What It Does#
A searchable reference for security controls across 105+ compliance frameworks. Instead of digging through PDF after PDF to find the right control language, you look it up on myctrl.tools and get the control text, implementation guidance, and mappings to other frameworks instantly.
By the Numbers#
| Metric | Count |
|---|---|
| Security controls indexed | 20,600+ |
| Compliance frameworks | 105+ |
| U.S. Federal frameworks | 36 |
| AI & ML frameworks | 8 |
| Privacy frameworks | 17 |
| Technologies with implementation guidance | 30+ |
| Verification commands | 500+ |
Average control research time: under 10 seconds vs. 15+ minutes of manual PDF searching.
Framework Coverage#
U.S. Federal - NIST SP 800-53, FedRAMP, FISMA, CMMC, CJIS, IRS 1075, DISA STIGs, DoD SRGs, StateRAMP, and more across 36 federal frameworks.
AI & Machine Learning - NIST AI RMF, EU AI Act, ISO 42001, OWASP LLM Top 10, and emerging AI governance frameworks. 8 frameworks covering the intersection of security and AI.
Privacy - GDPR, CCPA/CPRA, HIPAA, FERPA, COPPA, and 12 more privacy-focused frameworks.
International - ISO 27001/27002, SOC 2, PCI-DSS, IRAP, ISMAP, ENS, BSI IT-Grundschutz, and standards from across the globe.
Industry-Specific - Healthcare (HIPAA, HITRUST), financial (PCI-DSS, GLBA, SOX), critical infrastructure (NERC CIP), and more.
Interactive Tools#
Knowledge Graph - Explore 120+ frameworks as an interconnected constellation. Click a framework node to see its crosswalk relationships with other standards. Useful for understanding how frameworks relate to each other.
Framework Comparison - Side-by-side control analysis between any two frameworks. Find equivalent controls instantly instead of manually mapping them in a spreadsheet.
Crosswalk Explorer - Navigate mappings between frameworks interactively. See how CSF maps to NIST 800-53 maps to PCI-DSS with direct visualization.
Implementation Guidance#
Controls aren’t useful if you don’t know how to implement them. Each control includes technology-specific guidance for 30+ platforms:
- Cloud - AWS, Azure, GCP, Oracle Cloud
- Identity - Okta, Azure AD, Google Workspace
- Infrastructure - Kubernetes, Docker, Linux, Windows Server
- Security Tools - CrowdStrike, Sumo Logic, Splunk
- And more - with 500+ CLI verification commands you can actually run
Stack#
- Framework: Astro
- Hosting: Vercel
- Offline: Service workers for offline access
- Data: Sourced from NIST, PCI SSC, DISA, CIS, ISO, and other standards bodies
- License: Content under CC BY 4.0
Related#
- Okta Inspector - Automated compliance auditing that maps to many of the same frameworks
- Open Source Security Compliance AI & ML - Datasets and models trained on NIST publications
- FedRAMP Docs MCP Server - MCP server for querying FedRAMP documentation programmatically
