Compliance Framework Versions and Dates
Please refer to our Compliance Framework Versions and Dates table for a clear overview of version history, release dates, and key updates. This ensures transparency and helps you stay aligned with the latest compliance standards.
| Compliance Framework | Current Version | Version Effective Since | Next Version Update Mark | Tevora Resources | Public Framework Resources | Notes |
|---|---|---|---|---|---|---|
| CMMC | CMMC | Dec 16th, 2024 | TBD | CMMC | About CMMC | |
| FedRAMP | NIST 800-53 Rev. 5 | May 30th, 2023 | TBD | FedRAMP | FedRAMP Baseline Revision 5 Transition Plan | |
| FISMA | NIST 800-53 Rev. 5 | TBD | TBD | What We Do | Federal Information Security Modernization Act Sample link 2 | last updated in FISMA Reform-2014 |
| HIPAA | 45 C.F.R. 160, 162, & 164 | June 25th, 2024 | HIPAA Security Rule Modernization | HITRUST & HIPAA | HIPAA for Professionals HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information | |
| HITRUST | V11.5.0 | Dec 6th, 2024 | TBD | HITRUST | HAA 2025-001 HITRUST CSF Version 11.5.0 Release | |
| ISO 22301 | ISO 22301:2019 | 2019 | TBD | ISO | ISO 22301:2019 | |
| ISO 27001 | ISO/IEC 27001:2022 | 2022 | TBD | ISO | ISO/IEC 27001:2022 | |
| ISO 27017 | ISO/IEC 27017:2015 | 2015 | Draft International Standard (DIS) for ISO/IEC 27017 | ISO | ISO/IEC 27017: 2015 | |
| ISO 27018 | ISO/IEC 27018:2019 | ISO/IEC 27018:2019 | Final Draft International Standard (FDIS) for ISO/IEC 27018 | ISO | ISO/IEC 27018:2019 | |
| ISO 27701 | ISO/IEC 27701:2019 | 2019 | ISO/IEC 27701:2025 (Not Officially Published Yet) | ISO | ISO/IEC 27701: 2019 ISO /IEC 27701:2024 Explained ISO/IEC FDIS 27701 | |
| ISO 42001 | ISO/IEC 42001:2023 | 2023 | TBD | ISO | ISO/IEC 42001:2023 | |
| NIST 800-171 | NIST SP 800-171 Rev. 3 | April 23rd, 2024 | TBD | NIST | NIST SP 800-53 Rev. 5 NIST SP 800-171r3 | |
| NIST 800-53 | NIST SP 800-53 Rev.5 | 23-Sep-20 | 5.1.1 – November 7th, 2023 | NIST | NIST SP 800-53 Rev. 5 | |
| NIST 800-53 | NIST SP 800-53 Rev. 3 | November 7th, 2024 | TBD | NIST | NIST SP 800-53 Rev. 5 | |
| NIST Cybersecurity Framework (CSF) | Verison 2.0 | February 26th, 2024 | TBD | NIST | NIST Releases Version 2.0 of Landmark Cybersecurity Framework | |
| PCI DSS | v4.0.1 | 1-Jan-25 “Best Practice” requirements became mandatory 31-Mar-2025 | TBD | PCI | PCI DSS v4.0.1 | AP: confirmed dates |
| PCI SSF | v1.2 | December 7th, 2022 | TBD | PCI | PCI Security Standards Council Publishes Version 1.2 of the Secure Software Standard and Program | |
| SOC 1 | SSAE No. 21 | Released in Fall 2021; required for reporting periods ending AFTER June 15, 2022 | SSAE No. 23 becomes effective for engagements performed in accordance with the SSAEs beginning on or after December 15, 2025. It impacts service auditor processes; not a Company’s SOC 1 requirements. | SOC | Audit and Assurance Greater than SOC 1 2017 Trust Services Criteria | AP: confirmed dates |
| SOC 2 | 2017 Trust Services Criteria with Revised Points of Focus – 2022 | 2017 Criteria: Released in Fall 2018; required for reporting periods ending AFTER December 15, 2018 Revised Points of Focus -v2022 – released in September, 2023, effective immediately. | TBD | SOC | Audit and Assurance Greater than SOC 2 2017 Trust Services Criteria | AP: confirmed dates |
| STAR Cloud Security Standards | CCM V4.0 | 2021 | Cloud Security | Cloud Security Alliance (CSA) STAR Self-Assessment |