(sometimes) controversial §You don’t always need that, synergies, compatibility or government guidance is enough §ISO 27001 vs. NIST RMF (Not the same, but once you have ISO, RMF gets easier) §California Data Protection Laws (CCPA), UK Data Protection Laws, GDPR (close enough) §Australian APP vs. GDPR (guidance) §What’s Missing? §FedRAMP §UK has NCSC Cloud Security Guidance §Where’s the rest? J DATA PROTECTION THE GOOD…