Compliance

Aurva maps the state of each data asset to the applicable controls of major regulatory frameworks and shows which controls are passing, failing, or not applicable.

Supported Frameworks

Framework	Region/Domain
SEBI	India — Securities markets
PCI-DSS	Global — Payment card data
HIPAA	US — Healthcare data
GDPR	EU — Personal data
NIST CSF	Global — Cybersecurity posture
CIS Controls	Global — Security benchmarks
ISO 27001	Global — Information security management

How Compliance Status Is Calculated

A control is Compliant when:

1. All associated DSPM checks pass (encryption enabled, no public exposure, etc.)
2. No active policy violations exist for that control category

A control is Non-Compliant when any check fails or a violation is open. Resolving the underlying finding or suppressing the violation (with justification) updates the status.

Asset-Level Compliance Tab

Navigate to any data asset → Compliance Tab to see:

• Control code and name
• Categories (DSPM check or DAM violation)
• Current compliance status (Compliant / Non-Compliant / Not Applicable)

Common Workflows

Closing Compliance Gaps

1. 1

   Select a framework

   Filter the Compliance Tab by the target framework (e.g. PCI-DSS).

2. 2

   Identify non-compliant controls

   Look for red or orange status indicators.

3. 3

   Open the underlying finding

   Click a control to see which check failed or which violation triggered it.

4. 4

   Remediate or suppress

   Fix the misconfiguration (e.g. enable encryption) or suppress with a documented justification and expiry date.

5. 5

   Re-scan to update status

   Trigger a scan or wait for the next auto-scan. Status updates automatically.

Generating Auditor Evidence

From the Compliance Tab, use the Export function to download a CSV of control statuses. Combine with Audit Trail exports for complete evidence packages.