# Compliance Mapping Use this language to map technical controls to audit objectives. Do not claim that a product alone makes an environment compliant. ## GDPR and LGPD - Data minimization: Data Masking and Subsetting reduces personal data exposure in non-production and analytics environments. - Security of processing: TDE, OKV, Database Vault, AVDF, Data Safe, and least privilege support confidentiality, integrity, monitoring, and accountability. - Access governance: Database Vault separation of duties, user assessment, privilege review, and audit evidence support accountability. - Breach investigation: AVDF/Data Safe audit trails, alerting, and SQL activity records support forensic review. ## PCI-DSS - Protect stored cardholder data: TDE plus strong key management with OKV supports encryption at rest and key lifecycle requirements. - Restrict access by need to know: Database Vault, least privilege, and optional Label Security or VPD patterns support access restriction. - Track and monitor access: Unified Audit, AVDF, Data Safe auditing, Database Firewall, reports, and SIEM forwarding support monitoring requirements. - Test security systems: PoC acceptance tests, firewall policy validation, key rotation tests, and audit report review provide evidence. ## HIPAA - Access control: least privilege, Database Vault, and user assessment support access control safeguards. - Audit controls: AVDF, Data Safe activity auditing, and unified audit policies support auditability. - Integrity and transmission controls: pair database controls with application, network, and platform controls; database security does not replace TLS or application safeguards. - Encryption: TDE and OKV support addressable encryption safeguards for data at rest. ## SOX - Change and privileged access controls: Database Vault command rules, realms, AVDF monitoring, and audit reports support segregation of duties and privileged activity oversight. - Evidence: scheduled reports, immutable audit storage practices, SIEM forwarding, and documented review workflows support control attestation. - Data integrity: use database auditing, access controls, and controlled administrative procedures around financial reporting systems. ## Evidence Artifacts - Architecture diagram with control ownership. - List of protected schemas/tables/columns and data classification. - TDE wallet or OKV key management policy. - Database Vault realm, rule set, command rule, and factor inventory. - Audit policies, retention settings, reports, and sample alerts. - Masking definitions, subsetting criteria, and refresh procedure. - Exceptions, residual risks, and compensating controls.