US Section 508 — ICT Accessibility Standards (Revised 2017)

United States (Federal)

vRevised 2017

6 domains

20 controls

Section 508 of the Rehabilitation Act (29 U.S.C. § 794d), as revised in January 2017 by the US Access Board, requires that all federal government ICT (information and communications technology) be accessible to people with disabilities. The revised standards incorporate WCAG 2.0 Level AA for web and electronic content. Applies to federal agencies developing, procuring, maintaining, or using ICT. The Revised 508 Standards align with EN 301 549 for international harmonisation. Enforced through complaint mechanisms, Section 508 coordinators, and OMB reporting.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (6)

Chapter 1-2: Application and Scoping

4 controls

Controls in the Chapter 1-2: Application and Scoping domain of US Section 508 — ICT Accessibility Standards (Revised 2017) — 4 controls
Code	Title	Description
E101	Application Scope	The standards apply to ICT developed, procured, maintained, or used by federal agencies to ensure accessibility.
E205	Electronic Content Scoping	All web and non-web electronic content must conform to WCAG 2.0 Level AA Success Criteria with limited exceptions.
E207	Software Scoping	Software and platforms must conform to WCAG 2.0 Level AA and additional software-specific accessibility requirements.
E208	Agency Official Communications	Agency official communications must be accessible including emergency notifications and public-facing content.

Chapter 3: Functional Performance Criteria

5 controls

Controls in the Chapter 3: Functional Performance Criteria domain of US Section 508 — ICT Accessibility Standards (Revised 2017) — 5 controls
Code	Title	Description
302.1	Without Vision	ICT must provide at least one mode of operation that does not require user vision.
302.2	With Limited Vision	ICT must provide at least one mode of operation that enables users with limited vision to use the product.
302.3	Without Perception of Color	ICT must provide at least one mode that does not require user perception of color.
302.4	Without Hearing	ICT must provide at least one mode of operation that does not require user hearing.
302.8	With Limited Manipulation	ICT must provide at least one mode of operation usable by persons with limited fine motor skills.

Chapter 4: Hardware Accessibility

3 controls

Controls in the Chapter 4: Hardware Accessibility domain of US Section 508 — ICT Accessibility Standards (Revised 2017) — 3 controls
Code	Title	Description
402	Closed Functionality	ICT with closed functionality must meet specific accessibility requirements without relying on assistive technology.
407	Operable Parts	Hardware operable parts must be usable with one hand and not require tight grasping, pinching, or twisting.
412	ICT with Two-Way Voice Communication	ICT providing two-way voice communication must support volume gain, hearing aid compatibility, and TTY connectivity.

Chapter 5: Software Accessibility

4 controls

Controls in the Chapter 5: Software Accessibility domain of US Section 508 — ICT Accessibility Standards (Revised 2017) — 4 controls
Code	Title	Description
501.1	Software General Requirements	Software must conform to WCAG 2.0 Level A and AA Success Criteria for all user interface components.
502	Interoperability with Assistive Technology	Software must support interoperability with assistive technology through platform accessibility services.
503	Applications	Applications must provide user preferences for accessibility settings and support assistive technology access to content...
504	Authoring Tools	Authoring tools must be accessible and support the creation of accessible content where possible.

Chapters 6-7: Support and Communication

4 controls

Controls in the Chapters 6-7: Support and Communication domain of US Section 508 — ICT Accessibility Standards (Revised 2017) — 4 controls
Code	Title	Description
602	Support Documentation	Documentation and support services must describe accessibility features and be provided in accessible formats.
603	Support Services	Support services including help desks must accommodate communication needs of users with disabilities.
707	Real-Time Text Functionality	ICT providing real-time text must support interoperability, concurrent voice and text, and visual indicators.
WCAG 2.0	WCAG 2.0 Level AA Incorporation	WCAG 2.0 Level AA Success Criteria are incorporated by reference as the technical foundation for electronic content.

Technical Requirements

0 controls

ICT accessibility technical standards

Maps to 198 other frameworks

20 total controls

Section 508 — ICT Accessibility (Revised)

2 source controls mapped|1 target controls covered

10%

EMV 3-D Secure (3DS2) — Payment Authentication Protocol

2 source controls mapped|2 target controls covered

10%

EU Data Act

2 source controls mapped|3 target controls covered

10%

HITECH Act

2 source controls mapped|2 target controls covered

10%

Jamaica DPA

2 source controls mapped|1 target controls covered

10%

EU AI Liability Directive

2 source controls mapped|2 target controls covered

10%

EU Anti-Money Laundering Directive (AMLD6 / Directive 2018/1673)

2 source controls mapped|6 target controls covered

10%

EU Audiovisual Media Services Directive (AVMSD, Directive 2018/1808)

2 source controls mapped|4 target controls covered

10%

EU Carbon Border Adjustment Mechanism (CBAM)

2 source controls mapped|2 target controls covered

10%

EU Cyber Solidarity Act (Regulation (EU) 2025/38)

2 source controls mapped|4 target controls covered

10%

EU Energy Performance of Buildings Directive (EPBD Recast, Directive 2024/1275)

2 source controls mapped|3 target controls covered

10%

EU European Media Freedom Act (EMFA)

2 source controls mapped|4 target controls covered

10%

EU General Product Safety Regulation (GPSR, Regulation 2023/988)

2 source controls mapped|4 target controls covered

10%

EU Maritime Single Window Environment Regulation (EU 2019/1239) and EMSA Cybersecurity

2 source controls mapped|4 target controls covered

10%

EU Markets in Crypto-Assets Regulation (MiCA, Regulation 2023/1114)

2 source controls mapped|2 target controls covered

10%

EU NIS2 Directive — Transport Sector Requirements

2 source controls mapped|4 target controls covered

10%

EU Pay Transparency Directive (Directive 2023/970)

2 source controls mapped|4 target controls covered

10%

EU Platform Work Directive (Directive 2024/2831)

2 source controls mapped|4 target controls covered

10%

EU Product Liability Directive (Directive (EU) 2024/2853)

2 source controls mapped|4 target controls covered

10%

EU Seveso III Directive (Directive 2012/18/EU)

2 source controls mapped|4 target controls covered

10%

EU Taxonomy Regulation (Regulation 2020/852)

2 source controls mapped|4 target controls covered

10%

EU Taxonomy for Sustainable Activities (Regulation 2020/852)

2 source controls mapped|3 target controls covered

10%

EU Union Customs Code (UCC) — Data Protection and Security Provisions (Regulation 952/2013)

2 source controls mapped|1 target controls covered

10%

EU Web Accessibility Directive (Directive 2016/2102)

2 source controls mapped|4 target controls covered

10%

EU ePrivacy Directive (2002/58/EC)

2 source controls mapped|4 target controls covered

10%

eIDAS 2.0 — EU Digital Identity Regulation

2 source controls mapped|4 target controls covered

10%

Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD)

2 source controls mapped|3 target controls covered

10%

Morocco Data Protection Law (09-08)

2 source controls mapped|4 target controls covered

10%

Egypt Personal Data Protection Law (Law No. 151 of 2020)

2 source controls mapped|4 target controls covered

10%

Chile Personal Data Protection Law (Law No. 21.719)

2 source controls mapped|3 target controls covered

10%

Peru Personal Data Protection Law (Law No. 29733)

2 source controls mapped|4 target controls covered

10%

Costa Rica Personal Data Protection Law (Law No. 8968)

2 source controls mapped|5 target controls covered

10%

Turkey Personal Data Protection Law (KVKK — Law No. 6698)

2 source controls mapped|4 target controls covered

10%

Ukraine Law on Personal Data Protection (Law No. 2297-VI)

2 source controls mapped|4 target controls covered

10%

Ethiopia Personal Data Protection Proclamation (No. 1321/2024)

2 source controls mapped|3 target controls covered

10%

Senegal Law on Personal Data Protection (Law No. 2008-12)

2 source controls mapped|2 target controls covered

10%

Tunisia Organic Law on Personal Data Protection (Law No. 2004-63)

2 source controls mapped|3 target controls covered

10%

Uzbekistan Law on Personal Data (No. ZRU-547)

2 source controls mapped|4 target controls covered

10%

Georgia Law on Personal Data Protection (2012)

2 source controls mapped|3 target controls covered

10%

Colombia Data Protection Law (Law 1581 of 2012 — SIC Oversight)

2 source controls mapped|4 target controls covered

10%

Panama Law on Personal Data Protection (Law No. 81 of 2019)

2 source controls mapped|4 target controls covered

10%

North Macedonia Law on Personal Data Protection (2020)

2 source controls mapped|3 target controls covered

10%

Lithuania Law on Legal Protection of Personal Data (2018)

2 source controls mapped|3 target controls covered

10%

Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation)

2 source controls mapped|4 target controls covered

10%

Croatia Act on Implementation of the GDPR (Official Gazette 42/2018)

2 source controls mapped|4 target controls covered

10%

Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation)

2 source controls mapped|2 target controls covered

10%

Portugal Law No. 58/2019 — Data Protection Implementation Act

2 source controls mapped|2 target controls covered

10%

Malta Data Protection Act (Cap. 586, 2018)

2 source controls mapped|2 target controls covered

10%

Netherlands GDPR Implementation Act (UAVG — Uitvoeringswet AVG, 2018)

2 source controls mapped|2 target controls covered

10%

Oman Personal Data Protection Law (Royal Decree 6/2022)

2 source controls mapped|4 target controls covered

10%

Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016)

2 source controls mapped|4 target controls covered

10%

South Korea Personal Information Protection Act (PIPA)

2 source controls mapped|3 target controls covered

10%

Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)

2 source controls mapped|4 target controls covered

10%

UNCITRAL Model Law on Electronic Commerce (1996, updated 2005)

2 source controls mapped|4 target controls covered

10%

Brazil Open Finance (Resolução Conjunta No. 1/2020)

2 source controls mapped|5 target controls covered

10%

RICS Professional Standards — Data and Technology in Property

2 source controls mapped|3 target controls covered

10%

Iowa Consumer Data Protection Act

2 source controls mapped|1 target controls covered

10%

Utah Consumer Privacy Act

2 source controls mapped|1 target controls covered

10%

Maryland Online Data Privacy Act

2 source controls mapped|1 target controls covered

10%

South Korea Credit Information Act

2 source controls mapped|2 target controls covered

10%

Extractive Industries Transparency Initiative (EITI) Standard (2023)

2 source controls mapped|1 target controls covered

10%

Mauritius DPA

2 source controls mapped|1 target controls covered

10%

India Account Aggregator Framework (RBI)

2 source controls mapped|1 target controls covered

10%

Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023)

2 source controls mapped|1 target controls covered

10%

EU Machinery Regulation (Regulation (EU) 2023/1230)

2 source controls mapped|3 target controls covered

10%

EU Taxonomy Regulation

2 source controls mapped|2 target controls covered

10%

African Union Malabo Convention

2 source controls mapped|3 target controls covered

10%

Rwanda Law No. 058/2021 Relating to the Protection of Personal Data

2 source controls mapped|4 target controls covered

10%

Côte d'Ivoire Law on Personal Data Protection (Law No. 2013-450)

2 source controls mapped|4 target controls covered

10%

Pakistan Personal Data Protection Bill 2023

2 source controls mapped|3 target controls covered

10%

Kazakhstan Law on Personal Data and Their Protection (No. 94-V)

2 source controls mapped|3 target controls covered

10%

Peru DPL

2 source controls mapped|1 target controls covered

10%

UAE PDPL

2 source controls mapped|1 target controls covered

10%

Mexico LFPDPPP

2 source controls mapped|1 target controls covered

10%

New Hampshire Privacy Act

2 source controls mapped|1 target controls covered

10%

Vermont Artificial Intelligence and Consumer Data Act (AICDA)

2 source controls mapped|1 target controls covered

10%

Ghana Data Protection Act 2012 (Act 843)

2 source controls mapped|1 target controls covered

10%

Mauritius Data Protection Act 2017

2 source controls mapped|1 target controls covered

10%

Jamaica Data Protection Act 2020

2 source controls mapped|1 target controls covered

10%

Finland Data Protection Act (Tietosuojalaki, 1050/2018)

2 source controls mapped|2 target controls covered

10%

Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018)

2 source controls mapped|2 target controls covered

10%

Botswana Data Protection Act (2024)

2 source controls mapped|2 target controls covered

10%

NIST Privacy Framework 1.0

2 source controls mapped|1 target controls covered

10%

EU Data Governance Act (DGA)

2 source controls mapped|1 target controls covered

10%

Nebraska Data Privacy Act

2 source controls mapped|1 target controls covered

10%

Washington My Health My Data Act (MHMD)

2 source controls mapped|2 target controls covered

10%

Singapore Government Instruction Manual on ICT&SS Management (IM8)

2 source controls mapped|1 target controls covered

10%

EU In Vitro Diagnostic Medical Devices Regulation (IVDR)

2 source controls mapped|2 target controls covered

10%

Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)

2 source controls mapped|2 target controls covered

10%

Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018)

2 source controls mapped|2 target controls covered

10%

Greece Law 4624/2019 — Hellenic Data Protection Authority (HDPA) Implementation Act

2 source controls mapped|2 target controls covered

10%

DAMA-DMBOK2 — Data Management Body of Knowledge (2nd Edition)

2 source controls mapped|1 target controls covered

10%

POPIA

2 source controls mapped|1 target controls covered

10%

Norway PDPA

2 source controls mapped|1 target controls covered

10%

EU Digital Markets Act

2 source controls mapped|3 target controls covered

10%

ISO 22739:2024 — Blockchain and Distributed Ledger Technologies Vocabulary

2 source controls mapped|1 target controls covered

10%

Digital Economy Partnership Agreement (DEPA)

2 source controls mapped|2 target controls covered

10%

Virginia CDPA

2 source controls mapped|1 target controls covered

10%

Rwanda DPL

2 source controls mapped|1 target controls covered

10%

China PIPL

2 source controls mapped|1 target controls covered

10%

WHO Global Strategy on Digital Health 2020-2025

2 source controls mapped|2 target controls covered

10%

Philippines DPA

2 source controls mapped|1 target controls covered

10%

COPPA

2 source controls mapped|1 target controls covered

10%

Bahrain PDPL

2 source controls mapped|1 target controls covered

10%

UK Age Appropriate Design Code (Children's Code)

2 source controls mapped|1 target controls covered

10%

TEFCA — Trusted Exchange Framework and Common Agreement

2 source controls mapped|1 target controls covered

10%

South Korea PIPA

2 source controls mapped|1 target controls covered

10%

Privacy Act 1988 (Australia)

2 source controls mapped|1 target controls covered

10%

ISO 8000 — Data Quality

2 source controls mapped|3 target controls covered

10%

New Jersey Data Privacy Act

2 source controls mapped|1 target controls covered

10%

Colorado Privacy Act (CPA)

2 source controls mapped|1 target controls covered

10%

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

2 source controls mapped|1 target controls covered

10%

Wisconsin Data Privacy Act (SB 670)

2 source controls mapped|1 target controls covered

10%

Tennessee Information Protection Act (TIPA)

2 source controls mapped|1 target controls covered

10%

Connecticut Data Privacy Act (CTDPA)

2 source controls mapped|1 target controls covered

10%

Florida Digital Bill of Rights (FDBR)

2 source controls mapped|1 target controls covered

10%

NIST SP 800-122

2 source controls mapped|1 target controls covered

10%

Qatar DPL

2 source controls mapped|1 target controls covered

10%

Switzerland FADP

2 source controls mapped|1 target controls covered

10%

UK Concordat on Open Research Data (UKRI)

2 source controls mapped|2 target controls covered

10%

Oregon Consumer Privacy Act

2 source controls mapped|1 target controls covered

10%

Liechtenstein DPA

2 source controls mapped|1 target controls covered

10%

LGPD

2 source controls mapped|1 target controls covered

10%

ILO Nursing Personnel Convention C149 (1977)

2 source controls mapped|3 target controls covered

10%

FATF Recommendation 16 — Virtual Asset Travel Rule

2 source controls mapped|2 target controls covered

10%

Privacy by Design (PbD) — Seven Foundational Principles

2 source controls mapped|2 target controls covered

10%

BS 65000:2014 — Guidance on Organizational Resilience

2 source controls mapped|2 target controls covered

10%

UK GDPR (UK General Data Protection Regulation)

2 source controls mapped|1 target controls covered

10%

Delaware Personal Data Privacy Act

2 source controls mapped|1 target controls covered

10%

New Zealand Privacy Act

2 source controls mapped|1 target controls covered

10%

APPI

2 source controls mapped|1 target controls covered

10%

PIPEDA

2 source controls mapped|1 target controls covered

10%

Montana Consumer Data Privacy Act

2 source controls mapped|1 target controls covered

10%

Cook Islands Electronic Transactions Act & Privacy Provisions (2003)

2 source controls mapped|1 target controls covered

10%

US Americans with Disabilities Act (ADA) — Title III Digital Accessibility

2 source controls mapped|1 target controls covered

10%

EU Network Code on Cybersecurity for the Electricity Sector

2 source controls mapped|1 target controls covered

10%

EU Digital Services Act — Minors Protection Provisions (Regulation 2022/2065)

2 source controls mapped|1 target controls covered

10%

Laos Law on Prevention and Combating Cybercrime (2015)

2 source controls mapped|1 target controls covered

10%

Paraguay Law on Protection of Personal Data (Law No. 6534/2020)

2 source controls mapped|1 target controls covered

10%

Jordan Draft Personal Data Protection Law (2022)

2 source controls mapped|1 target controls covered

10%

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

2 source controls mapped|1 target controls covered

10%

Montenegro Law on Personal Data Protection (2023)

2 source controls mapped|1 target controls covered

10%

Japan Act on Specified Commercial Transactions (ASCT) — Digital Services

2 source controls mapped|1 target controls covered

10%

Hungary Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)

2 source controls mapped|2 target controls covered

10%

Uruguay Personal Data Protection Act (Law No. 18.331)

2 source controls mapped|1 target controls covered

10%

FCC Customer Proprietary Network Information (CPNI) and Data Breach Rules (47 CFR 64.2001-2011)

2 source controls mapped|1 target controls covered

10%

IFRS 17 — Insurance Contracts

2 source controls mapped|1 target controls covered

10%

FTC Health Breach Notification Rule

2 source controls mapped|1 target controls covered

10%

CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)

2 source controls mapped|1 target controls covered

10%

Lebanon Electronic Transactions and Personal Data Protection Law (Law No. 81/2018)

2 source controls mapped|1 target controls covered

10%

ICAO Annex 17 — Aviation Security (AVSEC)

2 source controls mapped|1 target controls covered

10%

Serbia Law on Personal Data Protection (2018)

2 source controls mapped|1 target controls covered

10%

Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)

2 source controls mapped|1 target controls covered

10%

Russia Federal Law on Personal Data (152-FZ)

2 source controls mapped|1 target controls covered

10%

Fiji Data Protection Bill (2020)

2 source controls mapped|1 target controls covered

10%

Zimbabwe Data Protection Act (2021)

2 source controls mapped|1 target controls covered

10%

Uganda Data Protection and Privacy Act (2019)

2 source controls mapped|1 target controls covered

10%

Dominican Republic DPL

2 source controls mapped|1 target controls covered

10%

Colorado Privacy Act

2 source controls mapped|1 target controls covered

10%

Argentina PDPA

2 source controls mapped|1 target controls covered

10%

Vietnam PDPD

2 source controls mapped|1 target controls covered

10%

Kentucky Consumer Data Protection Act

2 source controls mapped|1 target controls covered

10%

ISO 27701

2 source controls mapped|1 target controls covered

10%

Kenya DPA

2 source controls mapped|1 target controls covered

10%

UK Data Protection Act 2018

2 source controls mapped|1 target controls covered

10%

Malaysia PDPA 2010

2 source controls mapped|1 target controls covered

10%

US Consumer Product Safety Commission (CPSC) — Connected Product Safety

2 source controls mapped|1 target controls covered

10%

ESRB Privacy Certified Programme

2 source controls mapped|1 target controls covered

10%

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

2 source controls mapped|1 target controls covered

10%

Iceland DPA

2 source controls mapped|1 target controls covered

10%

Tennessee IPA

2 source controls mapped|1 target controls covered

10%

Philippines Data Privacy Act (RA 10173)

2 source controls mapped|1 target controls covered

10%

PDPA Thailand

2 source controls mapped|1 target controls covered

10%

Connecticut DPA

2 source controls mapped|1 target controls covered

10%

Saudi Arabia PDPL

2 source controls mapped|1 target controls covered

10%

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

2 source controls mapped|1 target controls covered

10%

Nigeria NDPR

2 source controls mapped|1 target controls covered

10%

Australia Consumer Data Right — Banking (CDR)

2 source controls mapped|2 target controls covered

10%

Turkey KVKK

2 source controls mapped|1 target controls covered

10%

Indonesia PDP Law

2 source controls mapped|1 target controls covered

10%

BSI C5 — Cloud Computing Compliance Criteria Catalogue

2 source controls mapped|1 target controls covered

10%

UK Open Banking Standard

2 source controls mapped|1 target controls covered

10%

GDPR

2 source controls mapped|1 target controls covered

10%

FERPA

2 source controls mapped|1 target controls covered

10%

India DPDP Act

2 source controls mapped|1 target controls covered

10%

Colombia Habeas Data Law

2 source controls mapped|1 target controls covered

10%

EN 301 549 — ICT Accessibility Requirements

2 source controls mapped|1 target controls covered

10%

Authorised Economic Operator (AEO) Programmes — Global Standards

2 source controls mapped|1 target controls covered

10%

Taiwan PDPA

2 source controls mapped|1 target controls covered

10%

Texas Data Privacy Act

2 source controls mapped|1 target controls covered

10%

Barbados Data Protection Act 2019

2 source controls mapped|1 target controls covered

10%

Uruguay DPL

2 source controls mapped|1 target controls covered

10%

Minnesota Consumer Data Privacy Act

2 source controls mapped|1 target controls covered

10%

PDPA Singapore

2 source controls mapped|1 target controls covered

10%

Chile DPL

2 source controls mapped|1 target controls covered

10%

Indiana Consumer Data Protection Act

2 source controls mapped|1 target controls covered

10%

Ecuador LOPDP

2 source controls mapped|1 target controls covered

10%

CCPA/CPRA

2 source controls mapped|1 target controls covered

10%

Compare US Section 508 — ICT Accessibility Standards (Revised 2017) with Section 508 — ICT Accessibility (Revised)

Frequently Asked Questions

What is US Section 508 — ICT Accessibility Standards (Revised 2017)?

US Section 508 — ICT Accessibility Standards (Revised 2017) is a compliance framework from United States (Federal) with 6 domains and 20 controls. Section 508 of the Rehabilitation Act (29 U.S.C. § 794d), as revised in January 2017 by the US Access Board, requires that all federal government ICT (information and communications technology) be accessible to people with disabilities. The revised standards incorporate WCAG 2.0 Level AA for web and electronic content. Applies to federal agencies developing, procuring, maintaining, or using ICT. The Revised 508 Standards align with EN 301 549 for international harmonisation. Enforced through complaint mechanisms, Section 508 coordinators, and OMB reporting. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does US Section 508 — ICT Accessibility Standards (Revised 2017) have?

US Section 508 — ICT Accessibility Standards (Revised 2017) has 20 controls organised across 6 domains. The largest domains are Chapter 3: Functional Performance Criteria (5 controls), Chapter 1-2: Application and Scoping (4 controls), Chapter 5: Software Accessibility (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does US Section 508 — ICT Accessibility Standards (Revised 2017) map to?

US Section 508 — ICT Accessibility Standards (Revised 2017) maps to 198 other compliance frameworks. The top mapping partners are Section 508 — ICT Accessibility (Revised) (10% coverage), EMV 3-D Secure (3DS2) — Payment Authentication Protocol (10% coverage), EU Data Act (10% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with US Section 508 — ICT Accessibility Standards (Revised 2017) compliance?

Start your US Section 508 — ICT Accessibility Standards (Revised 2017) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about US Section 508 — ICT Accessibility Standards (Revised 2017) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.

Get Started Free →

Free forever — no credit card required