Docs/Compliance Frameworks

Compliance Frameworks

TigerGate supports 38+ compliance frameworks with automated evidence collection and continuous monitoring

Industry Standards

SOC 2, ISO 27001, CIS Benchmarks

Regulatory

PCI-DSS, HIPAA, GDPR, FedRAMP

Cloud-Specific

AWS, Azure, GCP benchmarks

Evidence Collection

Automated compliance evidence

Industry Standards

SOC 2 Type II

Service Organization Control 2 compliance for security, availability, processing integrity, confidentiality, and privacy.

Trust Services Criteria Coverage:

CC1: Control Environment
CC2: Communication & Information
CC3: Risk Assessment
CC4: Monitoring Activities
CC5: Control Activities
CC6: Logical & Physical Access
CC7: System Operations
CC8: Change Management

TigerGate provides automated evidence for 85+ SOC 2 controls via eBPF runtime monitoring and security scanning.

ISO 27001:2022

International standard for information security management systems (ISMS).

Annex A Control Coverage:

  • A.5 Organizational controls (37 controls)
  • A.6 People controls (8 controls)
  • A.7 Physical controls (14 controls)
  • A.8 Technological controls (34 controls)

CIS Benchmarks

Center for Internet Security benchmarks for secure configuration.

AWS CIS v1.5.0

576+ checks across 82+ services

GCP CIS v1.3.0

79+ checks across 13+ services

Azure CIS v1.5.0

162+ checks across 19+ services

Kubernetes CIS v1.8.0

83+ checks for K8s security

Regulatory Frameworks

PCI-DSS v4.0

Payment Card Industry Data Security Standard for organizations handling cardholder data.

Requirements Coverage:

  • Req 1-2: Network Security Controls
  • Req 3-4: Protect Account Data
  • Req 5-6: Vulnerability Management
  • Req 7-8: Access Control
  • Req 10-11: Monitoring & Testing
  • Req 12: Security Policies

HIPAA Security Rule

Health Insurance Portability and Accountability Act for protected health information (PHI).

Safeguards Coverage:

Administrative

Risk analysis, workforce security, incident procedures

Physical

Facility access, device controls, workstation security

Technical

Access controls, audit controls, encryption

GDPR

General Data Protection Regulation for EU personal data protection.

Article Coverage:

  • Article 25: Data protection by design
  • Article 32: Security of processing
  • Article 33: Breach notification
  • Article 35: Data protection impact assessment

FedRAMP

Federal Risk and Authorization Management Program for US government cloud services

NIST 800-53

Security and Privacy Controls for Information Systems and Organizations

NIST CSF

Cybersecurity Framework for critical infrastructure

FFIEC

Federal Financial Institutions Examination Council guidelines

Cloud-Specific Frameworks

AWS

  • • Well-Architected Framework
  • • Foundational Technical Review
  • • Security Best Practices

Azure

  • • Security Benchmark
  • • Well-Architected Framework
  • • Landing Zone Security

GCP

  • • Security Best Practices
  • • Architecture Framework
  • • Risk Manager

Automated Evidence Collection

TigerGate automatically collects compliance evidence through runtime monitoring and security scanning.

eBPF-Enabled Controls

C1: Binary Execution

Monitors execve syscalls for unauthorized binary execution

C2: File Integrity

Monitors file operations on critical paths

C3: Log Tampering

Detects unauthorized log file modifications

C4: Network Egress

Monitors outbound network connections

C5: Privilege Escalation

Tracks setuid/setgid and capability usage

C6: Secrets Exposure

Monitors access to sensitive files and env vars

Evidence Export

Export compliance evidence to GRC platforms or generate audit-ready reports.

VantaDrataSecureframePDF ReportsCSV ExportAPI Access

Next Steps

GRC Platform IntegrationsDeploy Runtime AgentConfigure ScannersAPI Reference