Compliance

Lorika maps your security posture against 20+ compliance frameworks.

Supported frameworks

• NIST Cybersecurity Framework (CSF) 2.0
• NIST SP 800-53 Rev 5, SP 800-171 Rev 3
• CIS Controls v8.1, CIS Benchmarks Level 1
• ISO/IEC 27001:2022
• PCI DSS v4.0
• SOC 2 Type II
• HIPAA
• GDPR technical requirements
• DORA (Digital Operational Resilience Act)
• NIS2 Directive (EU 2022/2555)
• Australian Essential Eight
• CMMC v2.0 Level 1
• UK Cyber Essentials 3.1
• Singapore CSA Cyber Essentials
• НБУ Постанови №143, №95
• Наказ Держспецзв'язку №75
• ДСТУ 75

How scoring works

For each control:

1. Maps to one or more security checks
2. Aggregates check results across devices
3. Control status: pass / fail / warning / not_applicable / unknown

Overall % = average pass % across assessed controls (ignores unknown/not_applicable).

Manual attestation

Some controls are procedural (e.g. "document incident response plan"). These have no automated check.

For such controls:

1. Mark as "Manual review" in UI
2. Admin attests with optional notes
3. Attestation has TTL (default 90 days)
4. System reminds when attestation expires

Custom profiles

Create custom compliance profiles:

• Pick a base framework
• Mark controls applicable/not-applicable
• Add notes per control

Useful when only part of a framework applies to your scope.