Compliance Crosswalk
High-level mapping of UmamiMind controls to common frameworks (NIST 800-53 families and ISO 27001 Annex A themes). This is a procurement summary, not a certification claim.
Area
NIST
ISO
Notes
Access Control
AC
A.5 / A.6
RBAC + least privilege; tenant boundaries; privileged access logging; session controls
Cryptography
SC-12 / SC-13
A.8
TLS in transit; at-rest encryption via hosting/storage provider; secrets isolation and rotation patterns
Logging & Monitoring
AU / SI-4
A.8
Audit events for sensitive actions; operational telemetry; alerting; sampled run review (deployment dependent)
Vulnerability Management
RA / SI
A.8
Dependency hygiene; patching cadence; disclosure intake; remediation tracking
Data Retention & Deletion
MP / DM (context)
A.5 / A.8
Minimization; configurable retention where possible; deletion workflows aligned to contract and law
Change Management
CM
A.8
Versioned releases; CI checks; rollback; policy/prompt/model routing change control
Incident Response
IR
A.5
Runbooks; severity classification; customer comms templates; post-incident reviews
Resilience & Backup
CP
A.5 / A.8
Recovery planning; deployment-dependent backups; availability monitoring and capacity controls
Supplier / Subprocessors
SA-9
A.5
Risk review + contractual safeguards; subprocessor transparency; access minimization
AI / Agent Governance
PL / RA (context)
A.5
Policy-as-code guardrails; HITL approvals for high-risk actions; run traceability; risk tiering