Compliance Reports

CIS AWS Foundations

The CIS AWS Foundations Benchmark provides a high-level compliance standard for securing Amazon Web Services resources. The benchmark offers prescriptive instructions for configuring AWS services in accordance with industry best practices

SOC 2

System and Organization Controls (SOC) 2 is an auditing procedure that ensures a company's data is securely managed It's intended for use by service organizations (organizations that provide information systems as a service to other organizations) to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories known as Trust Service Principles

NIST 800-53

NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems.

These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability

NIST CSF

NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices.[1]taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes",[2] in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context.[3] It has been translated into many languages and is used by several governments[4] and a wide range of businesses and organizations

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge

PCI DSS v3.2.1

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process, or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions

FedRAMP (Moderate)

FedRAMP (Federal Risk and Authorization Management Program) is the US federal government’s approach to securing the cloud services that its agencies use internally.

Canada GC Guardrails

A preliminary set of baseline controls is provided through the GC Cloud Guardrails, which help to ensure that cloud-based environments are protected upon receipt of enrolment under the GC Cloud Services Framework Agreement

Canada Protected B Medium Integrity Medium Availability (PBMM)

PBMM controls identify the baseline security controls that must be implemented by CSPs and GC departments and agencies in order to appropriately protect cloud-based GC services and related information having a security category of Protected B, medium integrity, and medium availability (PBMM)

Reserve Bank India (RBI) Cyber Security Framework

A comprehensive cyber security framework by RBI for Urban Cooperative Banks, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them, and assessment of cyber security risk.