Compliance

One platform. Evidence for every framework you answer to.

Frameworks differ in language but converge on substance: know your software, manage its vulnerabilities, and prove both. Each guide below maps a framework's software expectations to the evidence SecuNexa and BOMNexa generate. None of it is legal advice; all of it is technically real.

European Union
EU Cyber Resilience Act (CRA)
Security and SBOM obligations for products with digital elements sold in the EU.
Read the guide
European Union
NIS2 Directive
Cybersecurity risk-management duties for essential and important entities across the EU.
Read the guide
European Union · financial sector
DORA
ICT risk management and resilience regulation for EU financial entities, already in application.
Read the guide
United States · medical devices
FDA premarket cybersecurity
Cybersecurity requirements for medical device submissions, including SBOMs and vulnerability plans.
Read the guide
United States · federal ecosystem
NIST SSDF (SP 800-218)
The secure software development framework behind US federal software supply-chain expectations.
Read the guide
United States · reference standard
NTIA minimum elements for SBOM
The baseline definition of what a real SBOM must contain.
Read the guide
Global · payment card industry
PCI DSS 4.x
Security requirements for everyone who stores, processes, or transmits cardholder data.
Read the guide
Global
ISO/IEC 27001
The international standard for information security management systems.
Read the guide
Global · service organizations
SOC 2
The attestation your customers ask for before trusting you with their data.
Read the guide
United States · healthcare
HIPAA Security Rule
Safeguards for electronic protected health information, including risk analysis and technical controls.
Read the guide
United States · national security, global direction
CNSA 2.0 and PQC timelines
The post-quantum migration timeline that will cascade into every regulated sector.
Read the guide
India · capital markets
SEBI CSCRF
SEBI’s cybersecurity and cyber resilience framework for regulated entities in Indian capital markets.
Read the guide
India
CERT-In directions and BOM guidelines
India’s national CERT requirements, including technical guidelines on SBOM and related BOMs.
Read the guide
India · banking and finance
RBI cybersecurity frameworks
The Reserve Bank of India’s cybersecurity expectations for banks and regulated financial entities.
Read the guide
Germany
BSI TR-03183
The German federal technical requirements for SBOM content and format.
Read the guide

Covering 15 frameworks across 5 jurisdictions and sectors. Need one we have not written up yet? Tell us and we will map it.