Skip to main content

Compliance Frameworks

Ayliea supports 13 active frameworks spanning traditional cybersecurity governance, AI-specific risk management, and emerging generative-AI standards. Each framework includes structured assessment questions, weighted scoring, and AI-powered remediation recommendations. Two additional frameworks are coming soon.

Available now

AI Security (AISS)

The open Ayliea AI Security Standard — 10 control domains, 56 sub-controls, published under CC-BY-4.0 and crosswalked to 9 reference frameworks.

AI Agent Security

Controls for AI agents acting with delegated authority — least-privilege tool grants, blast-radius limits, prompt-injection defenses, and audit trails.

CIS Controls v8.1

Enterprise security best practices across 18 control areas, mapping to widely-cited implementation tiers.

NIST SP 800-53

The comprehensive federal security control catalog covering 20 control families.

NIST CSF 2.0

Organized by the Govern, Identify, Protect, Detect, Respond, and Recover functions.

NIST AI RMF

NIST’s foundational risk-management framework for AI: Govern, Map, Measure, Manage.

NIST AI 600-1 (GAI Profile)

NIST’s Generative AI Profile addressing 12 GAI-specific risks layered on the AI RMF core.

ISO/IEC 42001

The international AI management system standard — governance, risk, lifecycle, and operations for AIMS.

OWASP LLM Top 10

The community-standard LLM application security risk catalog.

HIPAA

Security Rule controls for healthcare organizations handling electronic protected health information.

SOC 2

Trust Services Criteria for service organizations: security, availability, processing integrity, confidentiality, privacy.

Coming soon

ISO/IEC 27001:2022

Information security management system requirements. Coverage and crosswalks complete; final scoring tuning in progress.

PCI DSS v4.0

Payment card data protection. Coverage and crosswalks complete; final scoring tuning in progress.

How assessments work

  1. Select a framework — choose the standard relevant to your environment, whether that’s a traditional security framework, an AI-specific one, or a combination.
  2. Answer questions — each question maps to a specific control or sub-control with weighted scoring. Most questions are multiple-choice with maturity tiers; some are yes/no with evidence prompts.
  3. Review your score — see your overall posture grade (A through F) with category breakdown, weak spots highlighted, and per-control details surfaced.
  4. Follow recommendations — AI-powered remediation guidance prioritized by impact, with cited frameworks and clear next steps.
  5. Track progress — reassess over time to measure improvement and capture an audit trail.

Cross-framework mapping

Controls overlap across frameworks. Ayliea maps these relationships so a single assessment can estimate your readiness across multiple standards. For example, the AISS framework crosswalks to NIST CSF 2.0, ISO/IEC 27001:2022, NIST AI RMF, NIST AI 600-1, CIS Controls v8.1, EU AI Act, Colorado AI Act, OWASP LLM Top 10, and MITRE ATLAS — completing one AISS assessment surfaces partial coverage across all nine. The Glass-Box drilldown on every results page shows the exact framework references behind each question, so an auditor can verify any score against the cited source.

Free vs. paid access

The AI Security (AISS) framework is available on the free tier — any organization can run their first assessment without payment or sales contact. All other frameworks require a Pro plan or higher.