Cross-Compliance Mapping

Complying to multiple regulations and compliance requirements can be difficult. SecureState's cross compliance methodology can ease this burden.

As the Information Security field matures and grows, companies are finding that in order to stay in synch with regulatory and compliance standards, information security programs need to be continuously updated and maintained. SecureState's Cross Compliance Framework (CCF) was designed to address the issues inherent in handling a variety of frameworks and regulatory and compliance standards. The CCF considers all of an organization's assessment requirements and maps them to each other in order to streamline compliance efforts.


Organizations frequently have several frameworks with which they are struggling to comply. In many cases, there are multiple, separate compliance programs and teams operating in silos. The CCF allows an organization to understand the maturity and scope of each program and quickly identify overlap, reducing redundant testing efforts. Once all programs have been mapped, SecureState can identify the exact level of maturity for the overall information security program, and provide an effective roadmap strategy to increase consistency and effectively mature the program, while reducing costs and effort.


SecureState understands that no one person can truly be an expert in every regulatory and compliance area. That's why we employ a team of seasoned experts with a wide range of compliance experience, who maintain industry-leading certifications. Beyond just assessing your compliance, SecureState has extensive experience helping organizations build compliance programs that are efficient and repeatable. By using the CCF, your organization will avoid redundant compliance efforts across standards and achieve and maintain compliance with less cost and effort.

Approach and Methodology

SecureState has developed a solution for organizations seeking to identify the maturity level of their security program and how to effectively meet the challenges within the program. SecureState can map an organizations' information security requirements to the most prevalent security frameworks, compiling the effort and compliance metrics into a single usable product. Mapping identifies any gaps in compliance and areas where testing can be consolidated to conserve resources.

When rating the maturity of a security program, SecureState uses a rating system based on Carnegie Mellon’s Capability Maturity Model Integration (CMMI) scale. The CMMI scale is a general maturity-ranking program that can be used to rate the maturity of any organization or service. SecureState has customized the maturity evaluation process to be specific to security programs. This scale defines the various levels organizations need to progress through when maturing a security program. These maturity ratings can also be used as a broad roadmap to achieving an optimized security program.

Get Started!