Align QRAMM assessments with NIST, ISO 27001, CMMC, FedRAMP, SOC 2, and other regulatory requirements. Prepare for audits with integrated compliance mapping.
Compliance Mapping
QRAMM provides direct mapping to major compliance frameworks, helping demonstrate quantum readiness alongside existing security requirements.
Map QRAMM practices to NIST CSF categories and subcategories for comprehensive security alignment.
23 control mappingsAlign with international information security standards and Annex A controls for global compliance.
18 control mappingsSupport defense contractor requirements with mapping to Cybersecurity Maturity Model Certification.
15 practice mappingsAddress federal cloud security requirements with NIST 800-53 control family alignment.
21 control mappingsDemonstrate trust service criteria compliance for service organizations handling sensitive data.
12 criteria mappingsAddress payment card industry requirements for cryptographic controls and key management.
14 requirement mappingsSample Mapping
| QRAMM Dimension | QRAMM Practice | NIST CSF Category | NIST Subcategory |
|---|---|---|---|
| CVI | Cryptographic Discovery & Inventory | Identify (ID) | ID.AM-1, ID.AM-2 |
| CVI | Vulnerability Assessment | Identify (ID) | ID.RA-1, ID.RA-5 |
| SGRM | Executive Leadership & Policy | Govern (GV) | GV.PO-1, GV.RR-1 |
| DPE | Data Classification & Protection | Protect (PR) | PR.DS-1, PR.DS-2 |
| ITR | Technology Infrastructure | Protect (PR) | PR.IP-1, PR.MA-1 |
Full compliance mapping available in the QRAMM Assessment Toolkit
Compliance Resources
Download resources to support compliance assessments and audit preparation.
Complete assessment with built-in compliance mapping tab linking all 120 questions to NIST, ISO, and CMMC controls.
Structured template for collecting audit evidence organized by QRAMM practice areas.
Third-party risk assessment questionnaire for evaluating vendor quantum readiness and supply chain compliance.
Audit-ready report format with compliance status summary and remediation recommendations.
Understand the four dimensions and twelve practices that structure compliance assessments.
Risk-based approach to quantum readiness aligned with enterprise risk management frameworks.
Automated Evidence Collection
Generate CBOM and SARIF reports for audit evidence and compliance documentation.
Scan codebases for cryptographic usage. Generates CycloneDX CBOM and SARIF output for GitHub Security integration.
Analyze TLS configurations with CNSA 2.0 compliance tracking. Generates CBOM and HTML reports for audit documentation.
Scan dependencies for quantum-vulnerable algorithms. CycloneDX CBOM and SARIF output for supply chain compliance.
Complete tool suite with CI/CD integration guides for automated compliance scanning in your pipeline.
Download the QRAMM Assessment Toolkit with built-in compliance mapping to NIST CSF, ISO 27001, CMMC, FedRAMP, and more.