Compliance Extensions

Overview

Compliance Extensions provide predefined support to help you adhere to industry standards and regulatory requirements. Below are the compliance extensions available for Log360 Cloud.

Supported Compliance Extensions

• NIS2 (Network and Information Security Directive 2)

  The NIS2 Directive is an EU-wide cybersecurity framework aimed at strengthening the resilience of critical infrastructure and digital service providers. It expands security requirements, incident reporting obligations, and enforcement measures. To download the NIS2 extensions, visit marketplace.

• DORA (Digital Operational Resilience Act)

  DORA is an EU regulation designed to enhance the financial sector's ability to withstand cyber threats by establishing strict ICT risk management, incident reporting, and resilience testing requirements. To download the DORA extensions, visit marketplace.

• DPDP (Digital Personal Data Protection Act)

  The DPDP Act is India's comprehensive data protection law that governs the processing of personal data, ensuring user rights, lawful data handling, and corporate accountability. To download the DPDP extensions, visit marketplace.

• CJIS (Criminal Justice Information Services)

  The CJIS Security Policy sets standards for protecting sensitive law enforcement data in the U.S., ensuring strict access control, encryption, and auditing requirements for agencies and service providers. To download the CJIS extensions, visit marketplace.

• CIS (Center for Internet Security Controls)

  CIS Controls are a set of best practices and security guidelines designed to help organizations protect against cyber threats by implementing essential security measures and system hardening techniques. To download the CIS extensions, visit marketplace.

• Standard Framework for Education

  This framework provides a structured approach to cybersecurity and data privacy in educational institutions, ensuring compliance with best practices, risk management, and regulatory requirements. To download the Standard Framework for Education extensions, visit marketplace.

• FADP (New Federal Act on Data Protection)

  The FADP is Switzerland's updated data protection law, ensuring the rights of individuals regarding their personal data and aligning with GDPR-like principles. It mandates transparency, accountability, and security for data processing activities. To download the FADP extensions, visit marketplace.

• PNCiber (Política Nacional de Cibersegurança)

  PNCiber is Brazil's National Cybersecurity Policy, issued by the Presidency of the Federative Republic of Brazil through the Institutional Security Office (GSI/PR). It establishes strategic objectives to strengthen national cyber resilience, protect critical infrastructures, enhance incident prevention, detection, and response capabilities, and promote coordinated cybersecurity governance across public and private sector organizations. To download the PNCiber extensions, visit marketplace.

• ANATEL (Agência Nacional de Telecomunicações)

  ANATEL is Brazil's national telecommunications regulatory authority responsible for overseeing and regulating telecommunications services, products, and infrastructure across the country. It establishes requirements and guidelines to ensure the security, reliability, quality, and resilience of Brazil's telecommunications ecosystem, including cybersecurity expectations for suppliers and service providers. To download the ANATEL extensions, visit marketplace.

• ANVISA Guide No. 38/2020 (Agência Nacional de Vigilância Sanitária)

  ANVISA Guide No. 38/2020 is a regulatory guideline issued by Brazil's National Health Surveillance Agency that defines cybersecurity requirements for medical devices across their lifecycle. It outlines expectations for secure design, risk management, security testing, vulnerability remediation, and incident response to help ensure the protection, integrity, and availability of health data and connected healthcare systems in Brazil. To download the ANVISA Guide No. 38/2020 extensions, visit marketplace.

• ANAC CSA (Agência Nacional de Aviação Civil)

  ANAC CSA is a cybersecurity assessment program established by Brazil's civil aviation authority to evaluate and strengthen the protection of critical aviation systems and information assets across airlines, airports, air navigation service providers, and other aviation stakeholders. It focuses on governance, risk management, asset management, identity and access control, data protection, resilience, security monitoring, and incident response to enhance the overall cybersecurity posture of the Brazilian civil aviation sector. To download the ANAC CSA extensions, visit marketplace.

• SUSEP 683/2021 (Superintendência de Seguros Privados)

  SUSEP 683/2021 is a cybersecurity regulation issued by Brazil's Private Insurance Supervisory Authority that establishes mandatory information security and cyber risk management requirements for supervised entities in the insurance, reinsurance, capitalization, and open pension sectors. It defines minimum cybersecurity controls, governance and policy expectations, incident handling procedures, business continuity and disaster recovery measures, third-party risk oversight, and periodic reporting obligations to strengthen the protection of sensitive financial and personal data in accordance with Brazilian sectoral regulations. To download the SUSEP 683/2021 extensions, visit marketplace.

• BACEN CMN 4,893/2021 (Banco Central do Brasil - Conselho Monetário Nacional)

  BACEN CMN Resolution 4,893/2021 is a cybersecurity regulation issued by Brazil's Central Bank that establishes requirements for financial institutions regarding cybersecurity governance and the contracting of data processing, storage, and cloud computing services. It defines obligations related to preventive controls, incident detection and response, audit trails and traceability, risk management for outsourcing and cloud providers, and business continuity planning to strengthen resilience against cyber threats within the Brazilian financial system. To download the BACEN CMN 4,893/2021 extensions, visit marketplace.

• EU CRA (European Union Cyber Resilience Act)

  EU CRA is a European Union regulation that establishes mandatory cybersecurity requirements for products with digital elements placed on the EU market. It enforces secure-by-design and secure-by-default principles, vulnerability handling and coordinated disclosure processes, resilience and recovery capabilities, logging and monitoring of security events, data protection controls, and the maintenance of technical documentation for conformity assessments. The regulation aims to reduce exploitable vulnerabilities in digital products and strengthen cybersecurity risk management and transparency across the EU. To download the EU CRA extensions, visit marketplace.

• NCA (National Cybersecurity Authority)

  NCA is a cybersecurity framework issued by the National Cybersecurity Authority that defines mandatory information security and cyber risk management requirements for organizations. Log360 Cloud enables organizations to meet these governance and risk-management obligations by collecting and analyzing logs across infrastructure, applications, and cloud environments. The solution supports access control, authentication management, network security monitoring, configuration management, risk assessment, audit logging, and business continuity preparedness. It defines minimum cybersecurity controls, governance and policy expectations, incident handling procedures, business continuity and disaster recovery measures, third-party risk oversight, and periodic reporting obligations to strengthen the protection of sensitive IT, financial, and personal data in accordance with NCA regulations. To download the NCA extensions, visit marketplace.

• E8MM (Essential Eight Maturity Model)

  The E8MM Compliance in Log360 Cloud enables organizations to monitor, audit, and report on security activities aligned with the Essential Eight Maturity Model—a prioritized set of mitigation strategies designed to protect against common cyber threats. To download E8MM extension, visit marketplace.

• GAMP 5 (Good Automated Manufacturing Practice)

  GAMP 5 is a risk-based framework published by the International Society for Pharmaceutical Engineering (ISPE) for validating computerized systems used in pharmaceutical and life sciences environments. It ensures that systems supporting GxP processes are fit for their intended use and comply with regulatory requirements such as FDA 21 CFR Part 11 and EU GMP Annex 11. Log360 Cloud helps organizations meet GAMP 5 requirements by providing audit trail monitoring, privileged access tracking, change monitoring, and security incident detection across critical systems. To download the GAMP 5 extensions, visit marketplace.

• 21 CFR Part 11 (Code of Federal Regulations)

  21 CFR Part 11 is a regulation issued by the U.S. Food and Drug Administration (FDA) that establishes requirements for the use of electronic records and electronic signatures in regulated industries such as pharmaceuticals, biotechnology, and medical devices. It ensures that electronic records are trustworthy, reliable, and equivalent to paper records by enforcing controls such as audit trails, system access restrictions, electronic signature validation, and record integrity protection. Log360 Cloud helps organizations support 21 CFR Part 11 compliance by providing audit trail monitoring, user access tracking, authentication monitoring, and security event detection across critical systems. To download the 21 CFR Part 11 extensions, visit marketplace.

Read also

This page introduced the compliance extensions available in the product. Refer to the below documents to learn more about the related capabilities.

• Installing Extensions
• Extension profile generator
• Extension builder