If you manage security for multiple organizations, you already know the challenge: one client needs a SOC 2 report for their auditor, another is pursuing CMMC certification for a government contract, and a third just wants to know they meet HIPAA requirements for their healthcare data.
Until now, that meant running different tools, maintaining separate mappings, or manually translating findings from one framework to another. That overhead adds up fast — especially when you’re managing dozens of tenants.
Audit My Tenant now maps every security rule across 14 compliance frameworks, giving you a single scan that speaks every framework your clients need.
Every rule in Audit My Tenant is tagged to every applicable compliance framework. Run one scan, and you can view the results through any lens:
CIS Controls v8 — The 18 prioritized security safeguards that form the foundation of most security programs. The starting point for organizations of any size.
CIS M365 Foundations — The gold standard benchmark specifically for Microsoft 365 configuration. Covers Entra ID, Exchange, SharePoint, Teams, and Defender.
NIST SP 800-53 — The comprehensive federal security control catalog. Required for organizations with government compliance obligations and widely adopted in the private sector.
NIST CSF 2.0 — The updated Cybersecurity Framework organized around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Ideal for board-level reporting.
CISA SCuBA — The Cybersecurity and Infrastructure Security Agency’s Secure Cloud Business Applications baselines. Purpose-built for Microsoft 365 by the agency responsible for protecting federal civilian networks.
MITRE ATT&CK — Adversarial tactics and techniques mapped to real-world attack patterns. Shows exactly which threats each security control defends against.
SOC 2 — Trust Services Criteria covering Security, Availability, Confidentiality, Processing Integrity, and Privacy. Essential for SaaS companies and service organizations undergoing audits.
CMMC Level 2 — The Cybersecurity Maturity Model Certification required for Department of Defense contractors handling Controlled Unclassified Information. Based on NIST 800-171 practices.
ISO 27001 — The international standard for information security management systems. Recognized globally and increasingly required in vendor assessments and enterprise procurement.
HIPAA — The Health Insurance Portability and Accountability Act safeguards for protected health information. Non-negotiable for healthcare organizations and their business associates.
PCI DSS v4.0 — The Payment Card Industry Data Security Standard. Required for any organization that stores, processes, or transmits cardholder data.
Cyber Essentials — The UK government-backed certification scheme covering five critical technical controls. Mandatory for many UK government contracts.
Essential Eight — The Australian Signals Directorate’s eight mitigation strategies. The baseline security requirement for Australian government agencies and critical infrastructure.
CIS Benchmarks (Intune, Edge, Defender) — Product-specific CIS benchmarks for Microsoft endpoint management, browser security, and threat protection configuration.
The key insight behind Audit My Tenant’s multi-framework approach is that security controls overlap significantly across standards. A well-configured MFA policy satisfies requirements in CIS, NIST, SOC 2, HIPAA, CMMC, and more — all at the same time.
Audit My Tenant handles that mapping automatically. When a rule is evaluated, every applicable framework tag comes along with it. You don’t need to run separate scans or maintain your own crosswalk spreadsheets. The platform does the translation for you.
Need to show a client their HIPAA posture? Pick HIPAA from the framework list and generate a PDF report. Preparing for a SOC 2 audit? Generate a SOC 2 compliance report showing which controls are met, which have gaps, and what to fix first.
Every report includes:
Whether your clients need CIS benchmarks, federal NIST compliance, SOC 2 audit evidence, or international ISO certification — Audit My Tenant delivers the answers from a single scan.
Multi-framework compliance mapping is available now in all Audit My Tenant plans. Every plan includes all 1,554 security rules and all 14 frameworks. Connect a tenant, run a scan, and report in whatever framework your client needs.
Request early access to get started.