Regulatory Frameworks
6
Mapped Controls
140+
Industries Covered
8
Evidence Artefacts
60+
Supported Frameworks

Regulatory Framework Coverage

Orvexium provides cryptographic controls evidence mapped to each framework's specific requirements — enabling security teams to demonstrate compliance without translating engineering documentation into audit language.

EU Regulation

GDPR

Articles 25 and 32 — encryption, pseudonymisation, and data-by-design controls. Orvexium maps AES-256-GCM and field-level encryption to Art. 32 technical measures.

  • Art. 32
  • Art. 25
  • DPIA Support
International Standard

ISO/IEC 27001:2022

Annex A controls A.8.24 (Use of Cryptography) and A.8.20 (Networks Security). Full ISMS control mapping with cryptographic policy templates and evidence documentation.

  • A.8.24
  • A.8.20
  • ISMS Mapping
US Federal

NIST CSF 2.0

Protect function — PR.DS (Data Security) and PR.AC (Identity Management) subcategory mapping. Orvexium controls align to SP 800-53 Rev. 5 SC and IA control families.

  • PR.DS
  • SP 800-53
  • FIPS 140-2
AICPA Standard

SOC 2 Type II

Common Criteria CC6.x (Logical Access) and Availability A1.x. Cryptographic controls for CC6.7 (encryption in transit) and CC6.1 (access restriction) with audit evidence packages.

  • CC6.7
  • CC6.1
  • Evidence Package
US Healthcare

HIPAA Security Rule

§164.312 Technical Safeguards — encryption and decryption of ePHI in transit and at rest. AES-256 encryption mapping with key management policy documentation for covered entities.

  • §164.312
  • ePHI Encryption
  • BAA Support
Payment Industry

PCI-DSS v4.0

Requirements 3 (Protect Stored Account Data), 4 (Encrypt Transmission), and 12.3 (Risk-Targeted Analysis). P2PE-compatible key management controls and cardholder data encryption evidence.

  • Req 3 & 4
  • Key Management
  • P2PE Controls
Assessment Methodology

Compliance Gap Analysis Process

01

Scope Definition

Identify applicable frameworks based on industry, jurisdiction, data classification, and contractual obligations. Map system boundaries and data flows to regulatory scope.

02

Control Inventory

Document existing cryptographic controls — encryption algorithms, key lengths, key management procedures, certificate lifecycles, and access controls — against framework requirements.

03

Gap Identification

Cross-reference documented controls against each framework's specific requirements. Identify missing controls, weak implementations, and documentation deficiencies requiring remediation.

04

Remediation Roadmap

Prioritised remediation plan with Orvexium cryptographic controls mapped to each gap — including implementation guidance, evidence collection procedures, and audit artefact templates.

Ready to Get Started?

Begin Your Compliance Assessment

The quantum threat is not theoretical. Organizations that migrate to post-quantum cryptography today will be the ones still secure in 2030.