Compliance Framework Alignment
ASCEND maps its technical controls to major regulatory and compliance frameworks. ASCEND is not itself certified or assessed against these frameworks — formal certification requires third-party auditor engagement. The mappings below show how the platform's architecture aligns to each framework so your organization can use ASCEND's controls and evidence in its own audits.
Framework Alignment Overview
| Framework | Alignment | Primary Use |
|---|---|---|
| SOC 2 Type II | Architected to SOC 2 Type II controls | Enterprise |
| PCI-DSS v4.0 | PCI-DSS-aligned controls | Financial Services |
| HIPAA | HIPAA-aligned architecture | Healthcare |
| NIST AI RMF | Aligned to NIST AI RMF | AI Governance |
| ISO 27001 | ISO 27001-aligned controls | International |
| GDPR | GDPR-aligned data handling | EU Data Protection |
| NIST 800-53 | Application-layer control families mapped | Government / Federal-adjacent |
Alignment reflects control implementation mapped to each framework. Alignment does not constitute certification — formal certification requires third-party auditor engagement.
SOC 2 Type II
Trust Service Criteria Mapping
| Control | Description | ASCEND Control |
|---|---|---|
| CC6.1 | Logical Access Security | 6-level RBAC with JWT authentication |
| CC6.2 | Access Provisioning | User provisioning workflows |
| CC6.3 | Access Revocation | Access removal procedures |
| CC6.6 | External Access | API key + JWT validation |
| CC6.7 | Data Transmission | TLS 1.3 |
| CC7.2 | System Monitoring | CloudWatch integration, real-time alerts |
| CC7.3 | Incident Detection | Anomaly detection, circuit breakers |
Key Implementations
- Access Control: 6-level RBAC with JWT authentication
- Encryption: TLS 1.3, AES-256-GCM
- Audit Logging: Hash-chained immutable logs
- Monitoring: CloudWatch integration, real-time alerts
PCI-DSS v4.0
Requirements Mapping
| Requirement | Description | ASCEND Control |
|---|---|---|
| 3.5 | Protect Cryptographic Keys | AWS KMS with BYOK support |
| 4.2 | Strong Cryptography in Transit | TLS 1.3 |
| 6.2 | Secure Development | Automated security testing in CI/CD |
| 7.1 | Access Controls | RBAC, approval levels |
| 8.x | User Authentication | MFA, password policies |
| 10.x | Audit Logging | Immutable event logging |
HIPAA
Technical Safeguards (164.312) Mapping
| Standard | Requirement | ASCEND Control |
|---|---|---|
| 164.312(a) | Access Control | RBAC with organization scoping |
| 164.312(b) | Audit Controls | WORM audit logs |
| 164.312(c) | Integrity | Hash-chained immutable logs |
| 164.312(d) | Authentication | MFA, JWT validation |
| 164.312(e) | Transmission Security | TLS 1.3 |
Business Associate Agreements are available for enterprise customers (contact sales).
NIST AI RMF
ASCEND is aligned to the NIST AI Risk Management Framework.
Function Mapping
| Function | Category | ASCEND Control |
|---|---|---|
| GOVERN | AI governance framework | Configurable policy engine |
| GOVERN | Accountability structure | RBAC + immutable audit trail |
| MAP | AI system context | Agent registry + topology |
| MAP | Risk categorization | Risk scoring (CVSS/NIST/MITRE) |
| MEASURE | Risk measurement | DB-generated risk scores |
| MEASURE | Evaluation tracking | Policy evaluation logging |
| MANAGE | Risk prioritization | HITL approval workflow |
| MANAGE | Risk response | Per-tenant kill-switch |
Key Implementations
- Policy Engine: Configurable governance rules
- Risk Scoring: CVSS/NIST/MITRE for AI actions (DB-generated)
- Kill Switch: Per-tenant agent termination (kill-switch decision p99 = 17.03ms, CloudWatch, 30 samples, June 2, 2026; agent stop within one poll cycle)
- Audit Trail: Immutable decision logging
Available Documentation
For compliance audits and security questionnaires:
| Document | Purpose |
|---|---|
| Security Architecture | Technical security design |
| Test Coverage | Verification evidence |
| Audit Summary | Platform architecture summary |
Contact
Compliance Team: compliance@ascendowkai.com
Security Team: security@ascendowkai.com