TITAN AI · Core module · compliance_feed_updater
Your agents never go stale.
TITAN's agents pull from 36 authoritative feeds — NIST NVD, CISA KEV, MITRE ATT&CK, CIS, OWASP, HHS-OCR, HITRUST, PCI SSC, AICPA SOC 2, FedRAMP Rev 5, NENA i3, ATIS STIR/SHAKEN, CWE, and MITRE Enterprise. Every 12-24 hours. Automatically.
New CVE lands in NVD → Sentinel re-scores your surface within the next cycle. CISA publishes a new Known-Exploited Vulnerability → Scout bumps its priority on any asset that matches. HITRUST ships a new CSF version → TITAN AUDIT regenerates evidence packs with the new control map. You don’t touch a thing.
NIST NVD — CVE Modified
nvd.nist.gov/feeds/json/cve/1.1/
Daily rolling window of CVEs modified in the last 8 days. Feeds CVSS v3.1 scoring into Sentinel + Forge.
CRITICAL12h
NIST NVD — CVE Recent
nvd.nist.gov/feeds/json/cve/1.1/
Rolling window of newly-published CVEs — net-new detection surface.
routine12h
CISA KEV — Known Exploited
cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Actively-exploited in the wild. Instant priority bump: Scout marks any asset matching a KEV CVE as P1.
CRITICAL24h
MITRE ATT&CK Enterprise
raw.githubusercontent.com/mitre/cti/…/enterprise-attack.json
Full STIX bundle. Forge refuses to auto-fix if the corresponding mitigation is missing.
routineweekly
MITRE CWE Top-25
cwe.mitre.org/data/xml/cwec_latest.xml.zip
Weakness enumeration used by Sentinel to categorise finding types.
routineweekly
CIS Controls v8 YAML
github.com/CISecurity/CIS-Controls-v8-YAML
Authoritative control index. Comply maps every finding to a CIS control ID.
routineweekly
OWASP Top 10
github.com/OWASP/Top10
Current top-10 risk categorisation for web / API assets.
routineweekly
OWASP ASVS
api.github.com/repos/OWASP/ASVS/releases/latest
Application Security Verification Standard version pin — used for API / web audit evidence.
routineweekly
HHS OCR — HIPAA enforcement index
hhs.gov/hipaa/for-professionals/compliance-enforcement
Recent settlement / CAP patterns feed Comply's priority model for healthcare customers.
routine3d
HITRUST CSF releases
hitrustalliance.net/product-tool/hitrust-csf
CSF revision index — TITAN AUDIT regenerates evidence packs when a new CSF ships.
routineweekly
PCI DSS document library
pcisecuritystandards.org/document_library
PCI DSS version + document-library index; keeps the PCI mapping current for banking + ecomm customers.
routineweekly
FedRAMP Rev 5
fedramp.gov/rev5/
Baseline + transition announcements. Referenced by Comply + AUDIT for federal customers.
routine3d
NENA i3 (E911) version
nena.org/page/i3_Stds
i3 standard revision index for telecom-E911 pipeline checks.
routine14d
ATIS STIR/SHAKEN
atis.org/sti-ga/resources/
STIR/SHAKEN spec index for carrier caller-ID authentication checks.
routine14d
NIST NVD 2.0 REST API
services.nvd.nist.gov/rest/json/cves/2.0
Current CVE API (supersedes legacy 1.1 zip). Used by Sentinel + agent_version_updater for live CVE correlation.
CRITICAL6h
NIST SP 800-53 Rev 5 (OSCAL)
github.com/usnistgov/oscal-content
Authoritative machine-readable federal security-control catalogue. Drives Comply + AUDIT control mapping.
CRITICALweekly
NIST SP 800-171 Rev 3
csrc.nist.gov/pubs/sp/800/171/r3/final
CUI protection controls — required for DoD / DIB contractors. Feeds CMMC-aligned evidence packs.
CRITICALweekly
NIST Cybersecurity Framework 2.0
nist.gov/cyberframework
CSF 2.0 version pin — cross-framework mapping reference.
routine14d
DISA STIG Downloads (DoD)
public.cyber.mil/stigs/downloads/
Security Technical Implementation Guides. Detects when DISA ships a new STIG so Forge can regenerate hardening playbooks.
CRITICAL3d
DISA SRG Index (DoD)
public.cyber.mil/stigs/srg-stig-tools/
Security Requirements Guides, cross-referenced with STIGs for DoD deployments.
routineweekly
DoD CMMC Model
dodcio.defense.gov/CMMC/
CMMC Level 1-3 maturity model overview; TITAN AUDIT ships CMMC-aligned evidence packs.
CRITICALweekly
CMMC Assessment Guides
dodcio.defense.gov/CMMC/Assessments/
Assessment guide revisions tracked so the auditor handoff stays aligned with current DoD CIO guidance.
routine14d
HIPAA Security Rule — eCFR
ecfr.gov · 45 CFR Part 164 Subpart C
Authoritative federal regulation text. Drives HIPAA evidence pack section references in AUDIT.
CRITICALweekly
HIPAA Privacy Rule — eCFR
ecfr.gov · 45 CFR Part 164 Subpart E
Privacy Rule regulation text; used for PHI handling evidence in healthcare customers.
CRITICALweekly
HIPAA Breach Rule — eCFR
ecfr.gov · 45 CFR Part 164 Subpart D
Breach-notification requirements; integrates with incident-response runbooks.
routineweekly
FFIEC IT Examination Handbook
ithandbook.ffiec.gov
Federal banking regulator handbook — authoritative for bank/credit-union cyber posture.
CRITICALweekly
AICPA SOC 2 Trust Services Criteria
aicpa-cima.com/topic/audit-assurance
SOC 2 TSC landing — AUDIT cross-walks findings to TSC control references.
routine14d
SEC Cybersecurity Disclosure Rules
sec.gov/rules-regulations/2023/07/
Form 8-K Item 1.05 cyber-incident disclosure rule. Comply flags public-company customers needing 4-day disclosure readiness.
routine14d
FBI IC3 Advisories
ic3.gov
Current-year fraud + ransomware alerts for banking + cross-vertical threat context.
routine3d
CISA Cybersecurity Advisories
cisa.gov/news-events/cybersecurity-advisories
NSA + CISA joint advisory feed. Anything here lights up Sentinel priority.
CRITICALdaily
NIST IoT Baseline (NISTIR 8259)
csrc.nist.gov/publications/detail/nistir/8259/final
IoT device cybersecurity baseline for connected-device customers.
routinemonthly
FedRAMP Marketplace
marketplace.fedramp.gov
Currently-authorised CSP listings. Keeps federal-sector references current.
routine3d
FedRAMP Rev 5 High Baseline
fedramp.gov/…FedRAMP_High_Security_Controls.xlsx
Rev-5 High control template for federal-High buyers.
routine14d
FISMA Risk Management (NIST)
csrc.nist.gov/projects/risk-management
Federal Information Security Modernization Act implementation hub.
routine14d
CDC Public-Health HIPAA Guidance
cdc.gov/phlp/php/resources/…hipaa…
CDC guidance on HIPAA for public-health programs — feeds the healthcare vertical agent.
routinemonthly
ENISA Threat Landscape (EU)
enisa.europa.eu/topics/cyber-threats
European cyber-threat authority. Cross-references US threat feeds for multinational customers.
routine14d