> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ayliea.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance Frameworks

> Assess your security and AI governance posture across 13 active frameworks — from CIS Controls and NIST 800-53 to NIST AI RMF and OWASP LLM Top 10.

# Compliance Frameworks

Ayliea supports 13 active frameworks spanning traditional cybersecurity governance, AI-specific risk management, and emerging generative-AI standards. Each framework includes structured assessment questions, weighted scoring, and AI-powered remediation recommendations. Two additional frameworks are coming soon.

## Available now

<CardGroup cols={2}>
  <Card title="AI Security (AISS)" icon="brain" href="/frameworks/ai-security">
    The open Ayliea AI Security Standard — 10 control domains, 56 sub-controls, published under CC-BY-4.0 and crosswalked to 9 reference frameworks.
  </Card>

  <Card title="AI Agent Security" icon="robot" href="/frameworks/ai-agent-security">
    Controls for AI agents acting with delegated authority — least-privilege tool grants, blast-radius limits, prompt-injection defenses, and audit trails.
  </Card>

  <Card title="CIS Controls v8.1" icon="shield-check" href="/frameworks/cis-v8">
    Enterprise security best practices across 18 control areas, mapping to widely-cited implementation tiers.
  </Card>

  <Card title="NIST SP 800-53" icon="landmark" href="/frameworks/nist-800-53">
    The comprehensive federal security control catalog covering 20 control families.
  </Card>

  <Card title="NIST CSF 2.0" icon="compass" href="/frameworks/nist-csf">
    Organized by the Govern, Identify, Protect, Detect, Respond, and Recover functions.
  </Card>

  <Card title="NIST AI RMF" icon="brain-circuit" href="/frameworks/nist-ai-rmf">
    NIST's foundational risk-management framework for AI: Govern, Map, Measure, Manage.
  </Card>

  <Card title="NIST AI 600-1 (GAI Profile)" icon="sparkles" href="/frameworks/nist-ai-rmf-gai-profile">
    NIST's Generative AI Profile addressing 12 GAI-specific risks layered on the AI RMF core.
  </Card>

  <Card title="ISO/IEC 42001" icon="globe" href="/frameworks/iso-42001">
    The international AI management system standard — governance, risk, lifecycle, and operations for AIMS.
  </Card>

  <Card title="OWASP LLM Top 10" icon="bug" href="/frameworks/owasp-llm-top-10">
    The community-standard LLM application security risk catalog.
  </Card>

  <Card title="HIPAA" icon="hospital" href="/frameworks/hipaa">
    Security Rule controls for healthcare organizations handling electronic protected health information.
  </Card>

  <Card title="SOC 2" icon="file-check" href="/frameworks/soc-2">
    Trust Services Criteria for service organizations: security, availability, processing integrity, confidentiality, privacy.
  </Card>
</CardGroup>

## Coming soon

<CardGroup cols={2}>
  <Card title="ISO/IEC 27001:2022" icon="globe" href="/frameworks/iso-27001">
    Information security management system requirements. Coverage and crosswalks complete; final scoring tuning in progress.
  </Card>

  <Card title="PCI DSS v4.0" icon="credit-card" href="/frameworks/pci-dss">
    Payment card data protection. Coverage and crosswalks complete; final scoring tuning in progress.
  </Card>
</CardGroup>

## How assessments work

1. **Select a framework** — choose the standard relevant to your environment, whether that's a traditional security framework, an AI-specific one, or a combination.
2. **Answer questions** — each question maps to a specific control or sub-control with weighted scoring. Most questions are multiple-choice with maturity tiers; some are yes/no with evidence prompts.
3. **Review your score** — see your overall posture grade (A through F) with category breakdown, weak spots highlighted, and per-control details surfaced.
4. **Follow recommendations** — AI-powered remediation guidance prioritized by impact, with cited frameworks and clear next steps.
5. **Track progress** — reassess over time to measure improvement and capture an audit trail.

## Cross-framework mapping

Controls overlap across frameworks. Ayliea maps these relationships so a single assessment can estimate your readiness across multiple standards. For example, the AISS framework crosswalks to NIST CSF 2.0, ISO/IEC 27001:2022, NIST AI RMF, NIST AI 600-1, CIS Controls v8.1, EU AI Act, Colorado AI Act, OWASP LLM Top 10, and MITRE ATLAS — completing one AISS assessment surfaces partial coverage across all nine.

The Glass-Box drilldown on every results page shows the exact framework references behind each question, so an auditor can verify any score against the cited source.

## Free vs. paid access

The **AI Security (AISS)** framework is available on the free tier — any organization can run their first assessment without payment or sales contact. All other frameworks require a Pro plan or higher.
