Resource
Regulatory Mapping: SOX, HIPAA, FedRAMP → Agent Controls
A reference document that maps specific regulatory requirements to the controls that satisfy them and the evidence those controls produce. Built for compliance teams evaluating AI agent governance.
Regulations Covered
| Regulation | Key Requirements Mapped |
|---|---|
| SOX (IT General Controls) | Access controls, change management, monitoring, evidence retention |
| HIPAA Security Rule | Access controls, audit controls, transmission security, PHI handling |
| FedRAMP / NIST 800-53 | AC-* (access), AU-* (audit), CA-7 (continuous monitoring), SC-* (system comms) |
| SOC 2 (TSC) | CC6.1 (logical access), CC7.2 (monitoring), CC8.1 (change management) |
| EU AI Act (high-risk) | Transparency, human oversight, logging, risk management |
Each mapping includes: the specific requirement, the Claw EA control that addresses it, and the proof artifact that serves as evidence.