Compliance Mapping
Map QNSP audit events to compliance controls for SOC 2, PCI DSS, HIPAA, and GDPR, linking auth, access, KMS, and security events to specific requirements.
Compliance Mapping
How QNSP audit events map to compliance requirements.
SOC 2
| Control | QNSP audit events |
|---|---|
| CC6.1 Logical access | auth.login.*, access.* |
| CC6.2 Access removal | auth.token.revoked, access.policy.* |
| CC6.3 Role-based access | access.policy.evaluated |
| CC7.1 Monitoring | All events |
| CC7.2 Anomaly detection | security.* |
PCI DSS
| Requirement | QNSP audit events |
|---|---|
| 10.1 Audit trails | All events with actor |
| 10.2 Automated audit | auth.*, kms.*, access.* |
| 10.3 Event attributes | All events (timestamp, actor, resource) |
| 10.5 Secure audit trails | Merkle checkpointing |
| 10.7 Retention | Configurable retention |
HIPAA
| Safeguard | QNSP audit events |
|---|---|
| Access controls | auth.*, access.* |
| Audit controls | All events |
| Integrity controls | kms.*, checksums |
| Transmission security | TLS events |
GDPR
| Article | QNSP audit events |
|---|---|
| Art. 5 Accountability | All events |
| Art. 30 Records | Event exports |
| Art. 32 Security | security.*, access.* |
| Art. 33 Breach notification | security.breach.* |
Compliance reports
Generate compliance-specific reports:
POST /audit/v1/reports
{
"type": "soc2",
"period": {
"start": "2024-01-01",
"end": "2024-03-31"
}
}
Available report types:
soc2pci-dsshipaagdpriso27001