Skip to content

Compliance Overview

HarborGuard treats compliance as a continuous, query-driven activity rather than a once-a-year point-in-time exercise. Every scan, triage action, attestation, and policy change is recorded as queryable evidence, and each control is re-evaluated against that evidence on demand.

Approach

ConcernHarborGuard's model
Evidence collectionAutomatic. Scan telemetry, audit logs, RBAC snapshots, and SBOMs are captured continuously.
Control evaluationOn-demand. Each control's pass/warn/fail status is computed from the live data when a report is generated.
Point-in-time exportGenerated reports are immutable artifacts pinned to a reporting period and retained per reportRetentionDays.
Audit trailEvery policy edit, role change, attestation action, and report export emits an audit event.

Supported frameworks

The following framework IDs are accepted by the compliance policy and the report builder:

IDFramework
SOC2SOC 2 Type II (2017 / 2022 revision)
PCI_DSSPCI DSS
NIST_800_190NIST SP 800-190 — Application Container Security Guide
NIST_800_53NIST SP 800-53 Rev. 5
NIST_800_171NIST SP 800-171 Rev. 3
ISO_27001ISO/IEC 27001:2022
HIPAAHIPAA Security Rule
CMMCCMMC Level 2
CIS_DOCKERCIS Docker Benchmark
FEDRAMPFedRAMP Moderate
CUSTOMOrg-defined custom framework

Multiple frameworks can be active simultaneously — set compliancePolicy.activeFramework to an array of any of the above.

What's in this section

Posture

Live compliance KPIs for coverage, MTTR, SLA, and risk score.

Compliance packs

Framework-bundled evidence reports and per-control grading rules.

Report builder

Assembling custom reports from the section catalog on demand.

Scheduling

Recurring report generation and automated delivery to channels.

See also

Previous

CVE Watch Alerts

Next

Compliance Overview

On this page