ForgeAwareness
Get started
Shop/Annual Training
Tier 2Bundle

Browse the live library, sample one month, and preview the calendar

Browse the library →Free preview — no purchase required

About this product

Built for CISOs, GRC leads, and compliance officers heading into a SOC 2, ISO, PCI, or HIPAA audit. Every ForgeAwareness product is mapped to specific control identifiers in six major frameworks: NIST Cybersecurity Framework 2.0 (Feb 2024), ISO/IEC 27001:2022 + Annex A, CIS Controls v8.1 (June 2024), SOC 2 Trust Services Criteria (2017 + 2022 PoF), PCI DSS v4.0.1, and HIPAA Security Rule. Each mapping shows the primary, contributing, or supporting role the product plays for each control; cites the actual control text; explains what's out of scope; and includes ready-to-fill audit evidence templates (training completion reports, policy acknowledgments, phishing simulation reports, manager reinforcement logs, role-based assignment matrices, and annual program reviews). Includes an auditor walkthrough script and 8 common audit gotchas. Lifetime updates included — refreshed within 30 days of any material framework change. Caveat: this is a defensible mapping, not legal advice; run it past your QSA or counsel before relying on it for a control attestation.

What's included

  • Master Mapping — every product × every framework, single-table view
  • Frameworks Reference — actual control text from all 6 frameworks (quote to auditors)
  • Per-Product Detail — every product's controls, evidence requirements, and out-of-scope notes
  • 8 Audit Evidence Templates — completion reports, acknowledgments, phishing reports, manager logs, role matrices
  • How-To-Use — auditor walkthrough script + 8 common gotchas
  • Coverage: NIST CSF 2.0, ISO 27001:2022, CIS Controls v8.1, SOC 2 (TSC 2017+2022), PCI DSS 4.0.1, HIPAA Security Rule
  • Lifetime updates included (frameworks evolve; we refresh)

Who it's for

  • CISOs preparing for SOC 2, ISO 27001, or PCI audits
  • GRC and compliance leads building the audit binder
  • Internal auditors mapping awareness controls
  • Sales engineers responding to security questionnaires

Licensing

Single-organization license. Unlimited internal distribution within your company. May be shown to your auditor, QSA, or certification body but not redistributed externally. Lifetime updates included.

Related products

Tier 2HTML Course & SCORM
Secure AI Use

Secure Use of AI at Work

A 30-minute course for all employees: approved vs. shadow AI tools, what data never goes into a public model, safer prompting habits, output verification, and AI-powered impersonation defense.

$299
View details →
Tier 2HTML Course & SCORM
New Hire Training

New Hire Cybersecurity Basics Course

A 25-minute HTML course that gets new employees from 'I have no idea' to safe defaults.

$799
View details →
Tier 2Toolkit
Manager Toolkits

Manager Security Toolkit — Annual Subscription

Ready-to-use monthly security conversation materials your managers can run in under 10 minutes. Scale behavior change through managers, no security expertise required.

Membership
View details →