DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

International (DAMA International)

v2nd Edition (2017)

18 domains

46 controls

The DAMA International Data Management Body of Knowledge (DAMA‑DMBOK2, 2017) is the definitive guide to data management disciplines. It covers 11 knowledge areas: Data Governance, Data Architecture, Data Modeling and Design, Data Storage and Operations, Data Security, Data Integration and Interoperability, Data Quality, Reference & Master Data, Data Warehousing & Business Intelligence, Document & Content Management, and Metadata Management.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (18)

Data Architecture

2 controls

Controls in the Data Architecture domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-DA-01	Enterprise Data Architecture	Maintain an enterprise data architecture including conceptual models, data flows, and reference architecture aligned to...
DMBOK-DA-02	Data Architecture Governance	Architecture changes follow review processes that assess impact on integration, quality, and compliance.

Data Architecture and Modeling

3 controls

Controls in the Data Architecture and Modeling domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DA-1	Enterprise Data Architecture	Define the overall structure of data and data-related resources as an integral part of the enterprise architecture.
DA-2	Data Modeling and Design	Analyze, design, build, test, and maintain data models representing business requirements and system structures.
DA-3	Data Architecture Standards	Maintain architectural standards and guidelines that direct data integration, data flow, and technology platform decisio...

Data Ethics and Maturity

3 controls

Controls in the Data Ethics and Maturity domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DEM-1	Data Ethics	Establish ethical guidelines for data collection, usage, sharing, and monetization that respect individual rights.
DEM-2	Data Management Maturity Assessment	Assess organizational data management maturity levels and establish improvement roadmaps for each knowledge area.
DEM-3	Big Data and Data Science	Manage the unique requirements of big data environments including volume, velocity, variety, and veracity considerations...

Data Governance

4 controls

Controls in the Data Governance domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 7 controls
Code	Title	Description
DG-1	Data Governance Strategy	Establish policies, decision rights, and accountabilities for the proper management of data assets across the organizati...
DG-2	Data Stewardship	Define data stewardship roles and responsibilities for oversight and accountability of data quality and usage.
DG-3	Data Policies and Standards	Develop and enforce organization-wide data policies, standards, and procedures for data management activities.
DMBOK-DG-01	Data Governance Strategy and Operating Model	Establish a governance operating model with steering committee, data council, stewards, and clear decision rights aligne...
DMBOK-DG-02	Data Policies and Standards	Define, publish, and enforce data policies, standards, and procedures covering classification, retention, sharing, and q...
DMBOK-DG-03	Data Stewardship Network	Appoint business and technical stewards with documented responsibilities and engagement cadence.
DMBOK-DG-04	Data Management Maturity Assessment	Periodically assess maturity across knowledge areas and prioritise improvements.

Data Governance

3 controls

Controls in the Data Governance domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 7 controls
Code	Title	Description
DG-1	Data Governance Strategy	Establish policies, decision rights, and accountabilities for the proper management of data assets across the organizati...
DG-2	Data Stewardship	Define data stewardship roles and responsibilities for oversight and accountability of data quality and usage.
DG-3	Data Policies and Standards	Develop and enforce organization-wide data policies, standards, and procedures for data management activities.
DMBOK-DG-01	Data Governance Strategy and Operating Model	Establish a governance operating model with steering committee, data council, stewards, and clear decision rights aligne...
DMBOK-DG-02	Data Policies and Standards	Define, publish, and enforce data policies, standards, and procedures covering classification, retention, sharing, and q...
DMBOK-DG-03	Data Stewardship Network	Appoint business and technical stewards with documented responsibilities and engagement cadence.
DMBOK-DG-04	Data Management Maturity Assessment	Periodically assess maturity across knowledge areas and prioritise improvements.

Data Integration and Interoperability

2 controls

Controls in the Data Integration and Interoperability domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-DI-01	Data Integration Architecture	Design and govern integration patterns (ETL, ELT, streaming, replication, APIs) consistently across the enterprise.
DMBOK-DI-02	Data Lineage and Movement	Document end-to-end data lineage from sources through transformations to consumers.

Data Integration, Quality and Metadata

3 controls

Controls in the Data Integration, Quality and Metadata domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DIQ-1	Data Integration and Interoperability	Manage data acquisition, extraction, transformation, movement, delivery, replication, federation, and virtualization.
DIQ-2	Data Quality Management	Define, monitor, and maintain data integrity through profiling, cleansing, matching, and continuous improvement.
DIQ-3	Metadata Management	Collect, categorize, maintain, integrate, and deliver metadata to support data management and governance.

Data Modeling and Design

2 controls

Controls in the Data Modeling and Design domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-DM-01	Conceptual, Logical, and Physical Data Models	Develop layered data models with traceability from business concepts to physical implementation.
DMBOK-DM-02	Modeling Standards and Naming Conventions	Apply consistent naming, abbreviation, and modeling notation standards across the enterprise.

Data Quality

3 controls

Controls in the Data Quality domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DMBOK-DQ-01	Data Quality Management Program	Establish a DQ program with dimensions (accuracy, completeness, consistency, timeliness, validity, uniqueness), KPIs, an...
DMBOK-DQ-02	Data Profiling and Monitoring	Profile critical data elements regularly and monitor quality against thresholds with alerts.
DMBOK-DQ-03	Data Quality Issue Resolution	Track quality issues to root cause and implement preventive controls.

Data Security

3 controls

Controls in the Data Security domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DMBOK-DSec-01	Data Security Classification	Classify data by sensitivity and apply controls commensurate with classification levels.
DMBOK-DSec-02	Access Controls and Privileged Access	Implement role-based access, least privilege, and review privileged accounts regularly.
DMBOK-DSec-03	Data Masking and Encryption	Protect data at rest and in transit using encryption, masking, or tokenisation appropriate to risk.

Data Storage and Operations

2 controls

Controls in the Data Storage and Operations domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-DS-01	Database Design and Operations	Design databases for performance, availability, and recoverability with documented operations.
DMBOK-DS-02	Database Performance and Capacity Management	Monitor performance, plan capacity, and tune database environments proactively.

Data Storage, Operations and Security

3 controls

Controls in the Data Storage, Operations and Security domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DSO-1	Data Storage and Operations	Manage structured physical data assets through storage deployment, maintenance, and operations support.
DSO-2	Data Security	Ensure privacy, confidentiality, and appropriate access controls for personal, health, and private data.
DSO-3	Data Access Management	Control and monitor access to data assets through authentication, authorization, and audit mechanisms.

Data Warehousing and BI

2 controls

Controls in the Data Warehousing and BI domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-DW-01	Data Warehouse and BI Architecture	Provide integrated analytical data via warehouse, marts, or lakehouse aligned to reporting needs.
DMBOK-DW-02	Analytical Data Quality and Reconciliation	Reconcile analytical outputs against sources and certify reports for trust.

Documents and Content

1 controls

Controls in the Documents and Content domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 1 controls
Code	Title	Description
DMBOK-DOC-01	Document and Content Management	Manage unstructured documents and records with classification, retention, and search capability.

Documents, Content and Business Intelligence

3 controls

Controls in the Documents, Content and Business Intelligence domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
DCB-1	Document and Content Management	Store, protect, index, and enable access to data found in unstructured sources including electronic files and physical r...
DCB-2	Data Warehousing	Manage analytical data processing through data warehouse design, ETL processes, and dimensional modeling.
DCB-3	Business Intelligence and Analytics	Enable access to decision support data for reporting, analysis, and data-driven decision making.

Metadata

2 controls

Controls in the Metadata domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-META-01	Metadata Management Strategy	Capture business, technical, and operational metadata in a managed metadata repository.
DMBOK-META-02	Business Glossary and Data Dictionary	Maintain shared business definitions and link them to physical implementations.

Reference Data and Master Data

3 controls

Controls in the Reference Data and Master Data domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 3 controls
Code	Title	Description
RMD-1	Reference Data Management	Manage shared reference data sets to reduce redundancy and ensure standardized definition and use of data values.
RMD-2	Master Data Management	Establish authoritative sources for master data entities and implement processes to maintain data consistency.
RMD-3	Data Matching and Linking	Implement matching algorithms and linking processes to resolve duplicates and maintain a single view of entities.

Reference and Master Data

2 controls

Controls in the Reference and Master Data domain of DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) — 2 controls
Code	Title	Description
DMBOK-RMD-01	Reference Data Management	Govern reference data (codes, lookups, taxonomies) with authoritative sources and change control.
DMBOK-RMD-02	Master Data Management	Implement MDM for critical entities (customer, product, employee) with matching, survivorship, and stewardship.

Your Compliance Coverage

If you comply with DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition), you already cover:

Nebraska Data Privacy Act

15%

7 controls mapped

Compare →

SLSA

13%

6 controls mapped

Compare →

SIG (Shared Assessments)

13%

6 controls mapped

Compare →

+ 274 more: OWASP SAMM (13%), ISO/IEC 27011:2024 (13%)

See all 277 mapped frameworks ↓

Maps to 277 other frameworks

46 total controls

Nebraska Data Privacy Act

7 source controls mapped|5 target controls covered

15%

SLSA

6 source controls mapped|2 target controls covered

13%

SIG (Shared Assessments)

6 source controls mapped|3 target controls covered

13%

OWASP SAMM

6 source controls mapped|3 target controls covered

13%

ISO/IEC 27011:2024

6 source controls mapped|6 target controls covered

13%

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

6 source controls mapped|8 target controls covered

13%

ISO/SAE 21434

6 source controls mapped|6 target controls covered

13%

ISO 27043

6 source controls mapped|6 target controls covered

13%

SOC 2

6 source controls mapped|7 target controls covered

13%

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

6 source controls mapped|4 target controls covered

13%

Virginia CDPA

6 source controls mapped|3 target controls covered

13%

Uruguay DPL

6 source controls mapped|3 target controls covered

13%

Texas Data Privacy Act

6 source controls mapped|3 target controls covered

13%

Taiwan PDPA

6 source controls mapped|3 target controls covered

13%

Bahrain PDPL

6 source controls mapped|5 target controls covered

13%

APPI

6 source controls mapped|4 target controls covered

13%

Nigeria Data Protection Act 2023 (NDPA)

6 source controls mapped|5 target controls covered

13%

South Korea PIPA

6 source controls mapped|4 target controls covered

13%

NIST Cybersecurity Framework 2.0

5 source controls mapped|10 target controls covered

11%

UK Gambling Commission - Cyber Resilience Requirements

5 source controls mapped|2 target controls covered

11%

FTC GLBA Safeguards Rule (16 CFR Part 314)

5 source controls mapped|2 target controls covered

11%

ISO 27017

5 source controls mapped|7 target controls covered

11%

Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)

5 source controls mapped|3 target controls covered

11%

ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary

5 source controls mapped|5 target controls covered

11%

IEC 62351 - Power Systems Communication Security

5 source controls mapped|4 target controls covered

11%

ISO 28001:2007 Supply Chain Security Management

5 source controls mapped|2 target controls covered

11%

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

5 source controls mapped|5 target controls covered

11%

ISO/IEC 25012:2008 - Data Quality Model

5 source controls mapped|4 target controls covered

11%

ISO/IEC 23894:2023

5 source controls mapped|5 target controls covered

11%

Azure Security Benchmark

5 source controls mapped|8 target controls covered

11%

NIST SP 800-190

5 source controls mapped|7 target controls covered

11%

NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices

5 source controls mapped|4 target controls covered

11%

AICPA Privacy Management Framework (PMF)

5 source controls mapped|3 target controls covered

11%

AWS Well-Architected Security Pillar

5 source controls mapped|7 target controls covered

11%

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

5 source controls mapped|5 target controls covered

11%

Annex 11 to EU GMP - Computerised Systems

5 source controls mapped|4 target controls covered

11%

ISO 27018

5 source controls mapped|7 target controls covered

11%

SSAE 18 - Attestation Standards (SOC Reporting)

5 source controls mapped|8 target controls covered

11%

POPIA

5 source controls mapped|4 target controls covered

11%

Vietnam PDPD

5 source controls mapped|3 target controls covered

11%

Turkey KVKK

5 source controls mapped|3 target controls covered

11%

Qatar DPL

5 source controls mapped|3 target controls covered

11%

Privacy Act 2020

5 source controls mapped|5 target controls covered

11%

Peru DPL

5 source controls mapped|2 target controls covered

11%

Personal Data Act (personopplysningsloven)

5 source controls mapped|4 target controls covered

11%

PDPA Thailand

5 source controls mapped|4 target controls covered

11%

PDPA Singapore

5 source controls mapped|4 target controls covered

11%

Oregon Consumer Privacy Act

5 source controls mapped|4 target controls covered

11%

NIST SP 800-122

5 source controls mapped|5 target controls covered

11%

Nigeria Data Protection Regulation (NDPR)

5 source controls mapped|4 target controls covered

11%

New Jersey Data Privacy Act

5 source controls mapped|3 target controls covered

11%

New Hampshire Data Privacy Act

5 source controls mapped|4 target controls covered

11%

Montana Consumer Data Privacy Act

5 source controls mapped|4 target controls covered

11%

Minnesota Consumer Data Privacy Act

5 source controls mapped|3 target controls covered

11%

Mexico LFPDPPP

5 source controls mapped|5 target controls covered

11%

Mauritius DPA

5 source controls mapped|5 target controls covered

11%

Maryland Online Data Privacy Act of 2024

5 source controls mapped|4 target controls covered

11%

Malaysia PDPA 2010

5 source controls mapped|3 target controls covered

11%

Liechtenstein DPA

5 source controls mapped|4 target controls covered

11%

LGPD

5 source controls mapped|4 target controls covered

11%

Ley Orgánica de Protección de Datos Personales (LOPDP)

5 source controls mapped|4 target controls covered

11%

Kentucky Consumer Data Protection Act

5 source controls mapped|4 target controls covered

11%

Jamaica Data Protection Act 2020

5 source controls mapped|4 target controls covered

11%

Iowa Consumer Data Protection Act

5 source controls mapped|4 target controls covered

11%

Indonesia PDP Law

5 source controls mapped|3 target controls covered

11%

Indiana Consumer Data Protection Act

5 source controls mapped|3 target controls covered

11%

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)

5 source controls mapped|4 target controls covered

11%

Family Educational Rights and Privacy Act (FERPA)

5 source controls mapped|4 target controls covered

11%

PTES

5 source controls mapped|3 target controls covered

11%

OWASP MASVS

5 source controls mapped|3 target controls covered

11%

OWASP DevSecOps Maturity Model (DSOMM)

5 source controls mapped|4 target controls covered

11%

OpenSSF Scorecard

5 source controls mapped|3 target controls covered

11%

NIST SP 800-92

5 source controls mapped|3 target controls covered

11%

NIST SP 800-88

5 source controls mapped|2 target controls covered

11%

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

5 source controls mapped|4 target controls covered

11%

NIST SP 800-63-4

5 source controls mapped|3 target controls covered

11%

NIST SP 800-61

5 source controls mapped|2 target controls covered

11%

NIST SP 800-137

5 source controls mapped|3 target controls covered

11%

NIST SP 800-123

5 source controls mapped|3 target controls covered

11%

NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)

5 source controls mapped|2 target controls covered

11%

MITRE ATT&CK

5 source controls mapped|4 target controls covered

11%

IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)

5 source controls mapped|4 target controls covered

11%

IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)

5 source controls mapped|4 target controls covered

11%

FedRAMP Rev 5

5 source controls mapped|3 target controls covered

11%

WCAG 2.2

4 source controls mapped|1 target controls covered

UK GDPR (UK General Data Protection Regulation)

4 source controls mapped|2 target controls covered

UK AI Regulation Framework

4 source controls mapped|2 target controls covered

Florida Digital Bill of Rights (FDBR)

4 source controls mapped|2 target controls covered

PCI P2PE

4 source controls mapped|4 target controls covered

ASIS SPC.1-2009 - Organizational Resilience Standard

4 source controls mapped|4 target controls covered

ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence

4 source controls mapped|10 target controls covered

ISO/IEC 23837 - Security Requirements for Quantum Key Distribution

4 source controls mapped|4 target controls covered

Illinois Biometric Information Privacy Act (BIPA)

4 source controls mapped|4 target controls covered

Barbados Data Protection Act 2019

4 source controls mapped|2 target controls covered

APRA CPS 234

4 source controls mapped|5 target controls covered

ISO/IEC 27400:2022

4 source controls mapped|4 target controls covered

PCI PIN Security

4 source controls mapped|5 target controls covered

PCI SSF

4 source controls mapped|4 target controls covered

ISO/IEC 27006:2024

4 source controls mapped|4 target controls covered

ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories

4 source controls mapped|7 target controls covered

ISO 8000 - Data Quality

4 source controls mapped|3 target controls covered

ISO/IEC 27031:2011

4 source controls mapped|5 target controls covered

ISO 19011

4 source controls mapped|4 target controls covered

ISO 22320:2018

4 source controls mapped|4 target controls covered

FFIEC IT Examination Handbook

4 source controls mapped|4 target controls covered

ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)

4 source controls mapped|4 target controls covered

SANS Incident Handler's Handbook and PICERL Methodology

4 source controls mapped|5 target controls covered

ISO/IEC 29115:2023 - Entity Authentication Assurance Framework

4 source controls mapped|4 target controls covered

Protective Security Policy Framework (PSPF) Release 2024

4 source controls mapped|3 target controls covered

OWASP Top 10:2025

4 source controls mapped|1 target controls covered

O-RAN WG11 Security Specification

4 source controls mapped|3 target controls covered

NIST SP 800-146

4 source controls mapped|4 target controls covered

NIST SP 800-145

4 source controls mapped|3 target controls covered

NIST SP 800-144

4 source controls mapped|3 target controls covered

MTCS (Singapore)

4 source controls mapped|5 target controls covered

ISMAP (Japan)

4 source controls mapped|4 target controls covered

IATA Operational Safety Audit (IOSA) Standards Manual

4 source controls mapped|2 target controls covered

Trinidad and Tobago Data Protection Act 2011

3 source controls mapped|3 target controls covered

Tanzania Personal Data Protection Act (Draft)

3 source controls mapped|2 target controls covered

NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)

3 source controls mapped|2 target controls covered

ITU-T X.805 - Security Architecture for End-to-End Communications

3 source controls mapped|3 target controls covered

French Sapin II Law (Law No. 2016-1691)

3 source controls mapped|1 target controls covered

ISO 56002

3 source controls mapped|7 target controls covered

ISO 41001:2018 - Facility Management Systems

3 source controls mapped|6 target controls covered

ISO 39001:2012 - Road Traffic Safety Management

3 source controls mapped|6 target controls covered

ISO 37002:2021 - Whistleblowing Management Systems

3 source controls mapped|6 target controls covered

ISO 22313:2020 - Guidance on Business Continuity Management Systems

3 source controls mapped|6 target controls covered

ISO/IEC 30111:2019

3 source controls mapped|3 target controls covered

ISO/IEC 29147:2018

3 source controls mapped|3 target controls covered

ISO/IEC 27050 - Electronic Discovery (Parts 1-4)

3 source controls mapped|1 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

3 source controls mapped|1 target controls covered

21 CFR Part 58 - Good Laboratory Practice (GLP)

3 source controls mapped|2 target controls covered

ISO/IEC 27557:2022 - Organisational Privacy Risk Management

3 source controls mapped|4 target controls covered

BRCGS Global Standard for Food Safety Issue 9

3 source controls mapped|5 target controls covered

IEC 60601-1 - Medical Electrical Equipment Safety

3 source controls mapped|2 target controls covered

ISO/IEC 29134:2023

3 source controls mapped|3 target controls covered

ISO/IEC 27014:2020

3 source controls mapped|4 target controls covered

NIST AI Risk Management Framework (AI RMF 1.0)

3 source controls mapped|2 target controls covered

ISO/IEC 38500:2024 - Governance of IT

3 source controls mapped|4 target controls covered

ISO 20000-1

3 source controls mapped|2 target controls covered

ISO/IEC 27004:2016

3 source controls mapped|3 target controls covered

AS9100D - Aerospace Quality Management System

3 source controls mapped|4 target controls covered

ISO/IEC 27003:2017

3 source controls mapped|4 target controls covered

FFIEC Cybersecurity Assessment Tool (CAT)

3 source controls mapped|4 target controls covered

21 CFR Part 211 - Current Good Manufacturing Practice

3 source controls mapped|1 target controls covered

ISO 37000:2021 - Governance of Organizations

3 source controls mapped|3 target controls covered

Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)

3 source controls mapped|2 target controls covered

ISO/IEC 29100:2024

3 source controls mapped|3 target controls covered

IEC 62304:2015 Medical Device Software Lifecycle Processes

3 source controls mapped|5 target controls covered

ASD Strategies to Mitigate Cyber Security Incidents

3 source controls mapped|6 target controls covered

ISO/IEC 27007:2020

3 source controls mapped|2 target controls covered

FedRAMP High

3 source controls mapped|1 target controls covered

NIST SP 800-53 Revision 5.1 HIGH

3 source controls mapped|1 target controls covered

FedRAMP Moderate

3 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5 MODERATE

3 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5 LOW

3 source controls mapped|1 target controls covered

Azerbaijan Law on Personal Data (2010)

3 source controls mapped|1 target controls covered

COBIT 2019

3 source controls mapped|2 target controls covered

Automotive SPICE (ASPICE) v4.0 - Process Assessment Model

3 source controls mapped|2 target controls covered

IAIS Insurance Core Principles (ICPs)

3 source controls mapped|1 target controls covered

ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)

3 source controls mapped|2 target controls covered

ITIL 4

3 source controls mapped|2 target controls covered

ISO 20400:2017 - Sustainable Procurement

3 source controls mapped|3 target controls covered

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

3 source controls mapped|1 target controls covered

ISO 31000:2018

3 source controls mapped|1 target controls covered

UNESCO Recommendation on the Ethics of AI

3 source controls mapped|1 target controls covered

Law No. 172-13 on the Protection of Personal Data

3 source controls mapped|2 target controls covered

India DPDP Act

3 source controls mapped|2 target controls covered

ICH E6(R3) - Good Clinical Practice

3 source controls mapped|3 target controls covered

W3C Verifiable Credentials (VC) Data Model 2.0

3 source controls mapped|2 target controls covered

Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter

3 source controls mapped|1 target controls covered

TISAX - Trusted Information Security Assessment Exchange

3 source controls mapped|2 target controls covered

Regulation on the European Health Data Space (EHDS)

3 source controls mapped|2 target controls covered

PSD2 SCA

3 source controls mapped|2 target controls covered

OSFI B-13

3 source controls mapped|2 target controls covered

Open Banking Security

3 source controls mapped|2 target controls covered

Monetary Authority of Singapore Technology Risk Management Guidelines

3 source controls mapped|2 target controls covered

ITAR - International Traffic in Arms Regulations

3 source controls mapped|4 target controls covered

HKMA SPM

3 source controls mapped|2 target controls covered

GLI-33 - Gaming Laboratories International Event Wagering Systems

3 source controls mapped|2 target controls covered

GLBA

3 source controls mapped|2 target controls covered

GAMP 5 - Good Automated Manufacturing Practice

3 source controls mapped|4 target controls covered

TSA Pipeline Cybersecurity Directives

3 source controls mapped|1 target controls covered

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

3 source controls mapped|1 target controls covered

Oman National Cybersecurity Framework

3 source controls mapped|2 target controls covered

NIST Privacy Framework

3 source controls mapped|4 target controls covered

NIS2 Directive Implementing Acts

3 source controls mapped|2 target controls covered

NIS2 Directive

3 source controls mapped|3 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

3 source controls mapped|4 target controls covered

IEEE 1686

3 source controls mapped|2 target controls covered

IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems

3 source controls mapped|3 target controls covered

HITECH Act

3 source controls mapped|4 target controls covered

Canada ITSG-33 - IT Security Risk Management

3 source controls mapped|2 target controls covered

API 1164

3 source controls mapped|6 target controls covered

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

3 source controls mapped|9 target controls covered

NIST SP 1800-32

3 source controls mapped|6 target controls covered

ISO 27019

3 source controls mapped|6 target controls covered

IEC 62443

3 source controls mapped|6 target controls covered

NIST SP 800-53 Rev 5

3 source controls mapped|11 target controls covered

UK FCA/PRA Operational Resilience Framework

2 source controls mapped|1 target controls covered

OECD AI Principles

2 source controls mapped|1 target controls covered

Japan AI Guidelines

2 source controls mapped|1 target controls covered

IEEE 7000

2 source controls mapped|2 target controls covered

GS1 Global Standards - Supply Chain Traceability and Data Security

2 source controls mapped|2 target controls covered

UK Bribery Act 2010

2 source controls mapped|1 target controls covered

PIC/S Guide to Good Manufacturing Practice for Medicinal Products

2 source controls mapped|4 target controls covered

Philippines Cybercrime Prevention Act (RA 10175)

2 source controls mapped|1 target controls covered

OCC Heightened Standards (12 CFR Part 30, Appendix D)

2 source controls mapped|1 target controls covered

NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity

2 source controls mapped|2 target controls covered

Notifiable Data Breaches Scheme (Australia)

2 source controls mapped|1 target controls covered

NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)

2 source controls mapped|1 target controls covered

ITU Radio Regulations and Space Security Standards

2 source controls mapped|1 target controls covered

Israel Protection of Privacy Law (5741-1981)

2 source controls mapped|2 target controls covered

ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions)

2 source controls mapped|2 target controls covered

ICH Q10 - Pharmaceutical Quality System

2 source controls mapped|2 target controls covered

IATF 16949:2016 - Quality Management System for Automotive Production

2 source controls mapped|3 target controls covered

FDA Quality Management System Regulation (QMSR)

2 source controls mapped|3 target controls covered

FATF Recommendation 16 - Virtual Asset Travel Rule

2 source controls mapped|1 target controls covered

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

2 source controls mapped|4 target controls covered

Authorised Economic Operator (AEO) Programmes - Global Standards

2 source controls mapped|2 target controls covered

Sigstore - Software Artifact Signing and Verification

2 source controls mapped|1 target controls covered

NIST SP 800-66

2 source controls mapped|3 target controls covered

MDS2 (Medical Device)

2 source controls mapped|3 target controls covered

MARS-E

2 source controls mapped|5 target controls covered

ICAO Annex 17 - Aviation Security (AVSEC)

2 source controls mapped|1 target controls covered

Ghana Cybersecurity Act

2 source controls mapped|3 target controls covered

FISMA

2 source controls mapped|1 target controls covered

FDA 21 CFR Part 11

2 source controls mapped|2 target controls covered

BSI IT-Grundschutz

2 source controls mapped|4 target controls covered

ISO 13485

2 source controls mapped|5 target controls covered

ISO/IEC 27010:2015

2 source controls mapped|2 target controls covered

ISO 27799

2 source controls mapped|4 target controls covered

MARS-E - Minimum Acceptable Risk Standards for Exchanges

2 source controls mapped|2 target controls covered

ISO 27002:2022

1 source controls mapped|1 target controls covered

SASB Standards

1 source controls mapped|1 target controls covered

BS 65000:2014 - Guidance on Organizational Resilience

1 source controls mapped|1 target controls covered

Voluntary Principles on Security and Human Rights (VPs)

1 source controls mapped|1 target controls covered

SA8000:2014 - Social Accountability Standard

1 source controls mapped|1 target controls covered

NIST SP 800-39

1 source controls mapped|1 target controls covered

NIST SP 800-37

1 source controls mapped|1 target controls covered

NIST SP 800-30

1 source controls mapped|1 target controls covered

GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6

1 source controls mapped|1 target controls covered

German Supply Chain Due Diligence Act (LkSG)

1 source controls mapped|1 target controls covered

Aged Care Quality Standards (Australia)

1 source controls mapped|1 target controls covered

ISO 37301

1 source controls mapped|1 target controls covered

ISO 30401

1 source controls mapped|1 target controls covered

EASA Part-IS - Information Security in Aviation

1 source controls mapped|1 target controls covered

ISO 55001

1 source controls mapped|1 target controls covered

ISO 22000

1 source controls mapped|1 target controls covered

ISO 9001

1 source controls mapped|3 target controls covered

ISO 27005

1 source controls mapped|1 target controls covered

ISO 45001

1 source controls mapped|1 target controls covered

ISO 31000

1 source controls mapped|1 target controls covered

ISO 37001

1 source controls mapped|1 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

1 source controls mapped|1 target controls covered

New Zealand Information Security Manual (NZISM)

1 source controls mapped|1 target controls covered

Nevada Gaming Control Board Cybersecurity Requirements

1 source controls mapped|1 target controls covered

NERC CIP

1 source controls mapped|1 target controls covered

NABERS - National Australian Built Environment Rating System

1 source controls mapped|1 target controls covered

Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018)

1 source controls mapped|1 target controls covered

Kenya Data Protection Act

1 source controls mapped|1 target controls covered

Japan FSA Cybersecurity Guidelines for Financial Institutions

1 source controls mapped|1 target controls covered

FIRST CSIRT Services Framework and Standards

1 source controls mapped|1 target controls covered

APRA CPS 230 Operational Risk Management

1 source controls mapped|1 target controls covered

FBI CJIS Security Policy

1 source controls mapped|1 target controls covered

ISO 22317

1 source controls mapped|2 target controls covered

ISO 22316

1 source controls mapped|2 target controls covered

ISO 22318

1 source controls mapped|2 target controls covered

COSO Internal Control - Integrated Framework (2013)

1 source controls mapped|2 target controls covered

Secure by Design: A Guide for Manufacturers (CISA)

1 source controls mapped|1 target controls covered

OWASP Top 10 for LLM Applications 2025

1 source controls mapped|4 target controls covered

HL7 FHIR Security Framework

1 source controls mapped|1 target controls covered

FIDO2 / WebAuthn

1 source controls mapped|2 target controls covered

Armenia Law on Protection of Personal Data (2015)

1 source controls mapped|1 target controls covered

Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

1 source controls mapped|1 target controls covered

AML/CTF Act 2006 (Australia)

1 source controls mapped|1 target controls covered

3GPP 5G Security Architecture (TS 33.501)

1 source controls mapped|3 target controls covered

Compare DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) with Nebraska Data Privacy Act

Frequently Asked Questions

What is DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)?

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) is a compliance framework from International (DAMA International) with 18 domains and 46 controls. The DAMA International Data Management Body of Knowledge (DAMA‑DMBOK2, 2017) is the definitive guide to data management disciplines. It covers 11 knowledge areas: Data Governance, Data Architecture, Data Modeling and Design, Data Storage and Operations, Data Security, Data Integration and Interoperability, Data Quality, Reference & Master Data, Data Warehousing & Business Intelligence, Document & Content Management, and Metadata Management. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) have?

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) has 46 controls organised across 18 domains. The largest domains are Data Governance (4 controls), Data Architecture and Modeling (3 controls), Data Ethics and Maturity (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) map to?

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) maps to 277 other compliance frameworks. The top mapping partners are Nebraska Data Privacy Act (15% coverage), SLSA (13% coverage), SIG (Shared Assessments) (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) compliance?

Start your DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 46 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required