Skip to main content

Compliance Framework Status

ASCEND has been assessed against major regulatory and compliance frameworks.

Compliance Readiness Overview

FrameworkReadinessControls VerifiedPriority
SOC 2 Type II90%45/50Enterprise
PCI-DSS v4.085%170/200Financial Services
HIPAA90%36/40Healthcare
FedRAMP Moderate75%225/300Government
NIST AI RMF95%38/40AI Governance
ISO 2700185%85/100International
GDPR80%32/40EU Data Protection

SOC 2 Type II

Trust Service Criteria Coverage

Security (Common Criteria)

ControlDescriptionStatus
CC6.1Logical Access SecurityVERIFIED
CC6.2Access ProvisioningVERIFIED
CC6.3Access RevocationVERIFIED
CC6.6External AccessVERIFIED
CC6.7Data TransmissionVERIFIED
CC7.2System MonitoringVERIFIED
CC7.3Incident DetectionVERIFIED

Key Implementations

  • Access Control: 6-level RBAC with JWT authentication
  • Encryption: TLS 1.3, AES-256-GCM
  • Audit Logging: Hash-chained immutable logs
  • Monitoring: CloudWatch integration, real-time alerts

PCI-DSS v4.0

Requirements Coverage

RequirementDescriptionStatus
3.5Protect Cryptographic KeysVERIFIED
4.2Strong Cryptography in TransitVERIFIED
6.2Secure DevelopmentVERIFIED
7.1Access ControlsVERIFIED
8.xUser AuthenticationVERIFIED
10.xAudit LoggingVERIFIED

Key Implementations

  • Key Management: AWS KMS with BYOK support
  • Encryption: AES-256-GCM, TLS 1.3
  • Development: Automated security testing in CI/CD
  • Authentication: MFA, password policies

HIPAA

Technical Safeguards (164.312)

StandardRequirementStatus
164.312(a)Access ControlVERIFIED
164.312(b)Audit ControlsVERIFIED
164.312(c)IntegrityVERIFIED
164.312(d)AuthenticationVERIFIED
164.312(e)Transmission SecurityVERIFIED

Key Implementations

  • Access Control: RBAC with organization scoping
  • Audit Controls: WORM audit logs with 7-year retention
  • Encryption: Data encrypted at rest and in transit
  • BAA: Available upon request

NIST AI RMF

ASCEND demonstrates strong alignment with the NIST AI Risk Management Framework.

Function Coverage

FunctionCategoryStatus
GOVERNAI governance frameworkVERIFIED
GOVERNAccountability structureVERIFIED
MAPAI system contextVERIFIED
MAPRisk categorizationVERIFIED
MEASURERisk measurement (CVSS)VERIFIED
MEASUREEvaluation trackingVERIFIED
MANAGERisk prioritizationVERIFIED
MANAGERisk response (Kill Switch)VERIFIED

Key Implementations

  • Policy Engine: Configurable governance rules
  • Risk Scoring: CVSS v3.1 for all AI actions
  • Kill Switch: Sub-100ms agent termination
  • Audit Trail: Immutable decision logging

FedRAMP Moderate

Control Family Coverage

FamilyControls ImplementedPercentage
AC (Access Control)20/2580%
AU (Audit)14/1688%
IA (Identification/Auth)11/1292%
SC (System Communications)35/4480%
SI (System Information)12/1675%

In Progress

  • System Security Plan (SSP) documentation
  • 3PAO assessment engagement
  • Continuous monitoring setup

Compliance Roadmap

Immediate (0-30 Days)

ActionFramework
Complete session revocationAll
Document IR proceduresSOC 2, PCI-DSS
Create BAA templateHIPAA

Short-term (30-60 Days)

ActionFramework
Third-party penetration testPCI-DSS
DR documentation and testingSOC 2, HIPAA
Hard delete implementationGDPR

Long-term (60-90 Days)

ActionFramework
FedRAMP SSP creationFedRAMP
3PAO engagementFedRAMP
ISO 27001 gap remediationISO 27001

Available Documentation

For compliance audits and security questionnaires:

DocumentPurpose
Security ArchitectureTechnical security design
Test CoverageVerification evidence
Audit SummaryAssessment results
System ArchitectureSystem design

Contact

Compliance Team: compliance@owkai.app

Security Team: security@owkai.app