Frameworks

Seven regulatory frameworks, deployment-ready.

ComplianceIQ ships curated catalogs for financial, healthcare, and government standards across the Gulf and Africa. Every control is mapped to Azure Policy and Microsoft Defender for Cloud, then packaged as an initiative you can deploy in audit-only mode.

Lifecycle

How frameworks are managed & deployed

From a curated control catalog to an audit-only Azure Policy initiative in four steps.

1. Curated catalog

Each framework maps every control to Azure Policy definition IDs, Defender for Cloud categories, and evidence examples.

2. AI mapping

Upload a new framework and the AI agent maps its controls to the Microsoft Cloud Security Benchmark and Azure guidance.

3. Deployable initiative

Mappings become an Azure Policy set definition in the framework/ directory, with every GUID validated against live Azure data.

4. Audit-first rollout

Initiatives deploy in DoNotEnforce mode and report compliance in Microsoft Defender for Cloud. No blocking, no surprises.

Catalog

The seven supported frameworks

Region-specific standards, each with a ready-made policy initiative.

  • SAMA

    SAMA Cybersecurity Framework

    Saudi Arabia Financial 48 policies

    The Saudi Central Bank (SAMA) Cyber Security Framework for regulated banks, insurers, and financial-market institutions.

  • ADHICS

    Abu Dhabi Healthcare Information & Cyber Security v2

    Abu Dhabi Healthcare 50 policies

    Abu Dhabi's Healthcare Information and Cyber Security Standard (v2) governing protection of health-sector information systems and data.

  • KSA

    Saudi Arabia Government Cloud Security Controls

    Saudi Arabia Government 58 policies

    Consolidated Saudi government cloud security controls spanning national cybersecurity and public-sector cloud requirements.

  • NDMO

    NDMO Data Management & Personal Data Protection

    Saudi Arabia Data governance 38 policies

    Saudi National Data Management Office standards covering data management and personal data protection across 15 control domains.

  • NCA

    NCA Critical Systems Cybersecurity Controls (CSCC)

    Saudi Arabia Government / CNI 49 policies

    Saudi National Cybersecurity Authority Critical Systems Cybersecurity Controls (CSCC-1:2019) for critical national infrastructure.

  • RSA

    South African Government Cloud Security Controls

    South Africa Government 56 policies

    South African government cloud security controls covering national digital-governance and public-sector data requirements.

  • OMAN

    Oman Government Cloud Security Controls

    Oman Government 53 policies

    Oman Government cloud security controls based on the Cyber Defense Centre (CDC) cloud security framework.

In practice

Deploy every initiative in one command

The framework/ directory holds deployable policy JSON for all seven frameworks, plus tooling to keep GUIDs accurate.

# Deploy all 7 initiatives to your Azure subscription
cd framework/
./DeployAllInitiatives.ps1 -TenantId <tenant-id> -SubscriptionId <subscription-id>

# Pre-flight: validate every policy GUID against live Azure data
python3 validate_guids.py

Audit-only by default. Initiatives are assigned in DoNotEnforce mode: they evaluate resources and report compliance state, but never block deployments or trigger auto-remediation. Safe for production subscriptions.

GUID validation built in. validate_guids.py checks every policy GUID against the full set of Azure built-in policies, and DeployAllInitiatives.ps1 runs it automatically as a pre-flight step before each deployment.

Monitored in Defender for Cloud. Once deployed, each initiative surfaces its compliance posture in Microsoft Defender for Cloud, ready for audit evidence and reporting.

Map your own framework

Bring a PDF or control spreadsheet and let the AI agent do the mapping.