Compliance
One platform. Evidence for every framework you answer to.
Frameworks differ in language but converge on substance: know your software, manage its vulnerabilities, and prove both. Each guide below maps a framework's software expectations to the evidence SecuNexa and BOMNexa generate. None of it is legal advice; all of it is technically real.
European Union
EU Cyber Resilience Act (CRA)
Security and SBOM obligations for products with digital elements sold in the EU.
Read the guide European Union
NIS2 Directive
Cybersecurity risk-management duties for essential and important entities across the EU.
Read the guide European Union · financial sector
DORA
ICT risk management and resilience regulation for EU financial entities, already in application.
Read the guide United States · medical devices
FDA premarket cybersecurity
Cybersecurity requirements for medical device submissions, including SBOMs and vulnerability plans.
Read the guide United States · federal ecosystem
NIST SSDF (SP 800-218)
The secure software development framework behind US federal software supply-chain expectations.
Read the guide United States · reference standard
NTIA minimum elements for SBOM
The baseline definition of what a real SBOM must contain.
Read the guide Global · payment card industry
PCI DSS 4.x
Security requirements for everyone who stores, processes, or transmits cardholder data.
Read the guide Global
ISO/IEC 27001
The international standard for information security management systems.
Read the guide Global · service organizations
SOC 2
The attestation your customers ask for before trusting you with their data.
Read the guide United States · healthcare
HIPAA Security Rule
Safeguards for electronic protected health information, including risk analysis and technical controls.
Read the guide United States · national security, global direction
CNSA 2.0 and PQC timelines
The post-quantum migration timeline that will cascade into every regulated sector.
Read the guide India · capital markets
SEBI CSCRF
SEBI’s cybersecurity and cyber resilience framework for regulated entities in Indian capital markets.
Read the guide India
CERT-In directions and BOM guidelines
India’s national CERT requirements, including technical guidelines on SBOM and related BOMs.
Read the guide India · banking and finance
RBI cybersecurity frameworks
The Reserve Bank of India’s cybersecurity expectations for banks and regulated financial entities.
Read the guide Germany
BSI TR-03183
The German federal technical requirements for SBOM content and format.
Read the guide Covering 15 frameworks across 5 jurisdictions and sectors. Need one we have not written up yet? Tell us and we will map it.