Master Evidence Summary — 8 Frameworks

EXECUTIVE SUMMARY

TITAN AI scanned the production environment against 8 compliance frameworks covering 162 discrete controls. Overall implementation posture: 55.6% controls fully implemented. Open findings: 49. Accepted risks (documented exceptions): 1. Every finding is click-through with commanded remediation. Every evidence artifact is backed by live cloud data. This report is SHA-256 signed and retained 7 years per HIPAA §164.316(b)(2).

POSTURE BY FRAMEWORK

Framework	Controls	Implementation	Implemented	Partial	Active Findings	Accepted Risks
CMMC 2.0 Level 2	15	73%	11	4	4	0
FedRAMP Moderate	20	50%	10	5	5	0
FISMA	20	55%	11	4	4	0
HIPAA Security Rule	13	62%	8	5	8	1
HITRUST CSF v11	29	45%	13	5	5	0
NIST SP 800-53 Rev 5	20	55%	11	4	4	0
PCI-DSS v4.0	26	62%	16	10	10	0
SOC 2 (TSP 100)	19	53%	10	9	9	0

TOP CONTROLS WITH OPEN FINDINGS

Ranked by number of active findings. Click any control to drill in.

Framework	Control	Name	Active Findings	Accepted Risks
HIPAA Security Rule	`§164.312(a)(1)`	Access Control	2	1
CMMC 2.0 Level 2	`AC-17`	Remote Access	1	0
CMMC 2.0 Level 2	`CM-8`	System Component Inventory	1	0
CMMC 2.0 Level 2	`SC-12`	Cryptographic Key Establishment and Management	1	0
CMMC 2.0 Level 2	`SC-7`	Boundary Protection	1	0
FedRAMP Moderate	`AU-12`	Audit Record Generation	1	0
FedRAMP Moderate	`AU-2`	Event Logging	1	0
FedRAMP Moderate	`AU-3`	Content of Audit Records	1	0
FedRAMP Moderate	`IA-2`	Identification and Authentication (Users)	1	0
FedRAMP Moderate	`SC-8`	Transmission Confidentiality and Integrity	1	0
FISMA	`AC-17`	Remote Access	1	0
FISMA	`AC-2`	Account Management	1	0
FISMA	`IA-2`	Identification and Authentication (Users)	1	0
FISMA	`SC-12`	Cryptographic Key Establishment and Management	1	0
HIPAA Security Rule	`§164.308(a)(1)`	Security Management Process	1	0
HIPAA Security Rule	`§164.308(a)(4)`	Information Access Management	1	0
HIPAA Security Rule	`§164.308(a)(5)`	Security Awareness and Training	1	0
HIPAA Security Rule	`§164.310(c)`	Workstation Security	1	0
HIPAA Security Rule	`§164.312(a)(2)(iv)`	Encryption and Decryption	1	0
HIPAA Security Rule	`§164.312(d)`	Person or Entity Authentication	1	0
HITRUST CSF v11	`01.a`	Access Control Policy	1	0
HITRUST CSF v11	`02.a`	Roles and Responsibilities	1	0
HITRUST CSF v11	`06.d`	Data Protection and Privacy of Covered Information	1	0
HITRUST CSF v11	`08.k`	Security of Equipment Off-Premises	1	0
HITRUST CSF v11	`09.aa`	Audit Logging	1	0
NIST SP 800-53 Rev 5	`AC-3`	Access Enforcement	1	0
NIST SP 800-53 Rev 5	`AU-6`	Audit Review, Analysis, and Reporting	1	0
NIST SP 800-53 Rev 5	`IA-2`	Identification and Authentication (Users)	1	0
NIST SP 800-53 Rev 5	`SC-12`	Cryptographic Key Establishment and Management	1	0
PCI-DSS v4.0	`1.3`	Network Access	1	0

ASSESSMENT METADATA

ASSESSMENT DATE

2026-04-19T03:36:25Z

ASSESSOR

TITAN AI v2.0.1

CONTROLS SCANNED

162

FRAMEWORKS

8

ACTIVE FINDINGS

49

ACCEPTED RISKS

1

OVERALL IMPLEMENTED

55.6%

RETENTION

7 years

Report hash (SHA-256): def47ecb5f171bb081fb3fc2b92b27afd1439834ae2b40d4c40d5530342f0b1b

EVIDENCE NAVIGATION

Browse all 162 per-control evidence documents by framework.

Framework	Controls	Evidence
CMMC 2.0 Level 2	15	open first · full list in Gallery
FedRAMP Moderate	20	open first · full list in Gallery
FISMA	20	open first · full list in Gallery
HIPAA Security Rule	13	open first · full list in Gallery
HITRUST CSF v11	29	open first · full list in Gallery
NIST SP 800-53 Rev 5	20	open first · full list in Gallery
PCI-DSS v4.0	26	open first · full list in Gallery
SOC 2 (TSP 100)	19	open first · full list in Gallery

Master Evidence Summary — 8 Frameworks, 162 Controls

EXECUTIVE SUMMARY

POSTURE BY FRAMEWORK

TOP CONTROLS WITH OPEN FINDINGS

ASSESSMENT METADATA

EVIDENCE NAVIGATION