Controls
Framework requirements organized into trackable control work.
Standards
Framework Coverage Without the Spreadsheet Drift
Most organisations track compliance in spreadsheets that age the moment they're saved. Westport Cyber connects your security, privacy, resilience, AI governance and assurance frameworks to the same workspace that scans your configurations, analyses your policies and collects your evidence — so your compliance posture reflects reality, not last quarter's snapshot.
See how Westport Cyber supports SOC 2, NIST CSF, HIPAA, DORA, ISO, NIS2, NCSC CAF, and Cyber Essentials Plus evidence workflows.
- 10+ Framework workflows: The public standards matrix names SOC 2, NIST CSF, HIPAA, DORA, NIS2, NCSC CAF, Cyber Essentials Plus, and ISO 27001, 27002, 22301, 42001, and 27701 workflows.
- Reusable evidence connected to controls, findings, policies, and attestations
- Known gaps, limitations, and assessor responsibilities surfaced clearly
The Evidence Layer That Connects Frameworks to Real Work
An audit finding or customer due diligence request shouldn't send your team scrambling. Westport Cyber keeps framework status, evidence tasks, configuration findings and policy gaps in one place — so you can answer questions quickly, confidently and with evidence that's already been gathered as part of your normal security activity.
Evidence
Screenshots, scans, policies, and attestations mapped to the controls they support.
Gaps
Not assessed, partial, and non-compliant items surfaced before an audit request.
Reporting
Board and customer-ready summaries that explain progress in plain language.
Sample Frameworks Supported
SOC 2
Trust Services Criteria readiness, evidence collection, and control progress.
NIST CSF
Govern, Identify, Protect, Detect, Respond, and Recover views for security posture.
HIPAA
Administrative, physical, and technical safeguards for healthcare teams and vendors.
DORA
Operational resilience, ICT risk, incident readiness, and third-party oversight.
ISO 27001 / 27002 / 22301 / 42001 / 27701
Information security, controls, resilience, AI management, and privacy extension coverage.
NIS2
Essential and important entity expectations for cyber risk management and reporting.
NCSC CAF
Cyber Assessment Framework outcomes and indicators of good practice.
Cyber Essentials Plus
Baseline technical control readiness for UK assurance and customer trust.
Frameworks Are Only Useful When Tied to Real Work
A framework status that isn't grounded in operational evidence is just a number. In Westport Cyber, every signal has a place in the control story — whether it comes from your cloud configuration posture, policy records, vendor reviews, user awareness activity or governance tasks. Compliance becomes a by-product of good security practice, not a separate workstream.