Compliance Frameworks
Ayliea supports 13 active frameworks spanning traditional cybersecurity governance, AI-specific risk management, and emerging generative-AI standards. Each framework includes structured assessment questions, weighted scoring, and AI-powered remediation recommendations. Two additional frameworks are coming soon.Available now
AI Security (AISS)
The open Ayliea AI Security Standard — 10 control domains, 56 sub-controls, published under CC-BY-4.0 and crosswalked to 9 reference frameworks.
AI Agent Security
Controls for AI agents acting with delegated authority — least-privilege tool grants, blast-radius limits, prompt-injection defenses, and audit trails.
CIS Controls v8.1
Enterprise security best practices across 18 control areas, mapping to widely-cited implementation tiers.
NIST SP 800-53
The comprehensive federal security control catalog covering 20 control families.
NIST CSF 2.0
Organized by the Govern, Identify, Protect, Detect, Respond, and Recover functions.
NIST AI RMF
NIST’s foundational risk-management framework for AI: Govern, Map, Measure, Manage.
NIST AI 600-1 (GAI Profile)
NIST’s Generative AI Profile addressing 12 GAI-specific risks layered on the AI RMF core.
ISO/IEC 42001
The international AI management system standard — governance, risk, lifecycle, and operations for AIMS.
OWASP LLM Top 10
The community-standard LLM application security risk catalog.
HIPAA
Security Rule controls for healthcare organizations handling electronic protected health information.
SOC 2
Trust Services Criteria for service organizations: security, availability, processing integrity, confidentiality, privacy.
Coming soon
ISO/IEC 27001:2022
Information security management system requirements. Coverage and crosswalks complete; final scoring tuning in progress.
PCI DSS v4.0
Payment card data protection. Coverage and crosswalks complete; final scoring tuning in progress.
How assessments work
- Select a framework — choose the standard relevant to your environment, whether that’s a traditional security framework, an AI-specific one, or a combination.
- Answer questions — each question maps to a specific control or sub-control with weighted scoring. Most questions are multiple-choice with maturity tiers; some are yes/no with evidence prompts.
- Review your score — see your overall posture grade (A through F) with category breakdown, weak spots highlighted, and per-control details surfaced.
- Follow recommendations — AI-powered remediation guidance prioritized by impact, with cited frameworks and clear next steps.
- Track progress — reassess over time to measure improvement and capture an audit trail.

