Aligned with standards — without hard-coding them
Default framework:
- BSI IT-Grundschutz (starting point)
Additionally supported:
- ENISA NIS2 guidance
- ISO/IEC 27001
- CIS Controls / Benchmarks
- Custom organizational controls
Control frameworks are metadata and mappings, not logic.
Changing or adding a framework does not change system behavior.