84 Controls · 5 Zero Trust Pillars · 3 Standards

Zero Trust ComplianceAssessment Platform

Assess your healthcare system's compliance against 84 Zero Trust security controls spanning Identity, Devices, Networks, Applications, and Cross-Cutting Capabilities — aligned with CCC, HIPAA, and Saudi SeHE standards.

84
Security Controls
5
Zero Trust Pillars
3
Regulatory Standards
3
Cloud Providers

Zero Trust Framework Coverage

The assessment evaluates your infrastructure across all five Zero Trust pillars as defined by the Saudi National Cybersecurity Authority (NCA) Cloud Controls Catalog.

Identity

21 controls

IAM provisioning, MFA enforcement, privileged access management, RBAC, and Zero Trust identity verification across all users and service accounts.

Devices

21 controls

Endpoint security, MDM compliance, EDR coverage, patch management, device hardening, and full disk encryption for all managed endpoints.

Networks

17 controls

Microsegmentation, encrypted transit, WAF, DDoS protection, network monitoring, and clinical network isolation for healthcare environments.

Applications & Workloads

18 controls

Vulnerability management, secure SDLC, API security, container scanning, secrets management, and HL7/FHIR interface security.

Cross-Cutting Capabilities

18 controls

SIEM, key management, backup & recovery, incident response, data classification, breach notification, and continuous compliance monitoring.

Regulatory Standards

3 frameworks mapped
CCCCloud Controls Catalog
HIPAAHealth Insurance Portability & Accountability Act
SeHESaudi Health eHealth Standards

How It Works

A fully automated compliance engine that collects real evidence from your infrastructure and evaluates it against policy rules — no manual questionnaires.

Real-Time Evidence Collection

Connects directly to your cloud provider APIs (OCI, AWS, Azure), HIS application endpoints, and OS monitoring agents to gather live evidence.

OPA Policy Evaluation

Uses Open Policy Agent with Rego policies to evaluate each control deterministically against your actual infrastructure configuration.

Multi-Dimensional Reporting

View compliance scores broken down by Zero Trust pillar, severity level, and regulatory standard (CCC, HIPAA, SeHE) in interactive charts.

Exportable Audit Reports

Generate PDF and JSON compliance reports with control status, violation details, and remediation guidance ready for auditors.

Multi-Cloud Support

Supports Oracle Cloud Infrastructure, Amazon Web Services, and Microsoft Azure with cloud-native API integrations for each provider.

Scan History & Comparison

Track compliance posture over time with persistent scan history. Compare any two assessments to measure improvement or detect regressions.

Ready to assess your compliance posture?

Configure your target system once, run the scan, and get a detailed compliance report in minutes. No agents to install — just API credentials.