Skip to content

Compliance Reports

OxideShield™ provides automated compliance reporting for major regulatory frameworks.

Supported Frameworks

  • NIST AI RMF - AI Risk Management Framework 1.0
  • EU AI Act - Regulation 2024/1689

Generate Reports

# All frameworks
oxideshield compliance --system "My AI System" --framework all

# Specific framework
oxideshield compliance --system "Production API" --framework eu-ai-act

# HTML output
oxideshield compliance --format html --output report.html

Security Controls

OxideShield™ maps 14 security controls to compliance requirements:

Control Component Description
CTRL-001 PatternGuard Prompt injection detection
CTRL-002 LengthGuard Input length limits
CTRL-003 EncodingGuard Encoding attack detection
CTRL-004 PerplexityGuard Adversarial suffix detection
CTRL-005 SemanticSimilarityGuard ML-based detection
CTRL-006 MLClassifierGuard Classification-based detection
CTRL-007 PIIGuard Personal data protection
CTRL-008 ToxicityGuard Harmful content detection
CTRL-009 MultiLayerDefense Orchestrated pipeline
CTRL-010 Proxy Gateway Centralized API protection
CTRL-011 Telemetry Security monitoring
CTRL-012 Scanner Red team testing
CTRL-013 Threat Intelligence Attack pattern aggregation
CTRL-014 Attestation Cryptographic audit trails

Report Contents

  • Executive summary with compliance percentage
  • Framework coverage breakdown
  • Control-to-requirement mappings
  • Rationale and evidence
  • Recommendations

Attestation for Compliance

OxideShield's Attestation Layer provides cryptographically signed audit logs that satisfy regulatory requirements for:

Framework Requirement How Attestation Helps
SOX Audit trail for financial systems Immutable, signed records
HIPAA Access logging for PHI Track PII detection events
GDPR Demonstrate data protection Prove security checks applied
FedRAMP Continuous monitoring Real-time audit trail
PCI-DSS Log access to cardholder data Track card detection events 
# Generate attestation report for auditors
oxideshield audit report \
  --format html \
  --since 30d \
  --output audit-report.html

See Attestation for full documentation.

Policy-as-Code for Compliance

Define your security posture as version-controlled policies:

apiVersion: oxideshield.ai/v1
kind: SecurityPolicy
metadata:
  name: compliance-policy
  labels:
    framework: nist-ai-rmf
spec:
  guards:
    - name: pattern
      enabled: true
      action: block
    - name: pii
      enabled: true
      action: sanitize
  enforcement:
    mode: strict

Benefits for compliance: - Audit trail - Track all policy changes in Git - Consistency - Same policy across environments - Validation - Catch misconfigurations before deployment - Simulation - Test policy behavior with test suites

See Policy-as-Code for full documentation.