Compliance mappings
Each finding emitted by Sectum AI carries machine-readable control references. The audit PDF includes a per-finding mapping appendix. Below is the canonical mapping table — the source for the appendix and the answer to the auditor's "which control does this cover?" question.
Important. These are assertions of test coverage, not legal certification. The auditor or counsel makes the certification call. The wording is explicit in every evidence pack Sectum AI produces.
Mapping table
| Framework | Controls Sectum AI evidence speaks to | What the evidence asserts |
|---|---|---|
| SOC 2 (Trust Services Criteria) | CC6.1 (logical access), CC6.6 (boundary protection), CC6.7 (data in transit / segregation) | Tenant logical separation verified by adversarial and benign probing across surfaces |
| ISO/IEC 27001:2022 | A.5.15 (access control), A.8.3 (information access restriction), A.8.12 (data leakage prevention) | Cross-tenant leakage tested; residual leakage itemized per surface |
| GDPR | Art. 17 (right to erasure), Art. 32 (security of processing), Art. 25 (data protection by design) | Erasure across all AI surfaces verified; isolation tested under benign + adversarial conditions |
| EU AI Act | Art. 15 (accuracy, robustness, cybersecurity) | Robustness of tenant isolation measured under benign + adversarial conditions; quantitative outputs documented in the evidence pack |
| HIPAA | §164.312(a)(1) access control, §164.312(c)(1) integrity, §164.312(e)(1) transmission security | PHI tenant segregation verified across AI surfaces |
| NIST AI RMF | MEASURE 2.7, MANAGE 2.x | Documented measurement of multi-tenant security risk; control feedback into risk-management activities |
| OWASP LLM Top 10 | LLM08:2025 (primary); LLM02 (insecure output handling) and LLM06 (sensitive information disclosure) secondary | Direct test coverage of vector / embedding multi-tenant weaknesses |
How the mappings render in an evidence pack
The machine-readable evidence.json records mappings
on every finding:
{
"finding_id": "...",
"probe_id": "rag-entity-bleed",
"severity": "critical",
"owasp_llm": "LLM08:2025",
"atlas": ["AML.T0048"],
"nist": ["MEASURE 2.7"],
"remediation_pointer": "..."
}The audit-pack PDF includes a control-by-control coverage table in the appendix, indexed back to the findings that satisfied each control test. Auditors read the appendix; the JSON is for machine-driven downstream tooling (GRC platform ingest, internal risk-register entries).
What is and isn't covered
Sectum AI's mappings cover the multi-tenant-isolation portion of the framework. Out of scope: access management broadly (the auditor's standard CC6.x tests), encryption at rest of the underlying data store, BCDR controls, code-review evidence, vendor-risk register upkeep. Those land with the customer's GRC platform (Vanta, Drata, Secureframe). Sectum AI produces the AI-isolation slice that those platforms do not test.
See also: the attack catalog for the per-probe mapping detail, and the evidence chain for how the mappings get bound into a tamper-evident artifact.