Advanced -- 1 hour

Automated Compliance Reporting

Configure the compliance engine for SOC 2, PCI DSS, HIPAA, or other frameworks. Map controls to your infrastructure and generate audit-ready reports automatically.

Prerequisites

  • QBITEL Bridge deployed and operational (Docker or Kubernetes)
  • Audit logging enabled (audit_logging_enabled: true)
  • Familiarity with at least one compliance framework (SOC 2, PCI DSS, HIPAA, etc.)

Supported Compliance Frameworks

SOC 2
Type II
PCI DSS
v4.0
HIPAA
Security Rule
NIST
800-53 r5
ISO 27001
2022
FedRAMP
High
GDPR
Art. 32
CIS
Benchmarks
CMMC
Level 2
1

Select Your Frameworks

Start by enabling the compliance frameworks that apply to your organization. You can activate multiple frameworks simultaneously and the engine will map controls across them. 

# config/compliance.yaml
compliance:
  enabled: true
  frameworks:
    - name: soc2
      enabled: true
      trust_service_criteria:
        - security
        - availability
        - confidentiality
    - name: pci_dss
      enabled: true
      version: "4.0"
      scope:
        - cardholder_data_environment
    - name: hipaa
      enabled: true
      rules:
        - security_rule
        - breach_notification
  assessment:
    schedule: "0 2 * * *"       # Daily at 2 AM
    retention_days: 365
    evidence_storage: s3
2

Map Controls to Infrastructure

The compliance engine auto-discovers your infrastructure components and maps them to relevant controls. Review and adjust the mappings to match your environment. 

# Trigger an infrastructure scan and control mapping
curl -X POST http://localhost:8000/api/v1/compliance/monitoring/start \
  -H "Content-Type: application/json" \
  -d '{
    "frameworks": ["soc2", "pci_dss"],
    "scan_scope": {
      "kubernetes_namespaces": ["qbitel-system", "production"],
      "cloud_accounts": ["aws:123456789012"],
      "network_segments": ["10.0.0.0/16"]
    }
  }'

# Review the auto-generated control mappings
curl http://localhost:8000/api/v1/compliance/frameworks | jq '.mappings[:3]'

# Example output
[
  {
    "control_id": "CC6.1",
    "framework": "soc2",
    "description": "Logical and physical access controls",
    "mapped_resources": [
      "k8s:rbac/qbitel-system",
      "k8s:networkpolicy/qbitel-system",
      "pqc:tls/production-primary"
    ],
    "status": "passing",
    "evidence_count": 14
  }
]
3

Configure Evidence Collection

Set up automated evidence collection. The engine pulls data from audit logs, Kubernetes events, PQC certificate status, access control records, and network policy configurations. 

# Configure data sources for evidence
curl -X POST http://localhost:8000/api/v1/compliance/monitoring/start \
  -H "Content-Type: application/json" \
  -d '{
    "sources": [
      {
        "type": "audit_log",
        "endpoint": "timescaledb://localhost:5432/audit",
        "retention": "365d"
      },
      {
        "type": "kubernetes",
        "kubeconfig": "/etc/qbitel/kubeconfig",
        "namespaces": ["qbitel-system"]
      },
      {
        "type": "pqc_certificates",
        "vault_endpoint": "https://vault:8200/v1/pqc"
      },
      {
        "type": "cloud_trail",
        "aws_region": "us-east-1",
        "trail_name": "qbitel-audit"
      }
    ]
  }'
4

Generate a Compliance Report

Trigger an on-demand assessment and generate a comprehensive, audit-ready report. Reports include control status, evidence links, gap analysis, and remediation recommendations. 

# Generate a SOC 2 compliance report
curl -X POST http://localhost:8000/api/v1/compliance/reports/generate \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "soc2",
    "report_type": "full_assessment",
    "period": {
      "start": "2025-01-01",
      "end": "2025-06-30"
    },
    "format": "pdf",
    "include_evidence": true,
    "include_remediation": true
  }'

# Check report generation status
curl http://localhost:8000/api/v1/compliance/monitoring/status

# Download the report
curl -o soc2-report-h1-2025.pdf \
  http://localhost:8000/api/v1/compliance/reports/rpt_soc2_001/download

Report contents: Each report includes an executive summary, per-control assessment with pass/fail status, links to evidence artifacts, a gap analysis section highlighting failing controls, and AI-generated remediation recommendations.

5

Set Up Continuous Monitoring

Enable continuous compliance monitoring to catch control violations in real time. Configure alerts for drift and schedule recurring assessments. 

# Enable continuous compliance monitoring
curl -X POST http://localhost:8000/api/v1/compliance/monitoring/start \
  -H "Content-Type: application/json" \
  -d '{
    "continuous_monitoring": true,
    "check_interval": "1h",
    "alerts": {
      "channels": ["slack", "pagerduty"],
      "slack_webhook": "https://hooks.slack.com/...",
      "severity_threshold": "warning"
    },
    "auto_remediation": {
      "enabled": true,
      "scope": ["network_policy", "rbac", "tls_config"],
      "require_approval": true
    }
  }'
Previous: Deploy to Kubernetes Next: Mainframe Modernization

Automate Your Compliance Workflow

Replace manual evidence gathering with continuous, AI-powered compliance assessment and reporting.

Quick Start Guide Star on GitHub Enterprise Support