Frameworks & crosswalks
Keel is built around one principle: collect once, comply everywhere. Instead of running a separate project for every standard, you maintain a single control library, and Keel maps each control to every framework requirement it satisfies. Do the work once and it counts everywhere it applies.
How the crosswalk works
Section titled “How the crosswalk works”A requirement is what a framework asks for. A control is what you do to satisfy it. Because security fundamentals overlap heavily across standards, one control — say, enforcing multi-factor authentication — maps to requirements in many frameworks at once. Keel maintains those mappings for you, so when you implement a control and attach evidence, your coverage improves across every applied framework simultaneously.
This is why adding a second or third framework is far less work than the first: much of what you’ve already implemented and evidenced carries straight over through the crosswalk.
Applying a framework
Section titled “Applying a framework”From the Get started hub or the Frameworks area, apply a framework and Keel seeds a curated, pre-mapped starter control set for it in one click. You get a structured library aligned to that standard’s requirements, not a blank slate. Your readiness score then reflects the share of that framework’s in-scope requirements covered by an implemented control.
Framework breadth
Section titled “Framework breadth”Keel’s catalog spans the standards SMBs are most often asked for, including:
- SOC 2 (Trust Services Criteria)
- ISO/IEC 27001 (ISMS + Annex A)
- PCI DSS
- HIPAA
- NIST Cybersecurity Framework (CSF)
- CIS Critical Security Controls
- NIST SP 800-171
- GDPR
- ISO 9001 quality, ESG, and more
Some frameworks are available to apply today; others are on the way, and the in-app catalog shows each one’s status, version, and availability. Availability also depends on your plan — NIST CSF is free, other frameworks are included or added à la carte depending on your tier.
Managing scope
Section titled “Managing scope”- Set each control’s status in Controls; mark a control N/A to remove its requirements from scope for a framework.
- Add frameworks as your needs grow — the crosswalk means shared controls only have to be implemented and evidenced once.
- Use AI implementation guidance on any control to get plain-English steps and the exact evidence to collect.