A mapping of best practices to mandated regulatory requirements. If a regulatory mandate requires a certain type of data to be encrypted (e.g., PHI in HIPPA), then a vendor best practice document would be corelated with the regulatory mandate to show how the best practices implement the mandate for compliance.