Skip to main content
Frameworks are the foundation of your compliance program in Regentra. Each framework represents a compliance standard — HIPAA, SOC 2, NIST CSF, ISO 27001, CMMC, PCI-DSS, GDPR, or FTC Safeguards — with its own set of controls, requirements, and structure.

Adopting a Framework

1

Navigate to the Frameworks page

Open the Compliance module and click Frameworks in the sidebar.
2

Browse available frameworks

Each framework card shows the standard name, a brief description, and the number of controls it contains.
3

Click Adopt

Click the Adopt button on the framework you want to activate. A confirmation dialog explains what will be created.
4

Review the seeded controls

After adoption, navigate to the Controls page to see the full control set that was created for your organization.

What Happens When You Adopt

When you adopt a framework, Regentra performs several actions automatically:
  1. Controls are seeded — the complete control set for that framework is created in your organization, each mapped to the relevant framework requirements
  2. CCF mappings are applied — controls that overlap with previously adopted frameworks are linked through the Common Control Framework
  3. Gap analysis activates — your compliance dashboard populates with a gap analysis showing which controls are Not Started, In Progress, or Implemented
  4. Framework-specific features unlock — depending on the framework, additional tools become available
Controls seeded by framework adoption belong to your organization. You can edit their descriptions, add implementation notes, and customize them to fit your environment.

Switching Between Frameworks

If you have adopted multiple frameworks, use the framework dropdown in the sidebar to switch your view. This filters the Controls page, dashboard metrics, and reports to show only the selected framework. You can also select All Frameworks to see a unified view of every control across your compliance program.

Framework-Specific Features

Some frameworks unlock additional capabilities beyond standard controls:
Regentra’s HIPAA framework slug is hipaa-2026. It builds you to the Security Rule as proposed in the January 2025 NPRM (RIN 0945-AA22, 90 FR 898) — the standard most organizations will be audited against once OCR finalizes the rule. The 2026 target exceeds the currently-binding 2013 Omnibus Rule on most provisions, so meeting Regentra’s checklist also meets today’s enforceable requirements.
  • NPRM banner — every HIPAA framework view shows a banner identifying the 2026 NPRM scope and highlighting the 9 new mandatory controls (asset inventory, MFA mandate, vulnerability scanning, network segmentation, etc.)
  • PARTIAL-coverage callout — when a framework requirement is satisfied only by PARTIAL-strength mappings (no FULL-strength control covers it), the gap-analysis view shows a yellow banner so auditors are alerted that supplemental evidence will be requested
  • Annex filter — HIPAA-specific policy templates (Notice of Privacy Practices, Patient Rights, Minimum Necessary, etc.) are tagged annex:hipaa and can be filtered separately from general controls
  • BAA Tracking — maintain a register of Business Associate Agreements with vendors and partners
  • Privacy Rule controls — dedicated controls for patient data handling, minimum necessary standard, and individual rights (covers 37+ §refs the HHS SRA Tool’s Security-Rule scope doesn’t address)
  • Breach Notification Rule — full coverage of §164.402–414 (Four-Factor Test, Individual / Media / HHS notification, BA reporting)
  • Security Risk Assessment — structured SRA workflow with native HHS/ONC SRA Tool v3.6.1 alignment (40-threat catalog, per-§ref question reference, calibrated 3×3 risk matrix)
  • regulatoryStatus tag per requirement — power users tracking what’s strictly binding today vs. proposed under the NPRM can filter by binding-with-proposed-changes vs nprm-proposed-new

Multi-Framework Compliance

Regentra is designed for organizations that need to satisfy more than one framework simultaneously. Here is how multi-framework compliance works in practice:
  • Adopt as many frameworks as you need — there is no limit on the number of active frameworks per organization
  • The CCF consolidates overlapping controls — when two frameworks require the same security measure, you manage it as one control with mappings to both
  • Status and evidence propagate — marking a shared control as Implemented updates its status across every mapped framework
  • Reports can be generated per framework — even though controls are shared internally, reports are scoped to a single framework for auditor consumption
Unadopting a framework removes it from your active view and dashboard but does not delete the underlying controls or evidence. You can re-adopt at any time to restore the framework view.
If your client is preparing for both HIPAA and SOC 2, adopt both frameworks early. The CCF will show you exactly how much overlap exists, and you can prioritize shared controls to maximize progress across both standards at once.