Reference dataset

Regulation × control × tooling.

A curated, browsable map: 56 concrete controls across 28 regulations, each with the tooling options that implement it and the evidence shape that passes audit. Designed so you can answer "which tool actually closes APRA CPS 234's workload-identity control, and what evidence do I produce?" in under a minute.

Updated 2026-05-30 License CC BY 4.0 JSON CSV Source on GitHub

Regulation

Tooling options

AWS IAM Roles for Service Accounts / IRSAmanagedGCP Workload Identity FederationmanagedAzure Federated Credentials (OIDC)managedSPIFFE / SPIREossGitHub Actions OIDCmanaged

Evidence shape

IAM policy export showing zero static long-lived credentials in the path. OIDC trust policy showing federated identity provider configured. Rotation logs from any remaining service accounts (target: none in 12 months).

Notes

Often confused with credential rotation — rotation alone doesn't close the audit finding. The control requires federated identity (the workload proves who it is to the cloud), not just shorter-lived static creds. Foundation for SOCI 2022 SLACIP-amendment maturity.

Other regs: ASD Essential 8, ISO/IEC 27001, SOCI Act 2018+ Sectors: banksgovernmentcritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

APRA CPS 234AU +2

Least-privilege IAM (no wildcard policies)

Cloud · K8s

Identity & access

5 tools

Tooling options

AWS IAM Access AnalyzermanagedGCP IAM RecommendermanagedAzure Entra Permission ManagementmanagedCloudsplainingossPolicy Sentryoss

Evidence shape

Static + runtime analysis report: count of wildcard (*) actions in production policies, trending to zero. AccessAnalyzer findings cleared monthly.

Notes

Wildcards in production IAM are the most common audit finding. The control is *demonstrated* least-privilege (Access Analyzer says so), not *intended* least-privilege.

Other regs: ISO/IEC 27001, NIST SP 800-53 Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

ASD Essential 8AU +2

Privileged access management (PAM) for breakglass

Cloud · On-prem

Identity & access

5 tools

Tooling options

HashiCorp BoundaryossAWS IAM Identity Center + permission setsmanagedTeleportcommercialCyberArk PAMcommercialAzure PIMmanaged

Evidence shape

Just-in-time access requests log. Approval audit trail. Session recording for production breakglass. Account-of-last-resort tested quarterly.

Notes

E8 ML2+ requires PAM, not 'we have admins with persistent access we trust.'

Other regs: ISO/IEC 27001, NIST SP 800-53 Sectors: banksgovernmentcritical-infrastructure

HIPAAUS +3

MFA enforced for all human access (no exceptions)

Identity provider

Identity & access

5 tools

Tooling options

OktacommercialMicrosoft Entra IDmanagedGoogle Workspace 2SV / TitanmanagedDuo SecuritycommercialYubiKey / WebAuthn passkeysstandard

Evidence shape

Conditional access policy export. Zero users with MFA-disabled status. WebAuthn / passkey adoption % trending up; SMS/voice OTP trending to zero.

Notes

SMS-OTP no longer counts as strong MFA per NIST SP 800-63B Revision 4 draft. Passkeys / hardware tokens are the target.

Other regs: EU GDPR, AU Privacy Act, ISO/IEC 27001 Sectors: banksgovernmenthealthcarecritical-infrastructure

SLSA v1.0INTL +3

Signed build provenance (SLSA L2+)

CI/CD

Supply chain & provenance

5 tools

Tooling options

Sigstore (cosign + Rekor + Fulcio)ossGitHub Actions attestationsmanagedGitLab CI build attestationsmanagedTekton Chainsossin-toto attestationsstandard

Evidence shape

Signed in-toto / SLSA provenance attached to every production artefact. Rekor transparency log entry for every signed artefact. Verification step in deploy pipeline that *blocks* if signature absent or invalid.

Notes

SLSA L2 = signed provenance; L3 = hardened builder (isolated, ephemeral). L3 needed for US-federal procurement under CISA SSA in many cases.

Other regs: NIST SSDF (800-218), CISA SSA, APRA CPS 234 Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

NIST SSDF (800-218)INTL +5

SBOM emission + KEV-driven owner-alert loop

CI/CD · Runtime

Supply chain & provenance

6 tools

Tooling options

Syft (SPDX/CycloneDX SBOM)ossOWASP Dependency-TrackossGUAC (SBOM graph)ossChainguard EnforcecommercialSnykcommercialTrivyoss

Evidence shape

SBOM per artefact stored centrally. CISA KEV catalogue subscribed; on match, owner-of-service alerted within minutes (not central security inbox). MTTR for KEV-listed CVEs measured and trending down.

Notes

Emitting SBOMs is necessary but not sufficient. The audit-passing control is the *loop*: SBOM → vulnerability → owner-alert → patch within SLA. Pure SBOM-collection = shelfware.

Other regs: CISA SSA, APRA CPS 234, EU DORA, EU NIS2, SOCI Act 2018+ Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

SLSA v1.0INTL +1

Verified image signatures at admission

K8s admission

Supply chain & provenance

4 tools

Tooling options

Kyverno (verifyImages)ossSigstore Policy ControllerossConnaisseurossAWS Signer + ECRmanaged

Evidence shape

Admission-controller logs showing rejection of unsigned/untrusted images. Policy-as-code repo defining trusted signers + repositories. Test workload with bad signature must fail.

Notes

Verifying signatures at deploy-time, not at scan-time. Catches the malicious-rebuild and tampered-mirror attack class.

Other regs: NIST SSDF (800-218) Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

NIST SSDF (800-218)INTL

Hermetic / reproducible builds

CI/CD

Supply chain & provenance

4 tools

Tooling options

BazelossNix / NixpkgsossGuixossDocker BuildKit (with --no-cache + pinned base)oss

Evidence shape

Same source produces byte-identical artefact across builds. Diffoscope output showing no drift. CI configured to reject non-hermetic dependencies.

Notes

Hard to reach for most teams; necessary for the most exposed federal / defence workloads (SLSA L4).

Sectors: governmentcritical-infrastructure

NIST SSDF (800-218)INTL +1

Locked dependency versions (no floating tags / ranges in prod)

Source · CI/CD

Supply chain & provenance

5 tools

Tooling options

RenovateossDependabotmanagednpm shrinkwrap / package-lockstandardpip-tools / uv lockossBazel maven_install (with shas)oss

Evidence shape

Lockfile present + committed for every project. CI rejects builds whose lockfile is older than X weeks or where dependencies drift from lock.

Notes

Floating tags (:latest, ^1.x) make supply chain unsafe at any speed. Lockfile + freshness SLA is the control.

Other regs: ISO/IEC 27001 Sectors: banksgovernmenthealthcarecritical-infrastructure

BCBS 239INTL +3

Data lineage (column-level)

Data platform

Data governance

6 tools

Tooling options

OpenLineageossMarquezossCollibracommercialdbt + dbt docs lineage graphcommercialAtlancommercialMicrosoft Purviewmanaged

Evidence shape

Column-level lineage graph from source-of-truth to downstream consumers. BCBS 239 risk-aggregation reports traceable to source systems with timestamp.

Notes

BCBS 239 has been live since 2016 and is still failed by most G-SIBs at audit. Lineage at column level (not table level) is the bar.

Other regs: EU GDPR, AU Privacy Act, HIPAA Sectors: banks

EU GDPREU +2

Data subject access / deletion (DSAR) within statutory window

All data stores

Data governance

5 tools

Tooling options

OneTrustcommercialBigIDcommercialDataGrailcommercialTranscendcommercialCustom RPC + queue per data domainmanaged

Evidence shape

Time-bounded DSAR pipeline. Tested quarterly. Per-data-domain owners with documented response SLAs. Audit log of every DSAR fulfilled.

Notes

Statutory windows: GDPR 30 days, AU Privacy Act 30 days (under reform), HIPAA 30 days for access requests. Untested DSAR pipelines fail at first regulator-driven test.

Other regs: AU Privacy Act, HIPAA Sectors: all

EU GDPREU +2

Data classification + handling rules encoded

Data platform · All apps

Data governance

5 tools

Tooling options

Microsoft Purview Information ProtectionmanagedGoogle DLPmanagedAWS MaciemanagedImmutacommercialOpenMetadata (with classification tags)oss

Evidence shape

Every data asset tagged. Handling rules (encryption, retention, residency) inherited from classification. DLP rules tested via canary records.

Notes

The control is not 'we have a data classification standard'. It's 'every dataset wears its classification and the platform enforces handling rules.'

Other regs: AU Privacy Act, HIPAA Sectors: all

EU GDPREU +1

Data residency / sovereignty (per-tenant region pinning)

Cloud infra

Data governance

4 tools

Tooling options

AWS Local Zones / AWS WavelengthmanagedAzure sovereign cloud regionsmanagedGCP region restrictions (Org Policy)managedCloudflare data localisation suitemanaged

Evidence shape

Tenant-to-region routing table. Network policies that block egress to other regions. Sample request trace showing data stays in-region end-to-end.

Notes

Soft-residency (claim) vs hard-residency (architecturally enforceable). Auditors increasingly want the latter.

Other regs: AU Privacy Act Sectors: banksgovernmenthealthcare

EU AI ActEU +3

Eval-set gating in CI for AI applications

CI/CD

AI evals & guardrails

6 tools

Tooling options

PromptfooossLangSmith (eval suites)commercialLangfuseossOpenAI EvalsossDeepEvalossInspect AIoss

Evidence shape

Versioned eval set per prompt + model + version. CI run on every change that touches prompt or model. Merge blocked on critical-regression. Eval-set drift report quarterly.

Notes

EU AI Act Art. 15 (accuracy / robustness) is enforceable only with eval-set discipline. NIST AI RMF MEASURE function depends on it.

Other regs: ISO/IEC 42001, NIST AI RMF, AU AI Safety Std Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

EU AI ActEU +3

Layered guardrails (input + output) tested adversarially

Runtime · AI gateway

AI evals & guardrails

6 tools

Tooling options

NVIDIA NeMo GuardrailsossGuardrails AIossAWS Bedrock GuardrailsmanagedAzure AI Content SafetymanagedLakera GuardcommercialLlama Guardoss

Evidence shape

Guardrail policy version-controlled. Adversarial-prompt suite run weekly against guardrail (not against base model). False-negative + false-positive rate tracked. Per-incident postmortem when guardrail breached.

Notes

Guardrails encoded in the system prompt = no guardrail. The control is a distinct layer that intercepts before & after the model.

Other regs: AU AI Safety Std, OWASP LLM Top 10, MITRE ATLAS Sectors: banksgovernmenthealthcarecritical-infrastructure

Anti-pattern to avoid

See anti-pattern catalogue →

EU AI ActEU +1

Per-decision audit evidence pack (LLM)

Runtime · Storage

AI evals & guardrails

4 tools

Tooling options

Langfuse (with retention policy)ossLangSmithcommercialHeliconeossOpenTelemetry (with GenAI semantic conventions)oss

Evidence shape

Per request: prompt, retrieved context, model + version, guardrails applied, output, latency, cost. Signed, immutable, retention-policy-controlled. Replay-able at any time.

Notes

EU AI Act Art. 12 (logging) becomes operational evidence here. Without per-decision logs you cannot answer regulator's 'why did the model decide X for this customer'.

Other regs: ISO/IEC 42001 Sectors: banksgovernmenthealthcarecritical-infrastructure

EU AI ActEU +1

Human-in-loop for high-risk decisions

Runtime · UI

AI evals & guardrails

4 tools

Tooling options

Custom workflow engine + queue per domainmanagedTemporal (long-running approval)ossServiceNow workflowscommercialCamunda BPMNoss

Evidence shape

Trigger conditions documented (confidence threshold, risk tier, regulator-defined). Human reviewer queue with SLA. Audit trail showing human approval per decision.

Notes

Art. 14 (human oversight) is operational, not declarative. 'A human can override' isn't oversight; 'a human must approve high-risk decisions' is.

Other regs: AU AI Safety Std Sectors: banksgovernmenthealthcare

OWASP LLM Top 10INTL +1

Prompt injection defence + red-team programme

Runtime · CI

AI evals & guardrails

4 tools

Tooling options

Garak (LLM red-team scanner)ossPyRITossHiddenLayer AI SecuritycommercialRobust Intelligence AI Validationcommercial

Evidence shape

Quarterly red-team report with documented attack categories. Pre-deploy adversarial test suite. CVE-equivalent tracking for AI vulnerabilities found.

Notes

OWASP LLM01 (prompt injection) is the most common attack vector; defending requires both input-side and output-side controls.

Other regs: MITRE ATLAS Sectors: banksgovernmenthealthcarecritical-infrastructure

EU AI ActEU +2

Model card + data card for production model

Documentation

AI evals & guardrails

4 tools

Tooling options

Hugging Face model cardsstandardGoogle Model Card ToolkitossNVIDIA Model Card++ossCustom YAML schema in repomanaged

Evidence shape

Per model in production: model card (training data, eval results, intended use, limitations). Per dataset: data card (provenance, consent basis, refresh cadence). Both versioned with the model.

Notes

EU AI Act technical documentation (Art. 11 / Annex IV) maps to model + data cards.

Other regs: ISO/IEC 42001, NIST AI RMF Sectors: banksgovernmenthealthcarecritical-infrastructure

APRA CPS 230AU +3

Documented + tested service-level recovery (RTO/RPO)

Operations

Resilience & continuity

5 tools

Tooling options

AWS Resilience HubmanagedAzure Site RecoverymanagedGCP Backup and DR ServicemanagedVeeamcommercialTabletop runbooks + game-day cadencemanaged

Evidence shape

Per critical service: RTO + RPO defined. Recovery tested at least annually with timed result. Gap-to-target tracked. Multi-region failover rehearsed.

Notes

CPS 230 (live in AU FS) requires this for every 'critical operation'. DORA RTS expects testing artefacts the regulator can review.

Other regs: EU DORA, EU NIS2, SOCI Act 2018+ Sectors: banksgovernmenthealthcarecritical-infrastructure

APRA CPS 230AU +3

Third-party / critical-vendor concentration tracking

Operations · Vendor mgmt

Third-party risk

4 tools

Tooling options

OneTrust Vendor RiskcommercialServiceNow VRMcommercialWhisticcommercialInternal spreadsheet with quarterly reviewmanaged

Evidence shape

Vendor catalogue with criticality classification. Concentration risk (% of critical operations on one vendor) measured. Exit-plan for top-N critical vendors documented.

Notes

DORA introduced critical ICT third-party designation (CTPP). APRA CPS 230 has equivalent material-service-provider rules. Both need real numbers, not 'we use AWS'.

Other regs: EU DORA, EU NIS2, US CIRCIA Sectors: bankscritical-infrastructure

APRA CPS 230AU +1

Chaos engineering / failure injection in production

Production

Resilience & continuity

5 tools

Tooling options

AWS Fault Injection ServicemanagedChaos MeshossGremlincommercialLitmusossSteadybitcommercial

Evidence shape

Scheduled chaos experiments with documented blast radius. Hypothesis-driven (we expect X to happen; did it?). Postmortem when hypothesis was wrong.

Notes

DORA Art. 25 (threat-led penetration testing) implies dynamic resilience testing; chaos engineering is its operational analogue.

Other regs: EU DORA Sectors: bankscritical-infrastructure

EU NIS2EU +3

Fast incident reporting capability (≤72h)

Security operations

Incident response

5 tools

Tooling options

PagerDuty (with regulator templates)commercialFireHydrantcommercialIncident.iocommercialRootlycommercialCustom Slack workflow + templatesmanaged

Evidence shape

Pre-templated regulator-notification drafts (per regulator). Drill quarterly: time from detection to draft sent. Audit trail of incident decisions.

Notes

US CIRCIA: 72h incident, 24h ransom payment. NIS2: 24h early-warning, 72h notification. SOCI 2018: critical infrastructure asset incidents 72h. The shape of the obligation is similar globally.

Other regs: US CIRCIA, APRA CPS 234, SOCI Act 2018+ Sectors: banksgovernmentcritical-infrastructure

ASD Essential 8AU +1

Blameless postmortems for every Sev-1 + Sev-2

Operations

Incident response

4 tools

Tooling options

Notion / Confluence templatescommercialPagerDuty PostmortemscommercialJeli (acquired by PagerDuty)commercialHowie (the post-incident guide)oss

Evidence shape

Postmortem published within 14 days of every Sev-1/2. Action items tracked with closure-SLA. Quarterly read-back: themes, contributing factors, systemic gaps.

Notes

Action items that don't close = postmortems that don't compound. Google SRE Workbook Chapter 10 is the canonical reference.

Other regs: ISO/IEC 27001 Sectors: all

ASD Essential 8AU +5

Patching SLA for KEV-listed CVEs (≤14 days)

Production

Vulnerability management

5 tools

Tooling options

CISA KEV catalog (free RSS/JSON feed)standardTenable.iocommercialQualys VMDRcommercialWizcommercialAqua / Trivy + Dependency-Track for SBOM-drivenoss

Evidence shape

Per-CVE: detection time, patch-deployed time. MTTR for KEV-class trending below 14 days. Out-of-SLA list (in writing, with owner) for any gap.

Notes

CISA KEV is the actually-exploited subset; far better priority than CVSS-score alone.

Other regs: NIST SSDF (800-218), CISA SSA, APRA CPS 234, EU DORA, EU NIS2 Sectors: all

Anti-pattern to avoid

See anti-pattern catalogue →

ASD Essential 8AU +3

Tamper-evident, centralised, queryable audit logs

All services

Audit & logging

6 tools

Tooling options

AWS CloudTrail + CloudWatch Logs InsightsmanagedAzure Monitor + SentinelmanagedGCP Cloud Audit LogsmanagedSplunkcommercialDatadog Audit TrailcommercialLoki + Grafanaoss

Evidence shape

Per audit event: who, what, when, source. Retention per regulator (HIPAA 6 years; GDPR variable). Immutability proof (object-lock / write-once / hash-chain).

Notes

Local log files don't pass audit. Centralised + tamper-evident is the baseline.

Other regs: HIPAA, ISO/IEC 27001, NIST SP 800-53 Sectors: all

PCI DSS 4.0INTL +2

TLS 1.3 everywhere (no fallback to TLS 1.0/1.1)

Network

Cryptography & secrets

5 tools

Tooling options

AWS ACM + ELB cipher policiesmanagedCloudflare TLS settingsmanagedMozilla SSL Config Generatorosstestssl.shossWireshark + Zeek for traffic verificationoss

Evidence shape

External scan (Qualys SSL Labs / testssl) showing A+ grade. Cipher allow-list documented. Audit log of any TLS-version-downgrade attempts.

Notes

PCI DSS 4.0 explicitly requires TLS 1.2+ (not 1.0/1.1) since 30 March 2025.

Other regs: HIPAA, ISO/IEC 27001 Sectors: all

PCI DSS 4.0INTL +2

Per-customer / per-tenant KMS keys (BYOK or CMK)

Data plane

Cryptography & secrets

4 tools

Tooling options

AWS KMS (with per-tenant CMK)managedGCP Cloud KMS / EKMmanagedAzure Key Vault Managed HSMmanagedHashiCorp Vault Transit secrets engineoss

Evidence shape

Per-tenant key inventory. Key-rotation cadence enforced. Key-deletion as a real operation (crypto-shredding for tenant offboarding).

Notes

BYOK only meaningful if you can demonstrate the key is exclusive to one tenant and rotated independently.

Other regs: HIPAA, ISO/IEC 27001 Sectors: bankshealthcaregovernment

ISO/IEC 27001INTL +1

Secret scanning + auto-revocation in CI

Source · CI/CD

Cryptography & secrets

5 tools

Tooling options

GitGuardiancommercialGitHub Advanced Security secret scanningmanagedTrufflehogossAWS IAM Access Analyzer unused-keymanagedHashiCorp Vault leases (auto-revoke)oss

Evidence shape

Pre-commit + push-time + retroactive scanning. Detected-secret-to-revocation MTTR. Quarterly retroactive scan of all repos.

Notes

A leaked secret rotated in 30 days is a breach. Auto-revocation pipeline matters more than detection.

Other regs: NIST SP 800-53 Sectors: all

APRA CPS 230AU +2

Progressive deployment / blast-radius reduction

Release pipeline

Change & release management

6 tools

Tooling options

ArgoCD (with rollouts)ossFlaggerossLaunchDarklycommercialStatsigcommercialSpinnakerossAWS CodeDeploy linear/canarymanaged

Evidence shape

Per service: deployment shape (canary % · linear N-min · blue-green). Auto-rollback metrics defined. Recent rollback events with timing.

Notes

Big-bang prod deploys are a CPS 230 finding-in-waiting. Progressive deployment with auto-rollback is the operational standard.

Other regs: ISO/IEC 27001, NIST SP 800-53 Sectors: all

ASD Essential 8AU +2

Application allowlisting (no unsigned code execution in prod)

Endpoint · Server

Change & release management

4 tools

Tooling options

Microsoft AppLocker / WDACmanagedVMware Carbon Black App ControlcommercialAWS Bottlerocket (immutable AMI)managedOpenSCAP profilesoss

Evidence shape

Endpoint policy export. Test execution of unsigned binary must be blocked. Exception list with owner + expiry.

Notes

E8 ML2+ requires application control. Hard to retrofit; bake into golden image / paved path.

Other regs: NIST SP 800-53, ISO/IEC 27001 Sectors: governmentcritical-infrastructure

APRA CPS 230AU +3

Inherited golden signals (latency, traffic, errors, saturation)

All services

Observability

5 tools

Tooling options

OpenTelemetry (auto-instrumentation)ossDatadog APMcommercialGrafana Tempo + Mimir + LokiossHoneycombcommercialNew Reliccommercial

Evidence shape

Per service: 4 golden signals dashboard inherited from paved path. SLO + error-budget per critical service. Alert quality (actionable-rate) ≥70%.

Notes

Inherited (paved path) beats per-team-set-up-their-own. The control is consistency across the fleet.

Other regs: EU DORA, EU NIS2, NIST SP 800-53 Sectors: all

ISO/IEC 27001INTL +1

SIEM / SOC integration with detection-as-code

Security operations

Observability

5 tools

Tooling options

Microsoft Sentinel (KQL detection)managedSplunk Enterprise SecuritycommercialPanthercommercialElastic SecuritycommercialSigma rules + sigma-clioss

Evidence shape

Detection rules in git. PR-reviewed. CI-tested against historical events. Rule effectiveness reviewed monthly.

Notes

Detection-as-code beats SIEM-managed-by-vendor. Treats security like the engineering practice it is.

Other regs: NIST SP 800-53 Sectors: all

NIST SP 800-53INTL +2

Network segmentation between IT and OT zones

Network

Workload isolation

5 tools

Tooling options

Cisco TrustSec / ISEcommercialPalo Alto Networks NGFW with zonescommercialIllumio (zero-trust segmentation)commercialIndustrial DMZ + jump hostsmanagedMicrosoft Defender for IoTcommercial

Evidence shape

Zone-and-conduit model documented (per IEC 62443-3-2). Inter-zone traffic logged. Conduits monitored. Unauthorised flow alerts.

Notes

IEC 62443 zone-and-conduit model is now the de-facto bar for OT/ICS environments. SOCI 2022 SLACIP-amendment audits ask after this.

Other regs: ISO/IEC 27001, IEC 62443 Sectors: critical-infrastructure

NIST SP 800-53INTL +1

Service mesh mTLS between microservices

K8s · Network

Workload isolation

5 tools

Tooling options

IstioossLinkerdossHashiCorp Consul ConnectossAWS App MeshmanagedCilium Service Meshoss

Evidence shape

100% intra-cluster traffic encrypted (mesh dashboard). Strict mTLS mode (no plaintext fallback). Cert rotation cadence.

Notes

Service mesh is real platform investment. Adopt if 20+ services and a platform team; defer otherwise.

Other regs: ISO/IEC 27001 Sectors: bankshealthcaregovernment

NIST SP 800-53INTL +2

Production workload runs without privileged escalation

K8s · Container

Workload isolation

5 tools

Tooling options

Kyverno (disallow-privileged)ossOPA Gatekeeper PSS profilesossFalco runtime detectionossPod Security Standards: restrictedstandardBottlerocket / gVisor for sandboxingoss

Evidence shape

Admission policy enforcing restricted PSS profile. No privileged: true in production. Exception list with owner + expiry.

Notes

Default-deny privileged execution; allow only with explicit exception. This is the bar Kubernetes Pod Security Standards 'restricted' enforces.

Other regs: ISO/IEC 27001, PCI DSS 4.0 Sectors: all

ISO/IEC 27001INTL +2

Quarterly user-access review (UAR) with attestation

Identity

Access reviews

4 tools

Tooling options

Okta Access CertificationscommercialSailPoint IdentityNowcommercialMicrosoft Entra Access ReviewsmanagedAWS IAM Access Analyzer (last-used)managed

Evidence shape

Per quarter: every privileged user reviewed by a manager. Review evidence signed. Revocations logged with timing.

Notes

Manual UARs by spreadsheet collapse at scale. The control needs an attestation engine, not a Friday-afternoon Excel.

Other regs: NIST SP 800-53, APRA CPS 234 Sectors: banksgovernmenthealthcare

APRA CPS 230AU +1

Critical operation register with substitutability analysis

Risk function

Operational risk

3 tools

Tooling options

ServiceNow Operational RiskcommercialCustom register in confluence / wikimanagedRiskonnectcommercial

Evidence shape

Critical operations enumerated. Per operation: substitute (manual / backup / contracted alternative) tested. Tolerance for disruption set.

Notes

CPS 230 explicitly requires this. The 'tolerance for disruption' is the regulator's pet metric.

Other regs: SOCI Act 2018+ Sectors: bankscritical-infrastructure

HIPAAUS

Business Associate Agreement (BAA) with every PHI handler

Vendor mgmt

Third-party risk

5 tools

Tooling options

OneTrust BAA modulecommercialDocuSign + central BAA registrycommercialAWS BAA (signed)managedGCP BAA (signed)managedAzure BAA (signed)managed

Evidence shape

BAA registry. Every vendor processing PHI on signed BAA. Annual review. Termination + data-return clauses tested.

Notes

Major cloud providers offer pre-signed BAAs; smaller vendors often forgotten and become the audit finding.

Sectors: healthcare

FDA SaMDUS +2

Post-market surveillance (PMS) plan for SaMD

Documentation · Operations

AI evals & guardrails

3 tools

Tooling options

Greenlight Guru QMScommercialMatrix RequirementscommercialCustom QMS in confluence + gitmanaged

Evidence shape

PMS plan document. Adverse-event capture mechanism. Periodic safety update report (PSUR) cadence. Field-action procedure tested.

Notes

FDA expects PMS for any clinical AI. Maps to ISO 14971 risk management.

Other regs: ISO 13485, IEC 62304 Sectors: healthcare

ASD Essential 8AU +2

Infrastructure-as-code with plan-time policy check

CI/CD

Change & release management

5 tools

Tooling options

Terraform + Conftest/OPAossPulumi + Policy-as-CodecommercialCheckovosstfsec / Trivy IaCossAWS CloudFormation Guardmanaged

Evidence shape

Every infra change via PR. Plan-time policy check blocks bad configs (public S3, root-account use, untagged resources). Out-of-band changes alerted.

Notes

ClickOps in production = audit finding. IaC + plan-time policy is the bar.

Other regs: ISO/IEC 27001, NIST SP 800-53 Sectors: all

NIST SP 800-53INTL +1

Drift detection (cloud config matches IaC source-of-truth)

Cloud · Tooling

Change & release management

5 tools

Tooling options

AWS Config RulesmanagedAzure Policy compliancemanagedGCP Asset Inventory + policymanagedDriftctlossTerraform Cloud / Enterprise drift detectioncommercial

Evidence shape

Daily / hourly drift report. Out-of-IaC changes alerted to owner. Closed-loop: drift → patched in code + applied, not patched in cloud alone.

Notes

Drift accumulates silently. Detection alone is necessary but not sufficient — the loop must close back to code.

Other regs: ISO/IEC 27001 Sectors: all

APRA CPS 230AU

Per-service / per-tenant cost attribution

Cloud · FinOps

Operational risk

5 tools

Tooling options

AWS Cost Categories + CURmanagedGCP Billing reports + labelsmanagedAzure Cost Management + tagsmanagedVantagecommercialOpenCost / Kubecostoss

Evidence shape

Per service / per tenant cost trend monthly. Cost spike (>30%) triggers owner alert. Cost-per-resolved-task / cost-per-transaction trending.

Notes

CPS 230 doesn't name cost explicitly, but financial sustainability of critical operations is in scope. FinOps Foundation Framework is the operational substrate.

Sectors: all

ISO/IEC 27001INTL +1

Crypto-agility plan (PQC transition readiness)

Engineering

Cryptography & secrets

4 tools

Tooling options

Open Quantum Safe (liboqs)ossAWS KMS PQC supportmanagedCryptoNext SecuritycommercialNIST PQC standards (ML-KEM, ML-DSA, SLH-DSA)standard

Evidence shape

Crypto inventory (where is asymmetric crypto used). PQC transition plan with milestones. Pilot with hybrid (classical + PQC) on one critical path.

Notes

NIST finalised PQC standards Aug 2024 (FIPS 203/204/205). Regulators are starting to ask about transition plans.

Other regs: NIST SP 800-53 Sectors: banksgovernmentcritical-infrastructure

EU AI ActEU +1

AI risk classification + impact assessment

Governance

AI evals & guardrails

4 tools

Tooling options

Custom risk-classification templatemanagedCredo AIcommercialHolistic AIcommercialMicrosoft Responsible AI Impact Assessmentmanaged

Evidence shape

Per AI use-case: risk tier (per EU AI Act + internal taxonomy). Impact assessment signed. Review cadence + trigger events.

Notes

EU AI Act Art. 9 (risk management system). NIST AI RMF MAP function. ISO 42001 Annex A.6.1.

Other regs: ISO/IEC 42001 Sectors: banksgovernmenthealthcarecritical-infrastructure

EU AI ActEU +1

Data poisoning + model-supply-chain controls

ML pipeline

AI evals & guardrails

4 tools

Tooling options

Hugging Face model scanning (Picklescan)ossProtect AI Guardian (model scanning)commercialML-BOM (CycloneDX ML extension)standardMLflow model registry with sigstoreoss

Evidence shape

All models scanned for serialised-code exploits. ML-BOM published per model. Training-data provenance documented.

Notes

Pickle files in shared model registries are an active attack surface. ML-supply-chain is the new software-supply-chain.

Other regs: ISO/IEC 42001 Sectors: banksgovernmenthealthcarecritical-infrastructure

BCBS 239INTL

Risk data aggregation traceability (BCBS 239)

Risk data platform

Data governance

4 tools

Tooling options

SolidatuscommercialMantacommercialOpenLineage + dbtossCollibracommercial

Evidence shape

Risk report → upstream system traceable. Adjustments logged. Materiality of each manual override classified.

Notes

G-SIBs were given BCBS 239 in 2013, due 2016, mostly still failing 2024 (BCBS reviews are public). The substrate is the gap, not the regulation.

Sectors: banks

IRAPAU

Sovereign cloud region with assessed controls

Cloud

Workload isolation

4 tools

Tooling options

AWS Sydney Region (IRAP-assessed)managedAzure Sydney + Canberra regions (IRAP-assessed)managedGCP Sydney + Melbourne regions (IRAP-assessed)managedVault / sovereign IaaS (specific deployments)commercial

Evidence shape

IRAP assessment letter from provider. Workload placement policy. Data egress controls preventing cross-region routing.

Notes

Up to PROTECTED on assessed regions; SECRET typically on sovereign-only platforms.

Sectors: government

ASD Essential 8AU +1

Immutable backups with offline / air-gapped copy

Backup infrastructure

Resilience & continuity

5 tools

Tooling options

AWS Backup + Vault LockmanagedAzure Backup immutable vaultmanagedGCP Backup and DR ServicemanagedVeeam (immutable repository)commercialMinIO with object lockingoss

Evidence shape

Backup inventory + retention. Restore test quarterly. Immutability window > regulator-defined retention. Air-gap proven via network path test.

Notes

E8 ML2+ requires immutable + tested backups. Ransomware resilience is the underlying threat.

Other regs: ISO/IEC 27001 Sectors: all

EU GDPREU +1

Granular consent capture + revocation propagation

Frontend · backend

Data governance

4 tools

Tooling options

OneTrust Cookie ConsentcommercialCookiebotcommercialCustom consent management with audit logmanagedTranscend Consent Managementcommercial

Evidence shape

Consent capture audit log per user. Revocation triggers downstream-system removal within N hours. Granularity matches actual purposes (not 'accept all').

Notes

Cookie banner alone doesn't satisfy. The control is propagation of revocation to every downstream consumer.

Other regs: AU Privacy Act Sectors: all

NIST SP 800-53INTL +2

Zero-trust network access (replace VPN)

Network · Identity

Identity & access

6 tools

Tooling options

Cloudflare Zero TrustcommercialZscaler ZPAcommercialTailscalecommercialTwingatecommercialGoogle BeyondCorp EnterprisecommercialAWS Verified Accessmanaged

Evidence shape

VPN decommissioning roadmap (or done). Per-app access tied to identity + device posture. Audit log per access decision.

Notes

Always-on VPN is the legacy. ZTNA per-app, per-identity, per-posture is the bar.

Other regs: ISO/IEC 27001, ASD Essential 8 Sectors: all

ISO/IEC 27001INTL

DNSSEC + CAA records + MTA-STS

DNS · Email

Cryptography & secrets

4 tools

Tooling options

Cloudflare DNS (DNSSEC, CAA)managedAWS Route 53 (DNSSEC)managedHardenize.com (audit)ossinternet.nl (audit)oss

Evidence shape

DNSSEC validated externally. CAA records limit cert issuance. SPF + DKIM + DMARC at p=reject. MTA-STS published.

Notes

Often skipped because 'we have HTTPS'; the DNS + email-auth controls close a different attack class.

Sectors: all

PCI DSS 4.0INTL +2

API rate limiting + authentication on every endpoint

API gateway

Workload isolation

5 tools

Tooling options

AWS API Gateway + WAFmanagedAzure API ManagementmanagedKongossTykossCloudflare API Shieldcommercial

Evidence shape

Per endpoint: auth method documented (API key / OAuth / mTLS). Rate-limit profile applied. Unauthenticated endpoints registry (intentional exceptions only).

Notes

OWASP API Security Top 10 (BOLA, BOPLA, broken auth) maps to deficiencies here. API gateway + auth-per-endpoint is the structural control.

Other regs: NIST SP 800-53, ISO/IEC 27001 Sectors: all

ASD Essential 8AU +2

Automated OS patching (≤30 days for high-severity)

Compute

Vulnerability management

6 tools

Tooling options

AWS Systems Manager Patch ManagermanagedAzure Update ManagermanagedGCP OS patch managementmanagedBigFixcommercialTaniumcommercialBottlerocket (auto-updating immutable OS)oss

Evidence shape

Patch compliance dashboard. % of fleet patched within N days of release. Out-of-SLA list with mitigation.

Notes

E8 ML2 requires 48-hour patching for working exploits, 1-month for known vulns. The structural fix is immutable / auto-updating base images.

Other regs: ISO/IEC 27001, PCI DSS 4.0 Sectors: all

PCI DSS 4.0INTL +1

WAF with managed rule sets + bot management

Edge

Workload isolation

5 tools

Tooling options

Cloudflare WAF + Bot ManagementcommercialAWS WAF + Managed RulesmanagedAzure Front Door WAFmanagedFastly Next-Gen WAF (Signal Sciences)commercialOWASP ModSecurity Core Rule Setoss

Evidence shape

WAF enabled in blocking mode. Managed-rule subscription current. Custom rules version-controlled. Per-incident WAF-block review.

Notes

WAF in 'monitor' mode never moved to 'block' is the most common shelfware control.

Other regs: NIST SP 800-53 Sectors: all

ISO/IEC 27001INTL +1

Board-level reporting on technology risk (quarterly)

Governance

Operational risk

3 tools

Tooling options

Custom board pack templatemanagedDiligent BoardscommercialInternal dashboard (Looker / Tableau)commercial

Evidence shape

Quarterly board pack with technology / cyber / AI risk reporting. Action items tracked. Materiality threshold documented.

Notes

EU NIS2 explicit board accountability. APRA CPS 234 + CPS 230 board-level oversight. ISO 42001 top management responsibility.

Other regs: ISO/IEC 42001 Sectors: bankscritical-infrastructurehealthcare