Reference

Compliance

Every finding is automatically mapped to relevant security frameworks. Orithos maps 79 controls across 8 frameworks.

Supported frameworks

OWASP LLM

12 controls

CWE

15 controls

MITRE ATLAS

10 controls

NIST AI RMF

8 controls

SOC 2

10 controls

ISO 27001

8 controls

HIPAA

9 controls

NIST 800-53

7 controls

Control mappings

Each probe is mapped to one or more framework controls. When a probe produces a finding, the finding inherits those mappings. This means a single finding can be linked to OWASP LLM-02, CWE-88, and SOC 2 CC6.1 simultaneously.

Per-scan compliance reports

Compliance reports aggregate findings by framework. Each report shows:

Pass rate

Percentage of controls that passed with no findings.

Risk weight

Aggregated severity score per control, weighted by criticality.

Evidence links

Direct links to findings with supporting evidence per control.

curl https://api.orithos.dev/v1/scans/{scan_id}/compliance   -H "Authorization: Bearer {api_key}"

Risk weights

Each control has a configurable risk weight (1-5) reflecting its importance to your security posture. The compliance score is the weighted pass rate across all mapped controls. Default weights align with common audit requirements.