> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> Semgrep provides security tooling that can support compliance efforts, but does not guarantee compliance. Organizations remain responsible for meeting all compliance requirements. Consult with your compliance team and auditors to determine how Semgrep fits into your compliance program.

Semgrep can help address security requirements in the following compliance frameworks and standards:

### Government and federal standards

* **[FedRAMP](/compliance/fedramp):** Federal Risk and Authorization Management Program for cloud services used by U.S. federal agencies
* **[NIST 800-171](/compliance/nist-800-171):** Protecting Controlled Unclassified Information (CUI) in nonfederal systems

### Healthcare and privacy

* **[HIPAA/HITRUST](/compliance/hipaa-hitrust):** Health Insurance Portability and Accountability Act and HITRUST Common Security Framework
* **[GDPR](/compliance/gdpr):** General Data Protection Regulation for protecting personal data of EU residents

### Financial services

* **[PCI DSS](/compliance/pci-dss):** Payment Card Industry Data Security Standard for protecting cardholder data

### Information security standards

* **[ISO 27001](/compliance/iso27001):** International standard for information security management systems (ISMS)
* **[ISO 27017](/compliance/iso-27017):** Code of practice for information security controls for cloud services

### SOC 2

* **[SOC 2](/compliance/soc2):** Service Organization Control 2 for security, availability, processing integrity, confidentiality, and privacy

## Getting started with compliance

<Steps>
  <Step>
    **Review the specific framework page** relevant to your organization from the list above
  </Step>

  <Step>
    **Understand which controls** Semgrep can help address in your compliance program
  </Step>

  <Step>
    **Deploy Semgrep** following the [core deployment guide](/deployment/core-deployment)
  </Step>

  <Step>
    **Configure policies** that align with your compliance requirements
  </Step>

  <Step>
    **Work with your compliance team** to incorporate Semgrep into your compliance documentation and audit processes
  </Step>
</Steps>

For questions about how Semgrep fits into your specific compliance program, contact your compliance team or [Semgrep support](/support).
