Enterprise security strategy
Strategy planning workspace
Company pending
Select a company
Company and framework setup
Prepare the company profile, operating context, and framework inputs that will be reviewed before AI control-scope generation.
Northstar AI ยท 3 accepted
Suggested setup inputs
AI uses the company name as a starting point, then keeps every field editable and reviewable before the final setup readiness check.
Recommended frameworks
Run company lookup firstAfter company lookup, Stratify pre-fills direct-fit frameworks with known source content. Conditional, contractual, or unusual frameworks can still be added through search or import.
Enter a company name and run AI autofill. Framework matches will appear here before the user needs to import anything.
Operating context
SaaS and software profiles emphasize customer trust, identity, uptime, privacy, and audit readiness. These fields shape which frameworks are appropriate before setup moves to readiness review.
Framework scope
3 includedThese selected frameworks become setup inputs for the next review step. Any selected framework with 0 controls needs an exact catalog upload before setup can continue.
NIST CSF 2.0
IncludedBest strategic baseline for SMB program maturity
Broad cybersecurity baseline suitable across IT and OT when controls are tagged by environment.
106 controls
ISO/IEC 27001:2022 + 27002:2022
IncludedUseful when customers or partners expect formal ISMS language
General ISMS framework useful across industries for audit and customer assurance.
93 controls
CIS Controls v8
IncludedPractical safeguard checklist for implementation planning
Practical IT safeguard checklist.
153 controls
Add or import framework
Use this when the user needs a conditional, contractual, or organization-specific framework. The lookup result stays next to the Add action so the exception is deliberate.