Compliance

Map Every Finding to the Framework That Matters.

Every scan result is automatically mapped to the compliance controls your auditors and regulators actually check.

Global frameworks

Out-of-the-box coverage

Standard control libraries mapped to findings across cloud posture, Active Directory, Kubernetes and Microsoft 365.

CIS
NIST 800
NIST CSF
CISA
FedRAMP
PCI-DSS
GDPR
HIPAA
SOC2
ENS
ISO 27001
Regional packs

Country-specific compliance packs

Localized control sets so teams in every jurisdiction ship evidence in the language their regulator expects.

Region

Singapore

  • MAS TRM
  • PDPA
  • Cyber Essentials / Cyber Trust

MAS TRM compliance for financial institutions plus PDPA and CSA Cyber Trust mappings for regulated Singapore operators.

Region

India

  • DPDP Act
  • CERT-In Directions

DPDP Act compliance controls and CERT-In six-hour incident reporting evidence for Indian data fiduciaries.

Region

European Union

  • NIS2
  • DORA
  • EU Cyber Resilience Act

NIS2 compliance tooling with DORA operational resilience controls and CRA product-security evidence for EU essential entities.

Region

United Kingdom

  • Cyber Essentials
  • NCSC CAF
  • UK GDPR

Cyber Essentials and NCSC CAF outcome mapping with UK GDPR data-protection controls for CNI and public-sector suppliers.

Region

United States

  • NIST CSF 2.0
  • HIPAA
  • SOC2
  • PCI DSS

SOC2 compliance automation, HIPAA safeguards, PCI DSS scoping and NIST CSF 2.0 profile alignment for US enterprises.

Region

UAE / Middle East

  • NESA
  • UAE PDPL

UAE Information Assurance (NESA) controls and PDPL personal-data obligations for regulated Gulf sectors.

Region

Australia

  • Essential Eight
  • Privacy Act

ACSC Essential Eight maturity scoring and Australian Privacy Act notifiable-breach controls for APRA-regulated entities.

Audit readiness

From scan to signed audit

01

Continuous evidence

Every scan across cloud, identity and M365 becomes timestamped, framework-tagged evidence — no screenshot chases before an audit.

02

Exportable reports

Generate framework-specific control reports on demand, scoped per tenant, with mappings, findings, owners and remediation status.

03

Remediation guidance

Every failing control links to concrete remediation steps and the exact configuration change, so auditors see closed findings, not open tickets.

Disclaimer
Framework coverage and control mappings are provided for guidance and operational efficiency. Customers remain responsible for validating compliance status with qualified auditors and legal counsel prior to making regulatory representations.

See your compliance posture, mapped.