O Serviço INDUSTRY-STANDARD SECURITY FRAMEWORK GAP ANALYSIS pode ser executado tendo como referência qualquer framework do mercado, tais como:

​​

• National Institute of Technologies (NIST) Cybersecurity Framework (CSF)

• NIST Special Publication (SP) 800-82 Guide to Industrial Control Systems (ICS) Security

• MITRE ATT&CK

• International Office of Standardization (ISO) 27001

• Center for Internet Security (CIS) Controls

• Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

• Control Objectives for Information Technology (COBIT)

• Payment Card Industry Data Security Standard (PCI DSS)

• Cybersecurity and Infrastructure Security Agency (CISA) Transporation Systems Sector (TSS) Cybersecurity Framework

• National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)

• Cybersecurity Maturity Model Certification (CMMC)

• European Telecommunications Standards Institute (ETSI)

• European Union Agency for Cybersecurity (ENISA) National Capabilities Assessment Framework

• Factor Analysis of Information Risk (FAIR) Cyber Risk Framework

• HITRUST Cybersecurity Framework (CSF)

• International Society of Automation (ISA/IEC 62443)

• International Telecommunications Union (ITU) National Cybersecurity/ Critical Information Infrastructure Protection (CIIP)

• Internet of Things (IoT) Cybersecurity Alliance (IOTCA)

• Internet of Things (IoT) Security Foundation (IoTSF) Security Compliance Framework

​​

Além destes, qualquer outro framework pode ser eleito como baseline para a realização do serviço.