Controls library · 7 frameworks · 10 control domains

Security hardware mapped to your compliance framework.

Every product we sell is mapped to NIST 800-53, ISO 27001, SOC 2, NIS2, CMMC, and CIS Controls v8. Use this library to justify hardware purchases against your audit requirements or build a compliant stack from scratch.

Supported frameworks

Browse controls by framework, or scroll down to see the full cross-framework mapping.

NIST 800-53 US

NIST SP 800-53 Rev 5

Security and privacy controls for federal information systems. Baseline for FedRAMP, DoD, and regulated US industries. The most granular US control catalog.

Federal agencies, defense contractors, FedRAMP ISVs

View 10 controls

NIST CSF 2.0 US

NIST Cybersecurity Framework 2.0

Voluntary risk management framework widely adopted by US enterprises. Updated in 2024 to add a Govern function and expand supply chain guidance.

All US organizations, increasingly global

View 10 controls

ISO 27001 Global

ISO/IEC 27001:2022

International standard for information security management systems. Globally recognized certification. 2022 revision reorganized Annex A controls around four themes.

Global enterprises, EU market, APAC, financial services

View 10 controls

SOC 2 US

SOC 2 (AICPA Trust Services Criteria)

AICPA audit standard for service organizations. Enterprise buyers increasingly require SOC 2 Type II. Five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy.

SaaS providers, cloud services, B2B service organizations

View 10 controls

NIS2 EU

EU NIS2 Directive (2022/2555)

EU mandatory cybersecurity directive for essential and important entities. Effective October 2024. Covers endpoint security, supply chain, incident response, and management accountability.

EU-operating organizations in energy, transport, health, finance, digital infrastructure

View 10 controls

CMMC 2.0 US DoD

Cybersecurity Maturity Model Certification 2.0

DoD certification required for all prime and sub-contractors handling CUI. Level 2 maps to NIST 800-171. Hardware controls are a key differentiator in assessments.

US defense industrial base, DoD prime and sub-contractors

View 10 controls

CIS Controls v8 Global

CIS Critical Security Controls v8

Prioritized set of cybersecurity best practices. Three implementation groups mapped to organization size. Widely used as a practical baseline independent of regulatory requirement.

All organizations, security teams, SMBs

View 10 controls

Cross-framework control mapping

One security concern, mapped across every framework we support.

Each row is a security domain our hardware addresses. Columns show the equivalent control ID in each framework. Use this to satisfy multiple audit requirements with a single hardware purchase.

Control domain	NIST 800-53	NIST CSF 2.0	ISO 27001	SOC 2	NIS2	CMMC 2.0	CIS Controls v8	Products
Multi-factor authentication — hardware-bound Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly …	IA-2(6)	PR.AA-03	A.8.5	CC6.1	Art.21(2)(i)	IA.L2-3.5.3	CIS-6.3	NK 3C NFC NK 3A NFC NK HSM 2
Cryptographic key management Hardware-bound key generation and storage. Private keys generated and stored inside a cert…	SC-12	PR.DS-02	A.8.24	CC6.1	Art.21(2)(h)	SC.L2-3.13.10	CIS-3.11	NK 3C NFC NK 3A NFC NK HSM 2
Mobile device access control Hardened mobile OS with per-app sensor controls, verified boot, and no background telemetr…	AC-19	PR.AC-3	A.8.1	CC6.8	Art.21(2)(e)	AC.L2-3.1.18	CIS-4.4	NP 10 Pro NP 10 Pro XL NP 5a
Endpoint software and firmware integrity Measured boot chain verified on every power-on. Any firmware modification — supply chain i…	SI-7	DE.CM-09	A.8.8	CC7.1	Art.21(2)(e)	SI.L2-3.14.6	CIS-2.3	NPad V54 (14")NPad V56 (16")
Workstation security isolation VM-level compartmentalization means a compromise of one domain (e.g. browser) cannot reach…	SC-3	PR.AC-5	A.8.22	CC6.6	Art.21(2)(e)	SC.L2-3.13.3	CIS-12.2	NPad V54 (14")NPad V56 (16")
Network boundary protection and monitoring Stateful firewall with IPS at the network perimeter. All inbound/outbound traffic inspecte…	SC-7	PR.AC-5	A.8.22	CC6.7	Art.21(2)(e)	SC.L2-3.13.1	CIS-12.3	NWall V1410
Data protection at rest Hardware-encrypted storage and self-hosted file servers replace cloud storage with hardwar…	SC-28	PR.DS-01	A.8.24	CC6.1	Art.21(2)(h)	SC.L2-3.13.16	CIS-3.11	NPad V54 (14")NPad V56 (16")NextBox NAS +1
Supply chain risk — hardware and firmware Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardwar…	SR-3	GV.SC-06	A.5.19	CC9.2	Art.21(2)(d)	CM.L2-3.4.1	CIS-15.1	NPad V54 (14")NPad V56 (16")NK 3C NFC +4
Physical access and asset protection Rated safes and vaults protect physical assets, documents, and hardware backups. UL-certif…	PE-3	PR.AC-2	A.7.1	CC6.4	Art.21(2)(i)	PE.L1-3.10.1	CIS-11.5	Safe / vault
Transmission confidentiality and integrity Verified boot ensures the TLS stack is unmodified before communication. VPN gateway encryp…	SC-8	PR.DS-02	A.8.26	CC6.7	Art.21(2)(h)	SC.L2-3.13.8	CIS-3.10	NP 10 Pro NP 10 Pro XL NP 5a +1

Control domain details

What each domain covers and which products satisfy it.

Multi-factor authentication — hardware-bound

IA-2(6)PR.AA-03 A.8.5 CC6.1 Art.21(2)(i)IA.L2-3.5.3 CIS-6.3

Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.