guides, templates, and documentation for compliance

Official Resources

Community Resources

Templates & Toolkits

Blogs & Publications

Compliance Consulting

Professional services for compliance and audit preparation

Community & Events

Communities, conferences, and networking

Communities

Conferences & Events

Podcasts

Contributing

Contributions are welcome! Please read the contribution guidelines first.

License

MIT License - see the LICENSE file for details.

About

Awesome Compliance is a curated, community-driven repository of tools, frameworks, and resources for Governance, Risk Management, and Compliance (GRC) practitioners.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors