Compliance

Built to be audited.

The stack maps to the frameworks your assessors already use. Controls are enforced in the execution path and evidenced by structured, exportable logs.

Compliance framework coverage
FrameworkControls provided
NIST AI RMFGovern (platform policies, trust scoring) · Map (component registry, classification) · Measure (trust scores, usage stats) · Manage (tool controls, drift detection)
NIST CSFIdentify · Protect · Detect · Respond · Recover, mapped across registry, DLP/RBAC, audit and telemetry, SIEM export, and audit trail
SOC 2Audit logging, access controls, encryption, DLP, change tracking
GDPRDLP, data residency via on-premises deployment, right-to-erasure support
ISO 27001RBAC, audit trails, security policies
FISMA / FedRAMPAC · AU · CM · IA · SC · SI control families; self-managed deployment inside your authorization boundary
CMMCAccess control, audit and accountability, configuration management, identification and authentication
Evidence

Structured JSON logs

Every prompt, response, tool call, and model interaction logged and exportable. Assessors get evidence, not assertions.

SIEM

Splunk and Datadog export

Audit streams flow to your existing detection and response tooling via syslog.

Integrity

Tamper-evident trails

Complete, reconstructable decision trails, with telemetry deletions requiring a written reason.

Data handling

Classification-based routing

Data classification schemes route workloads to cloud, on-premises, or air-gapped processing based on sensitivity.

Code

CIS and STIG enforcement

Studio applies hardening profiles at generation time and documents every applied control with its STIG ID.

Posture

Continuous compliance monitoring

WALDO trust scores turn compliance from a point-in-time audit into a continuously measured posture.

Next step

Bring your control matrix. We'll map to it.

Request a briefing with your compliance leads and walk the evidence chain end to end.