One vulnerability-management evidence trail.
Every regulation that asks for it.
Centraleyezer captures the vulnerability data, remediation timelines, risk-acceptance records, and per-finding audit history that EU and UAE regulators expect — in a single queryable trail. Pick a regulation below to see exactly which controls it maps to.
Centraleyezer supports your compliance work with evidence and audit trails. It does not generate the framework-specific compliance reports themselves — that remains your team's responsibility.
NIS2 Directive
European Union
Essential and important entities under EU Directive 2022/2555.
Key control: Article 21(2)(e) — vulnerability handling and disclosure as one of the ten minimum cybersecurity-risk measures.
See coverageDigital Operational Resilience Act
European Union
Banks, insurers, investment firms, payment institutions, crypto-asset service providers, ICT third parties.
Key control: Article 9(4)(b) — ICT vulnerability and patch management. Articles 8, 10, 25 cover identification, detection and threat-led testing.
See coverageISO/IEC 27001:2022
International
Any organisation seeking certified information-security management.
Key control: Annex A.8.8 — Management of Technical Vulnerabilities.
See coveragePCI Data Security Standard
Global (cardholder data)
Any merchant or processor handling cardholder data.
Key control: Requirement 6 — develop and maintain secure systems; vulnerability identification, ranking, and patching SLAs.
See coverageEU Cyber Resilience Act
European Union
Manufacturers and distributors of products with digital elements.
Key control: Vulnerability handling across the product lifecycle, ENISA notification within 24/72 hours, SBOM obligations.
See coverageUAE Information Assurance Standards
United Arab Emirates
Federal entities and Critical Information Infrastructure operators (CII).
Key control: T7.5 — vulnerability assessment, penetration testing and patch management; supervised by the Signals Intelligence Agency (SIA / formerly NESA).
See coverageCentral Bank of the UAE — Cyber Risk Regulation
United Arab Emirates
Licensed banks, exchange houses, finance companies, payment-service providers.
Key control: Vulnerability and threat management, annual / event-driven penetration testing, board-level cyber-risk reporting.
See coverageHave a regulation you don't see here?
Centraleyezer's audit trail is regulation-agnostic — most frameworks ask for the same evidence patterns under different names. Tell us yours and we'll map it.