Skip to content
Compliance · kataloget

Alle frameworks, ærligt erklæret.

Vælg de regimer, dit repository skal svare på. Hvert af dem kører efter samme ærlige mønster: Watchdog dokumenterer den automatiserbare del, spærrer for det, den fangede som fejlende, og et navngivet menneske erklærer resten. Hvert kort viser den tredelte fordeling — værktøjsdokumenteret, evidens-assisteret og menneskelig attestering — før du slår noget til. For tilgængelighed (WCAG 2.2 / EN 301 549) driver vi det så langt, det ærligt kan komme: statiske tjek dokumenterer med værktøjer det, de kan, og for repositories med frameworket slået til tilføjer et sandboxet rendered-axe-gennemløb og LLM-rådgivning runtime-/assisteret evidens — så den menneskelige del er det minimum, standarden reelt kræver, at et menneske vurderer.

Selvvurdér ethvert framework på enhver plan. Signering & eksport af det manipulationssikre artefakt er en del af compliance-modulet. Vi måler; du erklærer. Vi certificerer aldrig.

Accessibility

2 frameworks

Web accessibility (WCAG 2.2 / EN 301 549)

Accessibility EU
2.2 · 55 controls

WCAG 2.2 AA accessibility for web & software — the conformance the EU Accessibility Act makes you self-declare.

Tool 14 Assisted 17 Human 24
Directive (EU) 2019/882 (EAA) · EN 301 549 · WCAG 2.2 Level AA · WCAG-EM 1.0

EN 301 549 accessibility for ICT (EAA / Web Accessibility Directive)

Accessibility EU
3.2.1 · 59 controls

The full EU ICT accessibility standard — WCAG 2.1 AA for the web clause (per v3.2.1), plus the non-web ICT clauses you declare.

Tool 14 Assisted 14 Human 31
EN 301 549 v3.2.1 (harmonised standard) · Directive (EU) 2016/2102 (Web Accessibility Directive) · Directive (EU) 2019/882 (European Accessibility Act) · WCAG 2.1 AA (clause 9)

Cybersecurity

3 frameworks

NIS2 cyber risk-management (Directive 2022/2555)

Cybersecurity EU
2022 · 17 controls

Cyber risk-management measures for essential & important entities — the technical slice of Article 21(2).

Tool 8 Assisted 5 Human 4
Directive (EU) 2022/2555 (NIS2) · Commission Implementing Regulation (EU) 2024/2690 · ENISA technical implementation guidance

Cyber Resilience Act — product cybersecurity (Regulation 2024/2847)

Cybersecurity EU Preview
2024 · 18 controls

Product cybersecurity for products with digital elements (EU CRA) — the repository-visible security properties are tool-evidenced; conformity is the manufacturer's.

Tool 5 Assisted 9 Human 4
Regulation (EU) 2024/2847 (Cyber Resilience Act) · Annex I Part I — essential cybersecurity requirements · Annex I Part II — vulnerability-handling requirements

ISO/IEC 27001 Annex A — readiness evidence (preparation tool, not certification)

Cybersecurity Global
2022 · 93 controls

A preparation/readiness tool for ISO/IEC 27001 Annex A:2022 — all 93 controls. Gather the technical evidence a scan produces toward certification; only the Technological theme (A.8) is tool-evidenced. Not a certificate.

Tool 4 Assisted 8 Human 81
ISO/IEC 27001:2022 Annex A — all 93 controls across the four themes · ISO/IEC 27002:2022 (implementation guidance — referenced, not reproduced) · A certification-readiness / preparation tool — never a substitute for accredited certification

Sector-specific

1 framework

DORA digital operational resilience (Regulation 2022/2554)

Sector-specific EU
2022 · 20 controls

ICT operational-resilience for EU financial entities — five pillars plus the RTS technical measures. Opt-in.

Tool 7 Assisted 3 Human 10
Regulation (EU) 2022/2554 (DORA) · Commission Delegated Regulation (EU) 2024/1774 (RTS — ICT risk-management framework) · DORA RTS/ITS — incident classification, register of information, TLPT

Supply-chain integrity

1 framework

SLSA supply-chain integrity (v1.2 Build & Source tracks)

Supply-chain integrity Global
1.2 · 22 controls

Tamper-resistant build & source integrity (SLSA v1.2) — provenance and source-control attestations across Build L1–L3 and Source L1–L4.

Tool 0 Assisted 3 Human 19
SLSA v1.2 — Supply-chain Levels for Software Artifacts (slsa.dev) · OpenSSF / Linux Foundation · Build track L1–L3 · Source track L1–L4

Application security

2 frameworks

SSDF secure software development (NIST SP 800-218)

Application security US
1.1 · 19 controls

Secure software development practices (NIST SP 800-218) — secure coding & vulnerability response are tool-evidenced; governance is attested.

Tool 5 Assisted 5 Human 9
NIST SP 800-218 v1.1 — Secure Software Development Framework · PO / PS / PW / RV practice groups · Underpins US secure-software attestation; maps onto EU CRA secure-development

OWASP ASVS application-security verification (v5.0.0)

Application security Global
5.0.0 · 345 controls

Application-security verification (OWASP ASVS v5.0.0, full 345-requirement set) — injection, crypto, transport, config, dependencies & logging are tool-evidenced; the rest is verified by testing.

Tool 47 Assisted 91 Human 207
OWASP Application Security Verification Standard (ASVS) v5.0.0 · 17 chapters (V1–V17) · verification levels L1–L3 · 345 requirements · Catalog built verbatim from OWASP's official machine-readable export

Privacy

1 framework

GDPR technical measures — Art. 32 & Art. 25 only (not GDPR compliance)

Privacy EU
2016 · 10 controls

The technical measures of GDPR Art. 32 & Art. 25 only (encryption, secrets, vulnerabilities, resilience) — not GDPR compliance.

Tool 3 Assisted 6 Human 1
Regulation (EU) 2016/679 (GDPR) Art. 32 — security of processing · Regulation (EU) 2016/679 (GDPR) Art. 25 — data protection by design & by default · Technical measures ONLY — excludes lawful basis, DSARs, DPIAs, breach notification, transfers

Slå til, hvad du har brug for.

Hvert framework er Automatisk / Til / Fra pr. repository · ærlighedsmodellen i dybden · priser