Compliance Reference Cards

Why these three

The frameworks
that get asked
about most.

PCI-DSS for payment environments. NIST 800-53 for federal and FedRAMP. SOC 2 for SaaS audit cycles. The three frameworks that show up in every modern security questionnaire, every audit, every onboarding deck.

Each card distills the spec down to what you actually use day-to-day. The version numbers, the requirement highlights, the audit checklists, the assessment commands. Two sides. One card. One framework.

01 PCI-DSS v4.0.1

Payment card security,
without the 360 pages.

The v4.0 changes from v3.2.1, requirement by requirement. Authentication highlights from Req 8. The scoping checklist that catches half of all audit findings before they happen.

v4.0 key changes from v3.2.1
Authentication highlights (Req 8): MFA, length, lockout
Scoping checklist for the cardholder data environment
Common audit findings to avoid
Runnable Linux assessment commands

Buy PCI-DSS on Etsy

PCI-DSS v4.0 Quick Reference Card, light theme with black accent, on a warm walnut desk

02 NIST 800-53 Rev 5

Twenty control families,
at a glance.

The full control catalog reduced to the essentials: family overview, implementation checklist, framework crosswalk, Privacy Controls (PT) family that's new in Rev 5, and the impact baseline matrix.

20 control families overview (AC through SR)
Implementation checklist (categorize, baselines, tailoring)
Framework crosswalk: FedRAMP, PCI, HIPAA, SOC 2, ISO 27001, CMMC 2.0
Privacy Controls (PT) family — new in Rev 5
Impact baseline matrix (low / moderate / high / privacy)

Buy NIST 800-53 on Etsy

NIST 800-53 Rev 5 Quick Reference Card, light theme with black accent, showing 20 control families overview

03 SOC 2 Type II

Trust Services,
distilled.

Five Trust Services Criteria. Type I versus Type II. Common Criteria CC1 through CC9. Audit-readiness checklist. The card SaaS GRC teams keep within reach during every customer review meeting.

5 Trust Services Criteria (TSC): Security, Availability, Processing Integrity, Confidentiality, Privacy
Type I vs Type II side-by-side comparison
Common Criteria CC1 through CC9 breakdown
Audit readiness checklist
Common audit findings

Buy SOC 2 on Etsy

SOC 2 Quick Reference Card, light theme with black accent

Made for the desk

Heavy lamination,
rounded corners,
built to outlast the spec.

Close-up of an Ekilora reference card showing the laminated rounded corner and ekilora.com footer detail

Each card is laser-printed on premium card stock, then professionally laminated and trimmed with rounded corners. The lamination is sealed at the edges, so liquid spills bead off the surface and dry without warping the paper underneath.

Every card is two-sided, so you flip it once and have the full reference. No folding. No bending. No printing it out fresh every six months when the previous one falls apart.

Made and laminated in the USA. Built for the people who work at the desk every day.