All frameworks US

SOC 2 (AICPA Trust Services Criteria)

AICPA audit standard for service organizations. Enterprise buyers increasingly require SOC 2 Type II. Five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy.

SaaS providers, cloud services, B2B service organizations

10

control domains mapped

10

Nitrokey products applicable

6

other frameworks cross-mapped

Official doc

SOC 2 (AICPA Trust Services Criteria)

CC6.1 Logical and physical access controls — authentication

Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.

Products that satisfy this control:

Security key Nitrokey 3C NFC $75 Security key Nitrokey 3A NFC $69 Hardware security module Nitrokey HSM 2 $135

Same control in other frameworks:

NIST 800-53 IA-2(6) NIST CSF 2.0 PR.AA-03 ISO 27001 A.8.5 NIS2 Art.21(2)(i) CMMC 2.0 IA.L2-3.5.3 CIS Controls v8 CIS-6.3
CC6.1 Encryption key management

Hardware-bound key generation and storage. Private keys generated and stored inside a certified secure element (EAL 6+) and are non-exportable by design.

Products that satisfy this control:

Security key Nitrokey 3C NFC $75 Security key Nitrokey 3A NFC $69 Hardware security module Nitrokey HSM 2 $135

Same control in other frameworks:

NIST 800-53 SC-12 NIST CSF 2.0 PR.DS-02 ISO 27001 A.8.24 NIS2 Art.21(2)(h) CMMC 2.0 SC.L2-3.13.10 CIS Controls v8 CIS-3.11
CC6.8 Prevent or detect unauthorized or malicious software

Hardened mobile OS with per-app sensor controls, verified boot, and no background telemetry. Satisfies mobile device management and bring-your-own-device security requirements.

Products that satisfy this control:

Hardened phone NitroPhone 10 Pro $1,795 Hardened phone NitroPhone 10 Pro XL $2,195 Hardened phone NitroPhone 5a $795

Same control in other frameworks:

NIST 800-53 AC-19 NIST CSF 2.0 PR.AC-3 ISO 27001 A.8.1 NIS2 Art.21(2)(e) CMMC 2.0 AC.L2-3.1.18 CIS Controls v8 CIS-4.4
CC7.1 Detect and monitor for security events

Measured boot chain verified on every power-on. Any firmware modification — supply chain implant, evil-maid attack, or malicious update — fails attestation before the OS loads.

Products that satisfy this control:

Secure laptop NitroPad V54 (14") $1,795 Secure laptop NitroPad V56 (16") $1,895

Same control in other frameworks:

NIST 800-53 SI-7 NIST CSF 2.0 DE.CM-09 ISO 27001 A.8.8 NIS2 Art.21(2)(e) CMMC 2.0 SI.L2-3.14.6 CIS Controls v8 CIS-2.3
CC6.6 Logical access security measures against threats outside the boundaries

VM-level compartmentalization means a compromise of one domain (e.g. browser) cannot reach another (e.g. keys, vault). No other consumer laptop provides this by default.

Products that satisfy this control:

Secure laptop NitroPad V54 (14") $1,795 Secure laptop NitroPad V56 (16") $1,895

Same control in other frameworks:

NIST 800-53 SC-3 NIST CSF 2.0 PR.AC-5 ISO 27001 A.8.22 NIS2 Art.21(2)(e) CMMC 2.0 SC.L2-3.13.3 CIS Controls v8 CIS-12.2
CC6.7 Restrict and monitor transmission of information

Stateful firewall with IPS at the network perimeter. All inbound/outbound traffic inspected with Suricata rule sets. VPN gateway replaces consumer VPN dependency.

Products that satisfy this control:

Network security NitroWall V1410 $445

Same control in other frameworks:

NIST 800-53 SC-7 NIST CSF 2.0 PR.AC-5 ISO 27001 A.8.22 NIS2 Art.21(2)(e) CMMC 2.0 SC.L2-3.13.1 CIS Controls v8 CIS-12.3
CC6.1 Restrict logical access — encryption at rest

Hardware-encrypted storage and self-hosted file servers replace cloud storage with hardware you control. Encryption keys never leave your environment.

Products that satisfy this control:

Secure laptop NitroPad V54 (14") $1,795 Secure laptop NitroPad V56 (16") $1,895 Secure storage NextBox NAS $475 Hardware security module Nitrokey HSM 2 $135

Same control in other frameworks:

NIST 800-53 SC-28 NIST CSF 2.0 PR.DS-01 ISO 27001 A.8.24 NIS2 Art.21(2)(h) CMMC 2.0 SC.L2-3.13.16 CIS Controls v8 CIS-3.11
CC9.2 Assessment of vendor and business partner risk

Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardware is not subject to US National Security Letters. Directly addresses hardware supply chain risk in CMMC and NIS2.

Products that satisfy this control:

Secure laptop NitroPad V54 (14") $1,795 Secure laptop NitroPad V56 (16") $1,895 Security key Nitrokey 3C NFC $75 Security key Nitrokey 3A NFC $69 Hardened phone NitroPhone 10 Pro $1,795 Hardened phone NitroPhone 10 Pro XL $2,195 Hardened phone NitroPhone 5a $795

Same control in other frameworks:

NIST 800-53 SR-3 NIST CSF 2.0 GV.SC-06 ISO 27001 A.5.19 NIS2 Art.21(2)(d) CMMC 2.0 CM.L2-3.4.1 CIS Controls v8 CIS-15.1
CC6.4 Physical access to the defined system is restricted

Rated safes and vaults protect physical assets, documents, and hardware backups. UL-certified fire and burglary ratings provide auditable physical security controls.

Products that satisfy this control:

Physical Safe & vault

Same control in other frameworks:

NIST 800-53 PE-3 NIST CSF 2.0 PR.AC-2 ISO 27001 A.7.1 NIS2 Art.21(2)(i) CMMC 2.0 PE.L1-3.10.1 CIS Controls v8 CIS-11.5
CC6.7 Restrict and monitor transmission of information

Verified boot ensures the TLS stack is unmodified before communication. VPN gateway encrypts all remote access traffic. Hardware-backed keys prevent interception even if endpoints are observed.

Products that satisfy this control:

Hardened phone NitroPhone 10 Pro $1,795 Hardened phone NitroPhone 10 Pro XL $2,195 Hardened phone NitroPhone 5a $795 Network security NitroWall V1410 $445

Same control in other frameworks:

NIST 800-53 SC-8 NIST CSF 2.0 PR.DS-02 ISO 27001 A.8.26 NIS2 Art.21(2)(h) CMMC 2.0 SC.L2-3.13.8 CIS Controls v8 CIS-3.10

Also mapped to

NIST 800-53 US NIST CSF 2.0 US ISO 27001 Global NIS2 EU CMMC 2.0 US DoD CIS Controls v8 Global