# Compliance Matrix

The Compliance Matrix maps CERTINext capabilities to major security and regulatory frameworks, enabling organizations to demonstrate compliance and audit readiness.

### Compliance Mapping Table

| CERTINext Capability               | SOC 2 | ISO 27001                         | NIST    | eIDAS / ETSI             |
| ---------------------------------- | ----- | --------------------------------- | ------- | ------------------------ |
| Certificate Inventory & Visibility | CC7   | A.8 Asset Management              | ID.AM   | ETSI EN 319              |
| Role-Based Access Control (RBAC)   | CC6   | A.9 Access Control                | AC      | eIDAS Access Control     |
| Audit Logging & Monitoring         | CC7   | A.12 Logging                      | AU      | ETSI Audit Requirements  |
| Certificate Lifecycle Automation   | CC8   | A.12 Operations Security          | CM      | ETSI Lifecycle Controls  |
| Key Management & Rotation          | CC6   | A.10 Cryptography                 | IA / SC | ETSI Key Management      |
| Policy Enforcement                 | CC5   | A.5 Information Security Policies | PL      | ETSI Policy Compliance   |
| Vulnerability Detection            | CC7   | A.12.6 Technical Vulnerabilities  | SI      | ETSI Risk Controls       |
| Incident Response Support          | CC7   | A.16 Incident Management          | IR      | ETSI Incident Handling   |
| CA Governance & Trust Management   | CC6   | A.15 Supplier Relationships       | CA      | Qualified Trust Services |
| Reporting & Compliance Evidence    | CC7   | A.18 Compliance                   | AU      | ETSI Audit Reporting     |

### Key Points

* Supports WebTrust and ETSI audit environments
* Aligns with CA/B Forum requirements
* Enables Qualified Certificate workflows (eIDAS)
* Provides audit-ready reporting and evidence


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/policies-governance-and-compliance/compliance-matrix.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.