Key frameworks: GDPR (EU personal data), HIPAA (US healthcare PHI), PCI DSS (payment cards global), SOX (US public companies financial), FISMA (US federal systems), CMMC (US defense contractors).
Multiple frameworks may apply simultaneously. Map controls to all applicable frameworks once and demonstrate compliance for all. Common control framework approach: implement strong controls once, map to all requirements. CIS Controls → ISO 27001 → NIST CSF → PCI DSS → HIPAA: all map to similar underlying security practices.