🔍 Compliance Truth Tables

CloudForge Core - Multi-Audience Test Coverage Report
Generated: 2025-12-31 03:09:18
10
Compliance Frameworks
135
Parameterized Tests
1565
Total Test Cases

📊 Executive Summary

For Company Stakeholders & Leadership

1565
Compliance Scenarios Tested
10
Regulatory Frameworks Covered
135
Automated Test Suites

Compliance Validation Overview

CloudForge Core implements systematic automated testing to validate compliance with HIPAA, PCI-DSS, GDPR, and SOC2 requirements. Our testing infrastructure validates 1565 distinct configuration scenarios across all regulatory frameworks, ensuring that:

  • Compliant configurations pass validation - Systems configured according to regulatory requirements deploy successfully
  • Non-compliant configurations are detected - Systems with security gaps are identified before deployment
  • All regulatory controls are tested - Every compliance requirement has corresponding automated validation

Advanced Monitoring

Test Coverage: 67 scenarios
Compliant Paths: 30
Non-Compliant Paths: 37
44.8% scenarios validated

Database Security

Test Coverage: 84 scenarios
Compliant Paths: 32
Non-Compliant Paths: 52
38.1% scenarios validated

GDPR

Test Coverage: 235 scenarios
Compliant Paths: 78
Non-Compliant Paths: 157
33.2% scenarios validated

HIPAA

Test Coverage: 266 scenarios
Compliant Paths: 88
Non-Compliant Paths: 178
33.1% scenarios validated

Incident Response

Test Coverage: 99 scenarios
Compliant Paths: 37
Non-Compliant Paths: 62
37.4% scenarios validated

ISO 27001

Test Coverage: 3 scenarios
Compliant Paths: 2
Non-Compliant Paths: 1
66.7% scenarios validated

Key Management

Test Coverage: 67 scenarios
Compliant Paths: 23
Non-Compliant Paths: 44
34.3% scenarios validated

PCI-DSS

Test Coverage: 329 scenarios
Compliant Paths: 121
Non-Compliant Paths: 208
36.8% scenarios validated

SOC2

Test Coverage: 347 scenarios
Compliant Paths: 84
Non-Compliant Paths: 263
24.2% scenarios validated

Threat Protection

Test Coverage: 68 scenarios
Compliant Paths: 28
Non-Compliant Paths: 40
41.2% scenarios validated

Audit Readiness

This truth table report provides auditors with:

  • Complete test coverage matrix for all regulatory requirements
  • Documented validation logic for compliant vs non-compliant configurations
  • Automated evidence generation for compliance controls
  • Traceable mapping from requirements to test cases

📖 End-User Guide

For CloudForge Core Users

Understanding Compliance Validation

When you deploy infrastructure using CloudForge Core, automated compliance checks validate your configuration against regulatory requirements. This truth table shows all scenarios our system tests.

What This Means For You

Green Rows (✅ Compliant): These configurations meet regulatory requirements and will deploy successfully in ENFORCE mode.

Yellow Rows (⚠️ Non-Compliant): These configurations have compliance gaps and will either generate warnings (ADVISORY mode) or block deployment (ENFORCE mode).

Compliance Modes

Mode Behavior Use Case
ADVISORY Logs warnings for compliance issues but allows deployment Development environments, initial assessment
ENFORCE Blocks deployment if compliance issues detected Staging and production environments requiring certification

Security Profiles

Profile Compliance Checks Typical Usage
DEV Minimal - most compliance checks skipped Developer workstations, quick testing
STAGING Moderate - core security controls enforced Pre-production testing, integration environments
PRODUCTION Full - all regulatory requirements validated Customer-facing systems, regulated workloads

Common Configuration Flags

  • Encryption: ebsEncryptionEnabled, efsEncryptionAtRestEnabled, s3EncryptionEnabled
  • Logging: cloudTrailEnabled, flowLogsEnabled, albAccessLoggingEnabled
  • Monitoring: guardDutyEnabled, securityMonitoringEnabled, awsConfigEnabled
  • Network: networkMode (private-with-nat for compliance, public-no-nat for dev)
  • Authentication: authMode (alb-oidc, application-oidc, or none)

🔧 Developer - Technical Truth Tables

Complete test case matrices showing all parameter combinations and expected outcomes.

Advanced Monitoring

✅ Compliant: 30 ⚠️ Non-Compliant: 37 Total: 67

testAMExpandedSecurityHub

Test Cases: 14 Parameters: 7
profilesecurityMonitoringsecurityHubEnabledpciDsscisawsFoundationalautoRemediationExpected
PRODUCTIONtruefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruetruefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsetruefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsefalsetruefalse⚠️ FAIL
PRODUCTIONfalsetruetruetruefalsefalse✅ PASS
PRODUCTIONfalsetruetruefalsefalsetrue✅ PASS
PRODUCTIONtruetruetruetruetruetrue✅ PASS
PRODUCTIONfalsetruefalsefalsefalsetrue⚠️ FAIL
STAGINGfalsefalsefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruefalsefalsefalse✅ PASS

testAMExpandedInspector

Test Cases: 14 Parameters: 6
profilesecurityMonitoringinspectorEnabledec2ScanningecrScanningcontinuousScanningExpected
PRODUCTIONtruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruetruefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsetruefalse⚠️ FAIL
PRODUCTIONfalsetruetruetruefalse✅ PASS
PRODUCTIONfalsetruetruetruetrue✅ PASS
PRODUCTIONtruetruetruetruetrue✅ PASS
PRODUCTIONfalsetruefalsefalsetrue⚠️ FAIL
PRODUCTIONtruetruefalsefalsefalse⚠️ FAIL
STAGINGfalsefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetrue✅ PASS

testAMExpandedMacie

Test Cases: 15 Parameters: 4
profilecomplianceFrameworkmacieEnabledautomatedDiscoveryExpected
PRODUCTIONGDPRfalsefalse⚠️ FAIL
PRODUCTIONGDPRtruefalse✅ PASS
PRODUCTIONGDPRtruetrue✅ PASS
PRODUCTIONHIPAAfalsefalse⚠️ FAIL
PRODUCTIONHIPAAtruefalse✅ PASS
PRODUCTIONHIPAAtruetrue✅ PASS
PRODUCTIONGDPR+HIPAAtruetrue✅ PASS
PRODUCTIONNONEfalsefalse⚠️ FAIL
PRODUCTIONPCI-DSSfalsefalse⚠️ FAIL
PRODUCTIONSOC2falsefalse⚠️ FAIL
PRODUCTIONNONEtruetrue✅ PASS
STAGINGGDPRfalsefalse⚠️ FAIL
STAGINGGDPRtruetrue✅ PASS
DEVHIPAAfalsefalse⚠️ FAIL
DEVGDPRtruetrue✅ PASS

testAMExpandedCentralizedMonitoring

Test Cases: 12 Parameters: 4
profilesecurityMonitoringcomplianceDashboardsecurityAlertingExpected
PRODUCTIONtruefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalse⚠️ FAIL
PRODUCTIONfalsefalsetrue⚠️ FAIL
PRODUCTIONfalsetruetrue✅ PASS
PRODUCTIONtruetruetrue✅ PASS
PRODUCTIONtruefalsetrue✅ PASS
PRODUCTIONtruetruefalse✅ PASS
STAGINGfalsefalsefalse⚠️ FAIL
STAGINGtruetruetrue✅ PASS
DEVfalsefalsefalse⚠️ FAIL
DEVtruetruetrue✅ PASS

testAMExpandedComprehensiveScenarios

Test Cases: 12 Parameters: 15
profilesecurityMonitoringcomplianceFrameworksecurityHubEnabledpciDssawsFoundationalautoRemediationinspectorEnabledec2ScanningecrScanningcontinuousScanningmacieEnabledautomatedDiscoverycomplianceDashboardsecurityAlertingExpected
PRODUCTIONtrueGDPRtruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONfalseGDPRfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalseGDPRtruetruefalsefalsefalsefalsefalsefalsefalsetruetruefalse⚠️ FAIL
PRODUCTIONfalseGDPRfalsefalsefalsefalsetruetruetruetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalseGDPRfalsefalsefalsefalsefalsefalsefalsefalsetruetruefalsefalse⚠️ FAIL
PRODUCTIONfalsePCI-DSStruetruetruetruetruetruetruetruefalsefalsetruetrue✅ PASS
STAGINGtrueGDPRtruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
STAGINGfalseNONEfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtrueHIPAAtruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
DEVfalseNONEfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtrueNONEfalsefalsefalsefalsetruetruetruetruefalsefalsetruetrue✅ PASS
PRODUCTIONfalseSOC2truetruetruetruetruetruetruetruefalsefalsefalsefalse✅ PASS

Database Security

✅ Compliant: 32 ⚠️ Non-Compliant: 52 Total: 84

testDBExpandedRDSSecurity

Test Cases: 16 Parameters: 7
profilerdsEnabledencryptionbackupmultiAzretentionDaysautoUpgradeExpected
PRODUCTIONfalsefalsefalsefalse7false⚠️ FAIL
STAGINGfalsefalsefalsefalse7false⚠️ FAIL
DEVfalsefalsefalsefalse7false⚠️ FAIL
PRODUCTIONtruefalsefalsefalse7false⚠️ FAIL
PRODUCTIONtruetruefalsefalse7false⚠️ FAIL
PRODUCTIONtruefalsetruefalse7false⚠️ FAIL
PRODUCTIONtruetruetruefalse7false✅ PASS
PRODUCTIONtruetruetruetrue7false✅ PASS
PRODUCTIONtruetruetruetrue7true✅ PASS
PRODUCTIONtruetruetruetrue30true✅ PASS
PRODUCTIONtruetruetruetrue3true✅ PASS
STAGINGtruefalsefalsefalse7false⚠️ FAIL
STAGINGtruetruetruefalse7false✅ PASS
STAGINGtruetruetruefalse7true✅ PASS
DEVtruefalsefalsefalse7false⚠️ FAIL
DEVtruetruetruetrue7true✅ PASS

testDBExpandedDynamoDBSecurity

Test Cases: 12 Parameters: 4
profiledynamoDbEnabledencryptionpitrExpected
PRODUCTIONfalsefalsefalse⚠️ FAIL
STAGINGfalsefalsefalse⚠️ FAIL
DEVfalsefalsefalse⚠️ FAIL
PRODUCTIONtruefalsefalse⚠️ FAIL
PRODUCTIONtruetruefalse✅ PASS
PRODUCTIONtruefalsetrue✅ PASS
PRODUCTIONtruetruetrue✅ PASS
STAGINGtruefalsefalse⚠️ FAIL
STAGINGtruetruefalse✅ PASS
STAGINGtruetruetrue✅ PASS
DEVtruefalsefalse⚠️ FAIL
DEVtruetruetrue✅ PASS

testDBExpandedDatabaseMonitoring

Test Cases: 13 Parameters: 6
profilerdsEnabledactivityStreamsperformanceInsightspiEncryptedenhancedMonitoringExpected
PRODUCTIONfalsefalsefalsefalsefalse⚠️ FAIL
STAGINGfalsefalsefalsefalsefalse⚠️ FAIL
DEVfalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruefalsefalsefalse⚠️ FAIL
PRODUCTIONtruefalsetruefalsefalse⚠️ FAIL
PRODUCTIONtruefalsetruetruefalse✅ PASS
PRODUCTIONtruefalsefalsefalsetrue⚠️ FAIL
PRODUCTIONtruetruetruetruetrue✅ PASS
STAGINGtruefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruetrue✅ PASS
DEVtruefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetrue✅ PASS

testDBExpandedComprehensiveScenarios

Test Cases: 12 Parameters: 14
profilerdsEnabledrdsEncryptionrdsBackupmultiAzautoUpgraderetentionDaysdynamoDbEnableddynamoDbEncryptionpitractivityStreamsperformanceInsightspiEncryptedenhancedMonitoringExpected
PRODUCTIONtruetruetruetruetrue30truetruetruetruetruetruetrue✅ PASS
PRODUCTIONtruetruefalsefalsefalse7falsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruetruetrue14truefalsefalsetruetruetruetrue✅ PASS
PRODUCTIONfalsefalsefalsefalsefalse7falsetruetruetruefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruetruetrue7truetruetruetruefalsefalsefalse✅ PASS
STAGINGtruetruetruetruefalse7truetruetruetruetruetruetrue✅ PASS
STAGINGtruetruefalsefalsefalse7falsefalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetrue30truetruetruetruetruetruetrue✅ PASS
DEVtruetruefalsefalsefalse1falsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruefalsetrue7truetruetruefalsefalsefalsefalse✅ PASS
PRODUCTIONtruetruefalsetruetrue7truetruetruefalsefalsefalsefalse✅ PASS
PRODUCTIONtruetruetruetruetrue7truetruetruetruefalsefalsefalse✅ PASS

testRdsBackupRetentionEdgeCases

Test Cases: 11 Parameters: 6
profileruntimebackupRetentionDaysrdsEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATE7trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE6trueENFORCEtrue✅ PASS
PRODUCTIONFARGATE35trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE1trueENFORCEtrue✅ PASS
PRODUCTIONFARGATE0trueENFORCEtrue✅ PASS
PRODUCTIONEC27trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC23trueENFORCEtrue✅ PASS
STAGINGFARGATE3trueENFORCEfalse⚠️ FAIL
STAGINGFARGATE0trueENFORCEfalse⚠️ FAIL
DEVFARGATE0falseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE1trueADVISORYtrue✅ PASS

testPerformanceInsightsEncryptionEdgeCases

Test Cases: 10 Parameters: 7
profileruntimerdsEnabledperformanceInsightspiEncryptedcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONEC2truetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2truetruefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetruefalseENFORCEtrue⚠️ FAIL
DEVFARGATEfalsefalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseADVISORYtrue✅ PASS

testRdsHighAvailabilityEdgeCases

Test Cases: 10 Parameters: 6
profileruntimemultiAzdeleteProtectioncomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalseENFORCEfalse⚠️ FAIL
DEVFARGATEfalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalseADVISORYfalse⚠️ FAIL

GDPR

✅ Compliant: 78 ⚠️ Non-Compliant: 157 Total: 235

testGdprSecurityProfileBranches Art. 25

Test Cases: 6 Parameters: 3
profileruntimecomplianceModeExpected
DEVFARGATEADVISORY✅ PASS
DEVFARGATEENFORCE✅ PASS
STAGINGFARGATEADVISORY✅ PASS
STAGINGFARGATEENFORCE✅ PASS
PRODUCTIONFARGATEADVISORY✅ PASS
PRODUCTIONFARGATEENFORCE✅ PASS

testGdprDataProtectionByDesignEncryption Art. 25

Test Cases: 12 Parameters: 6
profileruntimeebsEncryptionefsEncryptions3EncryptioncomplianceModeExpected
PRODUCTIONFARGATEtruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalsefalseENFORCE⚠️ FAIL

testGdprNetworkIsolation Art. 25

Test Cases: 6 Parameters: 4
profileruntimenetworkModecomplianceModeExpected
PRODUCTIONFARGATEpublic-no-natENFORCE✅ PASS
PRODUCTIONFARGATEprivate-with-natENFORCE✅ PASS
STAGINGFARGATEpublic-no-natENFORCE✅ PASS
STAGINGFARGATEprivate-with-natENFORCE✅ PASS
PRODUCTIONFARGATEpublic-no-natADVISORY✅ PASS
PRODUCTIONFARGATEprivate-with-natADVISORY✅ PASS

testGdprProcessingRecordsLogging Art. 25

Test Cases: 12 Parameters: 6
profileruntimecloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONFARGATEtruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalsefalseENFORCE⚠️ FAIL

testGdprSecurityOfProcessingTransit Art. 25

Test Cases: 14 Parameters: 6
profileruntimehasCertefsTransitauthModecomplianceModeExpected
PRODUCTIONFARGATEtruetruealb-oidcENFORCE✅ PASS
PRODUCTIONFARGATEtruetruejenkins-oidcENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruejenkins-oidcENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsetruenoneENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsealb-oidcENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsejenkins-oidcENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruenoneENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruenoneENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsenoneENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsenoneENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruealb-oidcADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsenoneADVISORY⚠️ FAIL
STAGINGFARGATEtruetruealb-oidcENFORCE✅ PASS
STAGINGFARGATEfalsefalsenoneENFORCE⚠️ FAIL

testGdprSecurityMonitoringAndBackup Art. 25

Test Cases: 8 Parameters: 5
profileruntimesecurityMonitoringautomatedBackupcomplianceModeExpected
PRODUCTIONFARGATEtruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalseENFORCE⚠️ FAIL

testGdprAwsConfig Art. 25

Test Cases: 6 Parameters: 4
profileruntimeawsConfigcomplianceModeExpected
PRODUCTIONFARGATEtrueENFORCE✅ PASS
PRODUCTIONFARGATEfalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtrueADVISORY✅ PASS
PRODUCTIONFARGATEfalseADVISORY⚠️ FAIL
STAGINGFARGATEtrueENFORCE✅ PASS
STAGINGFARGATEfalseENFORCE⚠️ FAIL

testGdprBreachDetection Art. 25

Test Cases: 8 Parameters: 5
profileruntimeguardDutysecurityMonitoringcomplianceModeExpected
PRODUCTIONFARGATEtruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalseENFORCE⚠️ FAIL

testGdprWafProtection Art. 25

Test Cases: 6 Parameters: 4
profileruntimewafEnabledcomplianceModeExpected
PRODUCTIONFARGATEtrueENFORCE✅ PASS
PRODUCTIONFARGATEfalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtrueADVISORY✅ PASS
PRODUCTIONFARGATEfalseADVISORY⚠️ FAIL
STAGINGFARGATEtrueENFORCE✅ PASS
STAGINGFARGATEfalseENFORCE⚠️ FAIL

testGdprComprehensiveScenarios Art. 25

Test Cases: 8 Parameters: 12
profilecomplianceModeebsEncryptionefsEncryptions3EncryptionguardDutyauthModecloudTrailflowLogssecurityMonitoringwafnetworkModeExpected
PRODUCTIONENFORCEtruetruetruetruealb-oidctruetruetruetrueprivate-with-nat✅ PASS
PRODUCTIONENFORCEfalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat⚠️ FAIL
PRODUCTIONENFORCEtruetruetruefalsenonefalsefalsefalsefalsepublic-no-nat⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsetruealb-oidctruetruetruetrueprivate-with-nat⚠️ FAIL
PRODUCTIONADVISORYtruetruetruetruealb-oidctruetruetruetrueprivate-with-nat✅ PASS
PRODUCTIONADVISORYfalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat⚠️ FAIL
STAGINGENFORCEtruetruetruetruealb-oidctruetruetruetrueprivate-with-nat✅ PASS
STAGINGENFORCEfalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat⚠️ FAIL

testGdprExpandedDataProtectionEncryption Art. 25

Test Cases: 23 Parameters: 6
profileebsEncryptionefsEncryptions3EncryptionkmsRotationcomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetruetrueADVISORY✅ PASS
DEVtruetruetruetrueENFORCE✅ PASS
DEVfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL

testGdprExpandedAuditLoggingAndConfig Art. 25

Test Cases: 20 Parameters: 6
profilecloudTrailflowLogsalbLoggingawsConfigcomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL

testGdprExpandedSecurityMonitoringAndBreach Art. 25

Test Cases: 20 Parameters: 6
profilesecMonitoringguardDutysecurityHubwafcomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL

testGdprExpandedTransmissionSecurity Art. 25

Test Cases: 16 Parameters: 6
profilehasCertefsTransitnetworkModeauthModecomplianceModeExpected
PRODUCTIONtruetrueprivate-with-natalb-oidcENFORCE✅ PASS
PRODUCTIONtruetrueprivate-with-natjenkins-oidcENFORCE✅ PASS
PRODUCTIONtruetrueprivate-with-natnoneENFORCE✅ PASS
PRODUCTIONtruetruepublic-no-natalb-oidcENFORCE✅ PASS
PRODUCTIONtruefalseprivate-with-natalb-oidcENFORCE⚠️ FAIL
PRODUCTIONfalsetrueprivate-with-natjenkins-oidcENFORCE⚠️ FAIL
PRODUCTIONtruefalsepublic-no-natnoneENFORCE⚠️ FAIL
PRODUCTIONfalsefalseprivate-with-natnoneENFORCE⚠️ FAIL
PRODUCTIONfalsefalsepublic-no-natnoneENFORCE⚠️ FAIL
STAGINGtruetrueprivate-with-natalb-oidcENFORCE✅ PASS
STAGINGfalsefalsepublic-no-natnoneENFORCE⚠️ FAIL
STAGINGtruetrueprivate-with-natalb-oidcADVISORY✅ PASS
DEVtruetrueprivate-with-natalb-oidcENFORCE✅ PASS
DEVfalsefalsepublic-no-natnoneENFORCE⚠️ FAIL
PRODUCTIONtruetrueprivate-with-natalb-oidcADVISORY✅ PASS
PRODUCTIONfalsefalsepublic-no-natnoneADVISORY⚠️ FAIL

testGdprExpandedBackupAndAvailability Art. 25

Test Cases: 15 Parameters: 5
profileautomatedBackupcrossRegionBackuppointInTimeRecoverycomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testGdprExpandedComprehensiveMultiArticle Art. 25

Test Cases: 16 Parameters: 17
profilecomplianceModenetworkModeauthModeebsEncefsRestEncs3EncefsTransEnccloudTrailflowLogsalbLoggingawsConfigguardDutysecMonitoringwafautomatedBackupcrossRegionExpected
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruefalsefalsefalsefalsetrue⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidcfalsefalsefalsefalsetruetruetruetruetruetruetruetruetrue⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruefalsefalse⚠️ FAIL
PRODUCTIONENFORCEpublic-no-natnonetruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONENFORCEprivate-with-natnonetruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
STAGINGENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
STAGINGENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONADVISORYpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natnonetruetruetruetruefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natnonefalsefalsefalsefalsetruetruetruetruetruetruetruefalsefalse⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruefalsetruefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS

testGdprDataResidencyEnforcement Art. 25

Test Cases: 10 Parameters: 5
profileruntimeregioncomplianceModeshouldFailExpected
PRODUCTIONFARGATEeu-west-1ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEeu-central-1ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEus-east-1ENFORCEtrue✅ PASS
PRODUCTIONFARGATEap-southeast-1ENFORCEtrue✅ PASS
PRODUCTIONEC2eu-west-1ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2us-east-1ENFORCEtrue✅ PASS
STAGINGFARGATEeu-west-1ENFORCEfalse⚠️ FAIL
STAGINGFARGATEus-east-1ENFORCEtrue✅ PASS
DEVFARGATEus-east-1ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEus-east-1ADVISORYfalse⚠️ FAIL

testGdprEncryptionRequirements Art. 25

Test Cases: 10 Parameters: 8
profileruntimeebsEncryptionefsAtRestefsTransits3EncryptioncomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetruetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalsetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruefalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruetruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalsefalsefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalsefalsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalsefalseADVISORYfalse⚠️ FAIL

testGdprAuditTrailRetention Art. 25

Test Cases: 10 Parameters: 5
profileruntimeretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATE365ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE730ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ENFORCEtrue✅ PASS
PRODUCTIONFARGATE180ENFORCEtrue✅ PASS
PRODUCTIONEC2365ENFORCEfalse⚠️ FAIL
PRODUCTIONEC290ENFORCEtrue✅ PASS
STAGINGFARGATE365ENFORCEfalse⚠️ FAIL
STAGINGFARGATE90ENFORCEtrue✅ PASS
DEVFARGATE7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ADVISORYfalse⚠️ FAIL

testGdprMultiViolationScenarios Art. 25

Test Cases: 9 Parameters: 7
profileruntimeregionencryptionEnabledretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEus-east-1false90ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEeu-west-1false90ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEus-east-1true365ENFORCEtrue✅ PASS
PRODUCTIONFARGATEeu-west-1false365ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEeu-west-1true90ENFORCEtrue✅ PASS
PRODUCTIONFARGATEeu-west-1true365ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2eu-west-1true365ENFORCEfalse⚠️ FAIL
STAGINGFARGATEeu-west-1true365ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEus-east-1false90ADVISORYfalse⚠️ FAIL

HIPAA

✅ Compliant: 88 ⚠️ Non-Compliant: 178 Total: 266

testHipaaSecurityManagementCombinations §164.308(a)

Test Cases: 7 Parameters: 5
profileruntimesecurityMonitoringguardDutyshouldEnforceExpected
PRODUCTIONFARGATEtruetruetrue✅ PASS
PRODUCTIONFARGATEfalsetruetrue✅ PASS
PRODUCTIONFARGATEtruefalsetrue✅ PASS
PRODUCTIONFARGATEfalsefalsetrue⚠️ FAIL
STAGINGFARGATEtruetruetrue✅ PASS
STAGINGFARGATEfalsefalsetrue⚠️ FAIL
DEVFARGATEtruetruefalse✅ PASS

testHipaaPhysicalSafeguardsCombinations §164.308(a)

Test Cases: 9 Parameters: 5
profileruntimeautomatedBackupcrossRegioncomplianceModeExpected
PRODUCTIONFARGATEtruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetrueENFORCE✅ PASS
STAGINGFARGATEfalsetrueENFORCE⚠️ FAIL
STAGINGFARGATEtruefalseENFORCE⚠️ FAIL

testHipaaAccessControlAuthModeCombinations §164.308(a)

Test Cases: 6 Parameters: 4
profileruntimeauthModecomplianceModeExpected
PRODUCTIONFARGATEnoneENFORCE✅ PASS
PRODUCTIONFARGATEalb-oidcENFORCE✅ PASS
PRODUCTIONFARGATEjenkins-oidcENFORCE✅ PASS
PRODUCTIONFARGATEnoneADVISORY✅ PASS
STAGINGFARGATEnoneENFORCE✅ PASS
STAGINGFARGATEalb-oidcENFORCE✅ PASS

testHipaaAuditControlsCombinations §164.308(a)

Test Cases: 9 Parameters: 6
profileruntimecloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONFARGATEtruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalseADVISORY⚠️ FAIL
STAGINGFARGATEtruetruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalsefalseENFORCE⚠️ FAIL

testHipaaAuthenticationMfaCombinations §164.308(a)

Test Cases: 10 Parameters: 7
profileauthModecognitoMfacognitoAutohasSsocomplianceModeruntimeExpected
PRODUCTIONalb-oidctruetruefalseENFORCEFARGATE⚠️ FAIL
PRODUCTIONalb-oidcfalsetruefalseENFORCEFARGATE⚠️ FAIL
PRODUCTIONalb-oidctruefalsefalseENFORCEFARGATE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalsetrueENFORCEFARGATE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalsefalseENFORCEFARGATE⚠️ FAIL
PRODUCTIONjenkins-oidctruetruefalseENFORCEFARGATE⚠️ FAIL
PRODUCTIONjenkins-oidcfalsefalsetrueENFORCEFARGATE⚠️ FAIL
PRODUCTIONnonefalsefalsefalseENFORCEFARGATE⚠️ FAIL
STAGINGalb-oidctruetruefalseENFORCEFARGATE⚠️ FAIL
STAGINGalb-oidcfalsefalsefalseENFORCEFARGATE⚠️ FAIL

testHipaaTransmissionSecurityCombinations §164.308(a)

Test Cases: 9 Parameters: 6
profilehasCertefsTransitnetworkModecomplianceModeruntimeExpected
PRODUCTIONtruetrueprivate-with-natENFORCEFARGATE✅ PASS
PRODUCTIONfalsetrueprivate-with-natENFORCEFARGATE⚠️ FAIL
PRODUCTIONtruefalseprivate-with-natENFORCEFARGATE⚠️ FAIL
PRODUCTIONtruetruepublic-no-natENFORCEFARGATE✅ PASS
PRODUCTIONfalsefalsepublic-no-natENFORCEFARGATE⚠️ FAIL
PRODUCTIONtruetrueprivate-with-natADVISORYFARGATE✅ PASS
PRODUCTIONfalsefalsepublic-no-natADVISORYFARGATE⚠️ FAIL
STAGINGtruetrueprivate-with-natENFORCEFARGATE✅ PASS
STAGINGfalsefalsepublic-no-natENFORCEFARGATE⚠️ FAIL

testHipaaRetentionRequirementsCombinations §164.308(a)

Test Cases: 12 Parameters: 5
profileretentionDayscomplianceModeshouldPassruntimeExpected
PRODUCTION2555ENFORCEtrueFARGATE✅ PASS
PRODUCTION2190ENFORCEtrueFARGATE✅ PASS
PRODUCTION1825ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION1095ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION730ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION365ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION180ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION90ENFORCEfalseFARGATE⚠️ FAIL
PRODUCTION365ADVISORYfalseFARGATE⚠️ FAIL
STAGING2190ENFORCEtrueFARGATE✅ PASS
STAGING730ENFORCEfalseFARGATE⚠️ FAIL
STAGING365ENFORCEfalseFARGATE⚠️ FAIL

testHipaaSecurityProfileBranches §164.308(a)

Test Cases: 5 Parameters: 4
profilecomplianceModeshouldValidateruntimeExpected
DEVADVISORYfalseFARGATE⚠️ FAIL
STAGINGADVISORYtrueFARGATE✅ PASS
STAGINGENFORCEtrueFARGATE✅ PASS
PRODUCTIONADVISORYtrueFARGATE✅ PASS
PRODUCTIONENFORCEtrueFARGATE✅ PASS

testHipaaComprehensiveCombinations §164.308(a)

Test Cases: 8 Parameters: 13
profilecomplianceModeauthModecognitoMfasecMonitoringguardDutycloudTrailflowLogscrossRegionefsTransitnetworkModeretentionruntimeExpected
PRODUCTIONENFORCEalb-oidctruetruetruetruetruetruetrueprivate-with-nat2555FARGATE✅ PASS
STAGINGENFORCEalb-oidctruetruetruetruetruefalsetrueprivate-with-nat2190FARGATE⚠️ FAIL
PRODUCTIONADVISORYnonefalsefalsefalsefalsefalsefalsefalsepublic-no-nat90FARGATE⚠️ FAIL
STAGINGADVISORYnonefalsefalsefalsefalsefalsefalsefalsepublic-no-nat90FARGATE⚠️ FAIL
PRODUCTIONENFORCEalb-oidctruetruefalsetruefalsefalsetrueprivate-with-nat365FARGATE⚠️ FAIL
STAGINGENFORCEjenkins-oidctruefalsetruefalsetruefalsefalseprivate-with-nat180FARGATE⚠️ FAIL
PRODUCTIONENFORCEalb-oidcfalsetruetruetruetruetruetrueprivate-with-nat2190FARGATE⚠️ FAIL
PRODUCTIONENFORCEjenkins-oidcfalsefalsetruetruetruetruetrueprivate-with-nat2190FARGATE⚠️ FAIL

testHipaaExpandedSecurityManagement §164.308(a)

Test Cases: 14 Parameters: 5
profileguardDutysecurityMonitoringawsConfigcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalseADVISORY✅ PASS
PRODUCTIONtruefalsefalseADVISORY⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
STAGINGfalsetruetrueENFORCE⚠️ FAIL
STAGINGfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseADVISORY⚠️ FAIL
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL
DEVtruetruefalseENFORCE⚠️ FAIL
DEVfalsefalsefalseADVISORY⚠️ FAIL

testHipaaExpandedEncryptionAtRest §164.308(a)

Test Cases: 22 Parameters: 5
profileebsEncryptionefsEncryptions3EncryptioncomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
STAGINGtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
STAGINGtruetruefalseENFORCE⚠️ FAIL
STAGINGtruefalsetrueENFORCE⚠️ FAIL
STAGINGfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
STAGINGtruefalsefalseENFORCE⚠️ FAIL
STAGINGfalsetruefalseENFORCE⚠️ FAIL
STAGINGfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
STAGINGfalsefalsefalseADVISORY⚠️ FAIL
DEVfalsefalsefalseENFORCE⚠️ FAIL
DEVtruetruetrueADVISORY✅ PASS

testHipaaExpandedAuditLogging §164.308(a)

Test Cases: 22 Parameters: 5
profilecloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
STAGINGtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
STAGINGtruetruefalseENFORCE⚠️ FAIL
STAGINGtruefalsetrueENFORCE⚠️ FAIL
STAGINGfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
STAGINGtruefalsefalseENFORCE⚠️ FAIL
STAGINGfalsetruefalseENFORCE⚠️ FAIL
STAGINGfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
STAGINGfalsefalsefalseADVISORY⚠️ FAIL
DEVfalsefalsefalseENFORCE⚠️ FAIL
DEVtruetruetrueADVISORY✅ PASS

testHipaaExpandedAuthentication §164.308(a)

Test Cases: 23 Parameters: 5
profileauthModecognitoMfaidentityCenterSsocomplianceModeExpected
PRODUCTIONalb-oidctruetrueENFORCE✅ PASS
PRODUCTIONalb-oidctruefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalseENFORCE⚠️ FAIL
STAGINGalb-oidctruetrueENFORCE✅ PASS
STAGINGalb-oidcfalsefalseENFORCE⚠️ FAIL
PRODUCTIONjenkins-oidctruetrueENFORCE✅ PASS
PRODUCTIONjenkins-oidctruefalseENFORCE⚠️ FAIL
PRODUCTIONjenkins-oidcfalsetrueENFORCE⚠️ FAIL
PRODUCTIONjenkins-oidcfalsefalseENFORCE⚠️ FAIL
STAGINGjenkins-oidctruetrueENFORCE✅ PASS
STAGINGjenkins-oidcfalsefalseENFORCE⚠️ FAIL
PRODUCTIONnonetruetrueENFORCE✅ PASS
PRODUCTIONnonetruefalseENFORCE⚠️ FAIL
PRODUCTIONnonefalsetrueENFORCE⚠️ FAIL
PRODUCTIONnonefalsefalseENFORCE⚠️ FAIL
STAGINGnonetruetrueENFORCE✅ PASS
STAGINGnonefalsefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetrueADVISORY✅ PASS
PRODUCTIONjenkins-oidcfalsefalseADVISORY⚠️ FAIL
PRODUCTIONnonefalsefalseADVISORY⚠️ FAIL
DEVnonefalsefalseENFORCE⚠️ FAIL
DEValb-oidctruetrueADVISORY✅ PASS

testHipaaExpandedTransmissionSecurity §164.308(a)

Test Cases: 17 Parameters: 5
profilehasCertefsTransitnetworkModecomplianceModeExpected
PRODUCTIONtruetrueprivate-with-natENFORCE✅ PASS
STAGINGtruetrueprivate-with-natENFORCE✅ PASS
PRODUCTIONfalsetrueprivate-with-natENFORCE⚠️ FAIL
STAGINGfalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruefalseprivate-with-natENFORCE⚠️ FAIL
STAGINGtruefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruepublic-no-natENFORCE✅ PASS
STAGINGtruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONfalsefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsetruepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalsepublic-no-natENFORCE⚠️ FAIL
STAGINGfalsefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruetrueprivate-with-natADVISORY✅ PASS
PRODUCTIONfalsefalsepublic-no-natADVISORY⚠️ FAIL
DEVfalsefalsepublic-no-natENFORCE⚠️ FAIL
DEVtruetrueprivate-with-natADVISORY✅ PASS

testHipaaExpandedRetentionPeriods §164.308(a)

Test Cases: 17 Parameters: 3
profileretentionDayscomplianceModeExpected
PRODUCTION90ENFORCE✅ PASS
PRODUCTION180ENFORCE✅ PASS
PRODUCTION365ENFORCE✅ PASS
PRODUCTION730ENFORCE✅ PASS
PRODUCTION1095ENFORCE✅ PASS
PRODUCTION2190ENFORCE✅ PASS
PRODUCTION2555ENFORCE✅ PASS
STAGING90ENFORCE✅ PASS
STAGING365ENFORCE✅ PASS
STAGING2190ENFORCE✅ PASS
STAGING2555ENFORCE✅ PASS
PRODUCTION90ADVISORY✅ PASS
PRODUCTION2190ADVISORY✅ PASS
STAGING90ADVISORY✅ PASS
STAGING2190ADVISORY✅ PASS
DEV90ENFORCE✅ PASS
DEV2190ADVISORY✅ PASS

testHipaaExpandedPhysicalSafeguards §164.308(a)

Test Cases: 17 Parameters: 5
profileautomatedBackupcrossRegionpointInTimecomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
STAGINGtruetruetrueENFORCE✅ PASS
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
STAGINGtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
STAGINGfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
STAGINGfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL
DEVfalsefalsefalseENFORCE⚠️ FAIL
DEVtruetruetrueADVISORY✅ PASS

testHipaaExpandedComprehensiveMultiRequirement §164.308(a)

Test Cases: 16 Parameters: 15
profilecomplianceModeebsEncefsEncs3EnccloudTrailflowLogsalbLoggingauthModeautomatedBackupcrossRegionguardDutysecMonitoringnetworkModeretentionDaysExpected
PRODUCTIONENFORCEtruetruetruetruetruetruealb-oidctruetruetruetrueprivate-with-nat2190✅ PASS
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEtruetruetruefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsetruetruetruenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsealb-oidctruetruefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsenonefalsefalsetruetruepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsenonefalsefalsefalsefalseprivate-with-nat90⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsenonetruetruefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEtruetruetruetruetruetruenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONADVISORYtruetruetruetruetruetruealb-oidctruetruetruetrueprivate-with-nat2190✅ PASS
PRODUCTIONADVISORYfalsefalsefalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
STAGINGENFORCEtruetruetruetruetruetruealb-oidctruetruetruetrueprivate-with-nat2190✅ PASS
STAGINGENFORCEfalsefalsefalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL
PRODUCTIONENFORCEtruefalsetruetruefalsetruejenkins-oidctruefalsetruefalseprivate-with-nat365⚠️ FAIL
PRODUCTIONENFORCEfalsetruefalsefalsetruefalsealb-oidcfalsetruefalsetrueprivate-with-nat1095⚠️ FAIL
DEVENFORCEfalsefalsefalsefalsefalsefalsenonefalsefalsefalsefalsepublic-no-nat90⚠️ FAIL

testHipaaFlowLogsEnforcement §164.308(a)

Test Cases: 9 Parameters: 5
profileruntimeflowLogsEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalseENFORCEfalse⚠️ FAIL
STAGINGEC2falseENFORCEfalse⚠️ FAIL
DEVFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseADVISORYfalse⚠️ FAIL

testHipaaEncryptionCombinations §164.308(a)

Test Cases: 10 Parameters: 8
profileruntimeebsEncryptionefsAtRestefsTransits3EncryptioncomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetruetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalsetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruefalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruetruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalsefalsefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalsefalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalsefalseADVISORYfalse⚠️ FAIL

testHipaaAuditLogRetention §164.308(a)

Test Cases: 14 Parameters: 5
profileruntimeretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATE2190ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE2555ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE365ENFORCEtrue✅ PASS
PRODUCTIONFARGATE90ENFORCEtrue✅ PASS
PRODUCTIONFARGATE180ENFORCEtrue✅ PASS
PRODUCTIONEC22190ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2365ENFORCEtrue✅ PASS
STAGINGFARGATE2190ENFORCEfalse⚠️ FAIL
STAGINGFARGATE90ENFORCEtrue✅ PASS
STAGINGEC22190ENFORCEfalse⚠️ FAIL
STAGINGEC230ENFORCEtrue✅ PASS
DEVFARGATE2190ENFORCEfalse⚠️ FAIL
DEVFARGATE7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ADVISORYfalse⚠️ FAIL

testHipaaMultiViolationScenarios §164.308(a)

Test Cases: 10 Parameters: 7
profileruntimeflowLogsEnabledencryptionEnabledretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEfalsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsetrue2190ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalse2190ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetrue90ENFORCEtrue✅ PASS
PRODUCTIONEC2falsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrue2190ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalse2190ENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetrue2190ENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetrue90ENFORCEtrue✅ PASS
PRODUCTIONFARGATEfalsefalse90ADVISORYfalse⚠️ FAIL

Incident Response

✅ Compliant: 37 ⚠️ Non-Compliant: 62 Total: 99

testIRExpandedIncidentResponsePlan

Test Cases: 15 Parameters: 7
profilesecurityMonitoringincidentPlanDocteamDefinedtestedgdprbreachNotification72Expected
PRODUCTIONtruefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruetruefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruetruetruefalsefalse✅ PASS
PRODUCTIONtruetruetruetruefalsefalse✅ PASS
PRODUCTIONfalsefalsefalsefalsetruefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONfalsetruetruetruetruetrue✅ PASS
PRODUCTIONtruefalsefalsefalsetruetrue✅ PASS
STAGINGfalsefalsefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruefalsefalse✅ PASS
STAGINGfalsefalsefalsefalsetruefalse⚠️ FAIL
DEVfalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetruetrue✅ PASS

testIRExpandedDisasterRecovery

Test Cases: 14 Parameters: 7
profilebackupEnabledcrossRegiondrPlanrtoRpoDefineddrTestedbusinessContinuityExpected
PRODUCTIONtruetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruefalsefalsefalse✅ PASS
PRODUCTIONtruetruetruetruefalsefalse✅ PASS
PRODUCTIONtruetruetruetruetruefalse✅ PASS
PRODUCTIONtruetruetruetruetruetrue✅ PASS
PRODUCTIONtruetruefalsefalsefalsetrue✅ PASS
PRODUCTIONfalsefalsetruetruetruetrue✅ PASS
PRODUCTIONtruefalsetruetruetruetrue✅ PASS
STAGINGfalsefalsefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetruetrue✅ PASS

testIRExpandedBackupRestore

Test Cases: 11 Parameters: 4
profilebackupEnabledcrossRegionrestoreTestedExpected
PRODUCTIONtruetruefalse✅ PASS
PRODUCTIONtruetruetrue✅ PASS
PRODUCTIONtruefalsefalse⚠️ FAIL
PRODUCTIONtruefalsetrue✅ PASS
PRODUCTIONfalsefalsefalse⚠️ FAIL
PRODUCTIONfalsetruefalse⚠️ FAIL
STAGINGtruetruefalse✅ PASS
STAGINGtruetruetrue✅ PASS
STAGINGfalsefalsefalse⚠️ FAIL
DEVtruetruetrue✅ PASS
DEVfalsefalsefalse⚠️ FAIL

testIRExpandedForensicLogging

Test Cases: 14 Parameters: 7
profilecloudTraillogValidationsecurityMonitoringguardDutycentralizedLogsautomatedReviewExpected
PRODUCTIONtruetruetruefalsefalsefalse✅ PASS
PRODUCTIONtruefalsetruefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruetruefalsefalse✅ PASS
PRODUCTIONtruetruetruetruetruefalse✅ PASS
PRODUCTIONtruetruetruetruetruetrue✅ PASS
PRODUCTIONfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsetruetruetruetrue✅ PASS
PRODUCTIONtruetruetruefalsefalsetrue✅ PASS
PRODUCTIONtruetruefalsetruetruetrue✅ PASS
STAGINGfalsefalsefalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetruetrue✅ PASS

testIRExpandedComprehensiveScenarios

Test Cases: 12 Parameters: 17
profilesecurityMonitoringincidentPlanDocteamDefinedirTestedbusinessContinuitycomplianceFrameworkbreachNotification72backupEnabledcrossRegiondrPlanrtoRpoDefineddrTestedbackupRestoreTestedcloudTrailcentralizedLogsautomatedReviewExpected
PRODUCTIONtruetruetruetruetrueGDPRtruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONfalsefalsefalsefalsefalseGDPRfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalseNONEfalsetruetruetruetruetruetruefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruetruetrueNONEfalsefalsefalsefalsefalsefalsefalsetruetruetrue✅ PASS
PRODUCTIONfalsefalsefalsefalsefalseNONEfalsefalsefalsefalsefalsefalsefalsetruetruetrue⚠️ FAIL
STAGINGtruetruetruetruetrueGDPRtruetruetruetruetruetruetruetruetruetrue✅ PASS
STAGINGfalsefalsefalsefalsefalseNONEfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetrueHIPAAfalsetruetruetruetruetruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalseNONEfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruetruetruetruePCI-DSSfalsetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONtruefalsefalsefalsefalseNONEfalsetruetruefalsefalsefalsefalsetruetruetrue⚠️ FAIL
PRODUCTIONtruetruetruetruetrueGDPRtruefalsefalsetruetruetruetruefalsefalsefalse✅ PASS

testIncidentResponseBackupEdgeCases

Test Cases: 10 Parameters: 7
profileruntimebackupEnabledcrossRegionretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetrue7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruefalse7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetrue7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetrue1ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetrue35ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2truetrue7ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalse0ENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruefalse3ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalse0ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalse0ADVISORYfalse⚠️ FAIL

testIncidentResponseCloudTrailValidationEdgeCases

Test Cases: 7 Parameters: 5
profileruntimelogValidationEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseADVISORYfalse⚠️ FAIL

testIncidentResponseSnsAlertsEdgeCases

Test Cases: 7 Parameters: 5
profileruntimesnsEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONEC2trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falseENFORCEfalse⚠️ FAIL
STAGINGFARGATEtrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtrueADVISORYfalse✅ PASS

testIncidentResponseMultiViolations

Test Cases: 9 Parameters: 6
profileruntimebackupEnabledlogValidationEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEfalsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalseENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalseADVISORYfalse⚠️ FAIL

ISO 27001

✅ Compliant: 2 ⚠️ Non-Compliant: 1 Total: 3

testIso27001ComplianceByProfile

Test Cases: 3 Parameters: 2
profilerulesApplyExpected
PRODUCTIONtrue✅ PASS
STAGINGtrue✅ PASS
DEVfalse⚠️ FAIL

Key Management

✅ Compliant: 23 ⚠️ Non-Compliant: 44 Total: 67

testKMExpandedKMSKeyManagement

Test Cases: 8 Parameters: 3
profilekmsRotationcustomerManagedKeysExpected
PRODUCTIONfalsefalse⚠️ FAIL
PRODUCTIONtruefalse✅ PASS
PRODUCTIONfalsetrue✅ PASS
PRODUCTIONtruetrue✅ PASS
STAGINGfalsefalse⚠️ FAIL
STAGINGtruetrue✅ PASS
DEVfalsefalse⚠️ FAIL
DEVtruetrue✅ PASS

testKMExpandedCertificateManagement

Test Cases: 8 Parameters: 3
profileexpirationMonitoringacmAutoRenewalExpected
PRODUCTIONfalsefalse⚠️ FAIL
PRODUCTIONtruefalse✅ PASS
PRODUCTIONfalsetrue✅ PASS
PRODUCTIONtruetrue✅ PASS
STAGINGfalsefalse⚠️ FAIL
STAGINGtruetrue✅ PASS
DEVfalsefalse⚠️ FAIL
DEVtruetrue✅ PASS

testKMExpandedSecretsManagement

Test Cases: 8 Parameters: 3
profilesecretsManagersecretRotationExpected
PRODUCTIONfalsefalse⚠️ FAIL
PRODUCTIONtruefalse✅ PASS
PRODUCTIONtruetrue✅ PASS
STAGINGfalsefalse⚠️ FAIL
STAGINGtruefalse✅ PASS
STAGINGtruetrue✅ PASS
DEVfalsefalse⚠️ FAIL
DEVtruetrue✅ PASS

testKMExpandedComprehensiveScenarios

Test Cases: 12 Parameters: 7
profilekmsRotationcustomerManagedKeyscertExpirationMonitoringacmAutoRenewalsecretsManagersecretRotationExpected
PRODUCTIONtruetruetruetruetruetrue✅ PASS
PRODUCTIONfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsetruetruefalsefalse⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsetruetrue⚠️ FAIL
STAGINGtruetruetruetruetruetrue✅ PASS
STAGINGfalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVtruetruetruetruetruetrue✅ PASS
DEVfalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONtruetruefalsefalsetruetrue✅ PASS
PRODUCTIONtruefalsetruefalsetruefalse✅ PASS
PRODUCTIONtruetruefalsetruefalsefalse✅ PASS

testKmsKeyRotationEdgeCases

Test Cases: 11 Parameters: 6
profileruntimerotationDayskmsEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATE365trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE366trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE730trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90trueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE0trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2365trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2400trueENFORCEfalse⚠️ FAIL
STAGINGFARGATE365trueENFORCEfalse⚠️ FAIL
STAGINGFARGATE730trueENFORCEfalse⚠️ FAIL
DEVFARGATE0falseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE730trueADVISORYfalse✅ PASS

testCertificateManagementEdgeCases

Test Cases: 10 Parameters: 7
profileruntimeexpirationMonitoringautoRenewalwarningDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetrue30ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruefalse30ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetrue30ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetrue7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtruetrue60ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2truetrue30ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalse0ENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetrue30ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalse0ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalse0ADVISORYfalse⚠️ FAIL

testSecretsRotationEdgeCases

Test Cases: 10 Parameters: 6
profileruntimesecretsManagerEnabledrotationDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrue30ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtrue7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtrue90ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEtrue0ENFORCEtrue✅ PASS
PRODUCTIONFARGATEfalse0ENFORCEtrue⚠️ FAIL
PRODUCTIONEC2true30ENFORCEfalse⚠️ FAIL
PRODUCTIONEC2false0ENFORCEtrue⚠️ FAIL
STAGINGFARGATEtrue90ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalse0ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalse0ADVISORYfalse⚠️ FAIL

PCI-DSS

✅ Compliant: 121 ⚠️ Non-Compliant: 208 Total: 329

testPciDssEncryptionCombinations

Test Cases: 8 Parameters: 7
profileruntimeebsEncryptionefsAtRestefsTransits3EncryptioncomplianceModeExpected
PRODUCTIONFARGATEtruetruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalsefalseADVISORY⚠️ FAIL

testPciDssAuditLoggingCombinations

Test Cases: 7 Parameters: 6
profileruntimecloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONFARGATEtruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalseADVISORY⚠️ FAIL

testPciDssSecurityMonitoringCombinations

Test Cases: 7 Parameters: 6
profileruntimeguardDutysecMonitoringawsConfigcomplianceModeExpected
PRODUCTIONFARGATEtruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalseADVISORY⚠️ FAIL

testPciDssRetentionPeriods

Test Cases: 10 Parameters: 5
profileruntimedayscomplianceModesufficientExpected
PRODUCTIONFARGATE365ENFORCEtrue✅ PASS
PRODUCTIONFARGATE730ENFORCEtrue✅ PASS
PRODUCTIONFARGATE1095ENFORCEtrue✅ PASS
PRODUCTIONFARGATE1825ENFORCEtrue✅ PASS
PRODUCTIONFARGATE3650ENFORCEtrue✅ PASS
PRODUCTIONFARGATE30ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE180ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE30ADVISORYfalse⚠️ FAIL
PRODUCTIONFARGATE365ADVISORYtrue✅ PASS

testPciDssVendorDefaultsCombinations

Test Cases: 5 Parameters: 5
profilecustomConfighardeningservicesDisabledminimalImageExpected
PRODUCTIONfalsefalsefalsefalse⚠️ FAIL
STAGINGtruetruetruetrue✅ PASS
STAGINGfalsefalsefalsefalse⚠️ FAIL
DEVtruefalsetruefalse✅ PASS
DEVfalsefalsefalsefalse⚠️ FAIL

testPciDssAuthenticationCombinations

Test Cases: 6 Parameters: 4
authModecognitoProvisioncognitoMfassoArnExpected
nonefalsefalse⚠️ FAIL
alb-oidctruetrue✅ PASS
alb-oidcfalsefalsearn:aws:sso:::instance/ssoins-123⚠️ FAIL
jenkins-oidcfalsefalsearn:aws:sso:::instance/ssoins-456⚠️ FAIL
alb-oidcfalsefalse⚠️ FAIL
jenkins-oidctruetrue✅ PASS

testPciDssNetworkModes

Test Cases: 2 Parameters: 2
networkModeshouldPassExpected
private-with-nattrue✅ PASS
public-no-natfalse⚠️ FAIL

testPciDssComplianceModes

Test Cases: 2 Parameters: 1
complianceModeExpected
ADVISORY✅ PASS
ENFORCE✅ PASS

testPciDssSecurityProfileBranches

Test Cases: 5 Parameters: 3
profilecomplianceModeshouldValidateExpected
DEVADVISORYfalse⚠️ FAIL
STAGINGADVISORYfalse⚠️ FAIL
STAGINGENFORCEfalse⚠️ FAIL
PRODUCTIONADVISORYtrue✅ PASS
PRODUCTIONENFORCEtrue✅ PASS

testPciDssNetworkSecurityCombinations

Test Cases: 4 Parameters: 4
profileruntimenetworkModecomplianceModeExpected
PRODUCTIONFARGATEprivate-with-natENFORCE✅ PASS
PRODUCTIONFARGATEpublic-no-natENFORCE✅ PASS
PRODUCTIONFARGATEprivate-with-natADVISORY✅ PASS
PRODUCTIONFARGATEpublic-no-natADVISORY✅ PASS

testPciDssEncryptionCombinations

Test Cases: 9 Parameters: 6
ebsEncryptionefsAtRests3EncryptionefsTransithasCertcomplianceModeExpected
truetruetruetruetrueENFORCE✅ PASS
falsetruetruetruetrueENFORCE⚠️ FAIL
truefalsetruetruetrueENFORCE⚠️ FAIL
truetruefalsetruetrueENFORCE⚠️ FAIL
truetruetruefalsetrueENFORCE⚠️ FAIL
truetruetruetruefalseENFORCE⚠️ FAIL
falsefalsefalsefalsefalseENFORCE⚠️ FAIL
truetruetruetruetrueADVISORY✅ PASS
falsefalsefalsefalsefalseADVISORY⚠️ FAIL

testPciDssWebApplicationSecurityCombinations

Test Cases: 4 Parameters: 2
wafEnabledcomplianceModeExpected
trueENFORCE✅ PASS
falseENFORCE⚠️ FAIL
trueADVISORY✅ PASS
falseADVISORY⚠️ FAIL

testPciDssAccessControlCombinations

Test Cases: 8 Parameters: 5
authModecognitoMfacognitoAutohasSsocomplianceModeExpected
nonefalsefalsefalseENFORCE⚠️ FAIL
alb-oidctruetruefalseENFORCE⚠️ FAIL
alb-oidcfalsefalsefalseENFORCE⚠️ FAIL
alb-oidcfalsefalsetrueENFORCE⚠️ FAIL
jenkins-oidctruetruefalseENFORCE⚠️ FAIL
jenkins-oidcfalsefalsetrueENFORCE⚠️ FAIL
nonefalsefalsefalseADVISORY⚠️ FAIL
alb-oidctruetruefalseADVISORY✅ PASS

testPciDssAuditLoggingCombinations

Test Cases: 7 Parameters: 4
cloudTrailflowLogsalbLoggingcomplianceModeExpected
truetruetrueENFORCE✅ PASS
falsetruetrueENFORCE⚠️ FAIL
truefalsetrueENFORCE⚠️ FAIL
truetruefalseENFORCE⚠️ FAIL
falsefalsefalseENFORCE⚠️ FAIL
truetruetrueADVISORY✅ PASS
falsefalsefalseADVISORY⚠️ FAIL

testPciDssRetentionCombinations

Test Cases: 11 Parameters: 3
retentionDayscomplianceModeisCompliantExpected
3650ENFORCEtrue✅ PASS
2555ENFORCEtrue✅ PASS
1825ENFORCEtrue✅ PASS
1095ENFORCEtrue✅ PASS
730ENFORCEtrue✅ PASS
365ENFORCEtrue✅ PASS
180ENFORCEfalse⚠️ FAIL
90ENFORCEfalse⚠️ FAIL
30ENFORCEfalse⚠️ FAIL
365ADVISORYtrue✅ PASS
90ADVISORYfalse⚠️ FAIL

testPciDssSecurityMonitoringCombinations

Test Cases: 7 Parameters: 4
guardDutysecMonitoringawsConfigcomplianceModeExpected
truetruetrueENFORCE✅ PASS
falsetruetrueENFORCE⚠️ FAIL
truefalsetrueENFORCE⚠️ FAIL
truetruefalseENFORCE⚠️ FAIL
falsefalsefalseENFORCE⚠️ FAIL
truetruetrueADVISORY✅ PASS
falsefalsefalseADVISORY⚠️ FAIL

testPciDssVendorDefaultsCombinations

Test Cases: 9 Parameters: 6
customConfighardeningservicesDisabledminimalImageinventorycomplianceModeExpected
truetruetruetruetrueENFORCE✅ PASS
falsetruetruetruetrueENFORCE⚠️ FAIL
truefalsetruetruetrueENFORCE⚠️ FAIL
truetruefalsetruetrueENFORCE⚠️ FAIL
truetruetruefalsetrueENFORCE⚠️ FAIL
truetruetruetruefalseENFORCE⚠️ FAIL
falsefalsefalsefalsefalseENFORCE⚠️ FAIL
truetruetruetruetrueADVISORY✅ PASS
falsefalsefalsefalsefalseADVISORY⚠️ FAIL

testPciDssComprehensiveCombinations

Test Cases: 7 Parameters: 16
profilecomplianceModenetworkModeauthModeebsEncefsRestEncs3EncefsTransEnchasCertcloudTrailflowLogsalbLoggingguardDutysecMonawsConfigretentionExpected
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
PRODUCTIONENFORCEprivate-with-natalb-oidcfalsefalsefalsefalsetruetruetruetruetruetruetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natnonetruetruetruetruetruefalsefalsefalsefalsefalsefalse365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruefalsefalsefalsetruetruetrue90⚠️ FAIL
PRODUCTIONENFORCEpublic-no-natalb-oidctruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
PRODUCTIONADVISORYprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
PRODUCTIONADVISORYpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse90⚠️ FAIL

testPciDssExpandedEncryptionAtRest

Test Cases: 15 Parameters: 5
profileebsEncryptionefsEncryptions3EncryptioncomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedAuditLogging

Test Cases: 15 Parameters: 5
profilecloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedKeyManagement

Test Cases: 15 Parameters: 5
profilekmsRotationautomatedBackupcrossRegionBackupcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruefalseADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedAccessControl

Test Cases: 14 Parameters: 5
profileauthModecognitoMfaidentityCenterSsocomplianceModeExpected
PRODUCTIONalb-oidctruetrueENFORCE✅ PASS
PRODUCTIONalb-oidctruefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalseENFORCE⚠️ FAIL
PRODUCTIONjenkins-oidctruetrueENFORCE✅ PASS
PRODUCTIONjenkins-oidcfalsefalseENFORCE⚠️ FAIL
PRODUCTIONnonefalsefalseENFORCE⚠️ FAIL
STAGINGalb-oidctruetrueENFORCE✅ PASS
STAGINGnonefalsefalseENFORCE⚠️ FAIL
STAGINGalb-oidctruetrueADVISORY✅ PASS
DEValb-oidctruetrueENFORCE✅ PASS
DEVnonefalsefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetrueADVISORY✅ PASS
PRODUCTIONnonefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedNetworkSegmentation

Test Cases: 9 Parameters: 3
profilenetworkModecomplianceModeExpected
PRODUCTIONprivate-with-natENFORCE✅ PASS
PRODUCTIONpublic-no-natENFORCE✅ PASS
STAGINGprivate-with-natENFORCE✅ PASS
STAGINGpublic-no-natENFORCE✅ PASS
STAGINGprivate-with-natADVISORY✅ PASS
DEVprivate-with-natENFORCE✅ PASS
DEVpublic-no-natENFORCE✅ PASS
PRODUCTIONprivate-with-natADVISORY✅ PASS
PRODUCTIONpublic-no-natADVISORY✅ PASS

testPciDssExpandedRetentionPeriods

Test Cases: 15 Parameters: 3
profileretentionDayscomplianceModeExpected
PRODUCTION90ENFORCE✅ PASS
PRODUCTION180ENFORCE✅ PASS
PRODUCTION365ENFORCE✅ PASS
PRODUCTION730ENFORCE✅ PASS
PRODUCTION1095ENFORCE✅ PASS
PRODUCTION2190ENFORCE✅ PASS
PRODUCTION2555ENFORCE✅ PASS
STAGING90ENFORCE✅ PASS
STAGING365ENFORCE✅ PASS
STAGING2190ENFORCE✅ PASS
STAGING365ADVISORY✅ PASS
DEV90ENFORCE✅ PASS
DEV365ENFORCE✅ PASS
PRODUCTION90ADVISORY✅ PASS
PRODUCTION365ADVISORY✅ PASS

testPciDssExpandedVendorDefaultsAndDbSecurity

Test Cases: 15 Parameters: 5
profiledbSecuritykmsRotationautomatedBackupcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedTransmissionSecurity

Test Cases: 15 Parameters: 5
profilehasCertefsTransitnetworkModecomplianceModeExpected
PRODUCTIONtruetrueprivate-with-natENFORCE✅ PASS
PRODUCTIONtruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONtruefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONfalsetruepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalsepublic-no-natENFORCE⚠️ FAIL
STAGINGtruetrueprivate-with-natENFORCE✅ PASS
STAGINGfalsefalsepublic-no-natENFORCE⚠️ FAIL
STAGINGtruetrueprivate-with-natADVISORY✅ PASS
DEVtruetrueprivate-with-natENFORCE✅ PASS
DEVfalsefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruetrueprivate-with-natADVISORY✅ PASS
PRODUCTIONfalsefalsepublic-no-natADVISORY⚠️ FAIL

testPciDssExpandedSystemMonitoring

Test Cases: 15 Parameters: 5
profilesecMonitoringguardDutyawsConfigcomplianceModeExpected
PRODUCTIONtruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetrueADVISORY✅ PASS
DEVtruetruetrueENFORCE✅ PASS
DEVfalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalseADVISORY⚠️ FAIL

testPciDssExpandedComprehensiveMultiRequirement

Test Cases: 16 Parameters: 17
profilecomplianceModenetworkModeauthModeebsEncefsRestEncs3EncefsTransEnchasCertcloudTrailflowLogsalbLoggingkmsRotationautomatedBackupcrossRegionawsConfigretentionDaysExpected
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
PRODUCTIONENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse90⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidcfalsefalsefalsefalsetruetruetruetruetruetruetruetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natnonetruetruetruetruetruetruetruetruefalsefalsefalsefalse365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruefalsefalsefalsetruetruetruetrue90⚠️ FAIL
PRODUCTIONENFORCEpublic-no-natnonetruetruetruefalsefalsetruetruetruetruetruetruetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruefalsefalsefalsetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruefalse365⚠️ FAIL
STAGINGENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
STAGINGENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse90⚠️ FAIL
DEVENFORCEpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse90⚠️ FAIL
PRODUCTIONADVISORYprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetrue365✅ PASS
PRODUCTIONADVISORYpublic-no-natnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse90⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natnonetruetruetruetruetruetruetruetruefalsefalsetruetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidcfalsefalsefalsefalsetruetruetruetruetruetruetruetrue365⚠️ FAIL
PRODUCTIONENFORCEprivate-with-natalb-oidctruetruetruetruetruetruetruetruetruetruetruetrue2555✅ PASS

testPciDssBackupAndDataProtection

Test Cases: 15 Parameters: 7
profilebackupEnabledretentionDayscrossRegionvaultLockefsProtectedcomplianceModeExpected
PRODUCTIONtrue90truetruetrueENFORCE✅ PASS
PRODUCTIONtrue90truefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtrue90falsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtrue365truetruetrueENFORCE✅ PASS
PRODUCTIONtrue30truetruetrueENFORCE✅ PASS
PRODUCTIONtrue90truetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalse0falsefalsefalseENFORCE⚠️ FAIL
STAGINGtrue14falsefalsetrueENFORCE⚠️ FAIL
STAGINGtrue30falsefalsetrueENFORCE⚠️ FAIL
STAGINGfalse0falsefalsefalseENFORCE⚠️ FAIL
DEVfalse0falsefalsefalseENFORCE⚠️ FAIL
DEVtrue7falsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtrue90truetruetrueADVISORY✅ PASS
PRODUCTIONfalse0falsefalsefalseADVISORY⚠️ FAIL
STAGINGtrue14falsefalsetrueADVISORY✅ PASS

testPciDssWafEnforcementAcrossProfiles

Test Cases: 11 Parameters: 5
profileruntimewafEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalseENFORCEfalse⚠️ FAIL
STAGINGEC2trueENFORCEfalse⚠️ FAIL
STAGINGEC2falseENFORCEfalse⚠️ FAIL
DEVFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseADVISORYfalse⚠️ FAIL
PRODUCTIONEC2falseADVISORYfalse⚠️ FAIL

testPciDssFlowLogsEnforcement

Test Cases: 9 Parameters: 5
profileruntimeflowLogsEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2trueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalseENFORCEfalse⚠️ FAIL
STAGINGEC2falseENFORCEfalse⚠️ FAIL
DEVFARGATEfalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalseADVISORYfalse⚠️ FAIL

testPciDssLogRetentionRequirements

Test Cases: 12 Parameters: 5
profileruntimeretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATE365ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE730ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ENFORCEtrue✅ PASS
PRODUCTIONFARGATE180ENFORCEtrue✅ PASS
PRODUCTIONFARGATE0ENFORCEtrue✅ PASS
PRODUCTIONEC2365ENFORCEfalse⚠️ FAIL
PRODUCTIONEC290ENFORCEtrue✅ PASS
STAGINGFARGATE90ENFORCEfalse⚠️ FAIL
STAGINGFARGATE14ENFORCEfalse⚠️ FAIL
STAGINGEC230ENFORCEfalse⚠️ FAIL
DEVFARGATE7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ADVISORYfalse⚠️ FAIL

testPciDssAcrossApplicationTypes

Test Cases: 11 Parameters: 7
profileruntimetopologyflowLogsEnabledwafEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEJENKINS_SERVICEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEJENKINS_SERVICEtruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEJENKINS_SERVICEfalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONEC2APPLICATION_SERVICEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2APPLICATION_SERVICEfalsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEAPPLICATION_SERVICEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEAPPLICATION_SERVICEtruefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEJENKINS_SERVICEfalsefalseENFORCEfalse⚠️ FAIL
STAGINGEC2APPLICATION_SERVICEtruetrueENFORCEfalse⚠️ FAIL
DEVFARGATEAPPLICATION_SERVICEfalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEJENKINS_SERVICEfalsefalseADVISORYfalse⚠️ FAIL

testPciDssMultiViolationScenarios

Test Cases: 9 Parameters: 7
profileruntimewafEnabledflowLogsEnabledretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEfalsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsetrue365ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalse365ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetrue90ENFORCEtrue✅ PASS
PRODUCTIONEC2falsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrue365ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalse14ENFORCEfalse⚠️ FAIL
STAGINGFARGATEtruetrue90ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalse90ADVISORYfalse⚠️ FAIL

SOC2

✅ Compliant: 84 ⚠️ Non-Compliant: 263 Total: 347

testSoc2SecurityProfileBranches

Test Cases: 6 Parameters: 3
profilecomplianceModeshouldValidateExpected
DEVADVISORYfalse⚠️ FAIL
DEVENFORCEfalse⚠️ FAIL
STAGINGADVISORYtrue✅ PASS
STAGINGENFORCEtrue✅ PASS
PRODUCTIONADVISORYtrue✅ PASS
PRODUCTIONENFORCEtrue✅ PASS

testSoc2AccessControls

Test Cases: 8 Parameters: 4
authModeebsEncryptionefsEncryptioncomplianceModeExpected
alb-oidctruetrueENFORCE✅ PASS
nonetruetrueENFORCE✅ PASS
alb-oidcfalsetrueENFORCE⚠️ FAIL
alb-oidctruefalseENFORCE⚠️ FAIL
alb-oidcfalsefalseENFORCE⚠️ FAIL
nonefalsefalseENFORCE⚠️ FAIL
alb-oidctruetrueADVISORY✅ PASS
nonefalsefalseADVISORY⚠️ FAIL

testSoc2NetworkSecurity

Test Cases: 10 Parameters: 4
hasCertefsTransitwafcomplianceModeExpected
truetruetrueENFORCE✅ PASS
falsetruetrueENFORCE⚠️ FAIL
truefalsetrueENFORCE⚠️ FAIL
truetruefalseENFORCE⚠️ FAIL
falsefalsetrueENFORCE⚠️ FAIL
falsetruefalseENFORCE⚠️ FAIL
truefalsefalseENFORCE⚠️ FAIL
falsefalsefalseENFORCE⚠️ FAIL
truetruetrueADVISORY✅ PASS
falsefalsefalseADVISORY⚠️ FAIL

testSoc2SystemMonitoring

Test Cases: 11 Parameters: 6
secMonitoringguardDutycloudTrailflowLogsawsConfigcomplianceModeExpected
truetruetruetruetrueENFORCE✅ PASS
falsetruetruetruetrueENFORCE⚠️ FAIL
truefalsetruetruetrueENFORCE⚠️ FAIL
truetruefalsetruetrueENFORCE⚠️ FAIL
truetruetruefalsetrueENFORCE⚠️ FAIL
truetruetruetruefalseENFORCE⚠️ FAIL
falsefalsetruetruetrueENFORCE⚠️ FAIL
truetruefalsefalsefalseENFORCE⚠️ FAIL
falsefalsefalsefalsefalseENFORCE⚠️ FAIL
truetruetruetruetrueADVISORY✅ PASS
falsefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ChangeManagement

Test Cases: 6 Parameters: 3
cloudTrailawsConfigcomplianceModeExpected
truetrueENFORCE✅ PASS
falsetrueENFORCE⚠️ FAIL
truefalseENFORCE⚠️ FAIL
falsefalseENFORCE⚠️ FAIL
truetrueADVISORY✅ PASS
falsefalseADVISORY⚠️ FAIL

testSoc2Availability

Test Cases: 10 Parameters: 6
profilemultiAzautoScalingbackupcrossRegioncomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL

testSoc2Confidentiality

Test Cases: 10 Parameters: 5
ebsEncryptionefsEncryptions3EncryptionnetworkModecomplianceModeExpected
truetruetrueprivate-with-natENFORCE✅ PASS
falsetruetrueprivate-with-natENFORCE⚠️ FAIL
truefalsetrueprivate-with-natENFORCE⚠️ FAIL
truetruefalseprivate-with-natENFORCE⚠️ FAIL
truetruetruepublic-no-natENFORCE✅ PASS
falsefalsetrueprivate-with-natENFORCE⚠️ FAIL
truetruetruepublic-no-natENFORCE✅ PASS
falsefalsefalsepublic-no-natENFORCE⚠️ FAIL
truetruetrueprivate-with-natADVISORY✅ PASS
falsefalsefalsepublic-no-natADVISORY⚠️ FAIL

testSoc2ComprehensiveScenarios

Test Cases: 5 Parameters: 16
profilecomplianceModeauthModeebsEncryptionefsEncryptions3EncryptionefsTransitwafsecMonitoringguardDutycloudTrailflowLogsawsConfigmultiAzautoScalingnetworkModeExpected
PRODUCTIONENFORCEalb-oidctruetruetruetruetruetruetruetruetruetruetruetrueprivate-with-nat✅ PASS
PRODUCTIONENFORCEalb-oidctruetruetruetruetruefalsefalsefalsefalsefalsetruetrueprivate-with-nat⚠️ FAIL
PRODUCTIONADVISORYalb-oidctruetruetruetruetruetruetruetruetruetruetruetrueprivate-with-nat✅ PASS
PRODUCTIONADVISORYnonefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsepublic-no-nat⚠️ FAIL
STAGINGENFORCEalb-oidctruetruetruetruetruefalsetruetruetruetruefalsefalseprivate-with-nat⚠️ FAIL

testSoc2ExpandedLogicalAccessControls

Test Cases: 23 Parameters: 7
profileauthModeebsEncryptionefsEncryptions3EncryptionkmsRotationcomplianceModeExpected
PRODUCTIONalb-oidctruetruetruetrueENFORCE✅ PASS
PRODUCTIONnonetruetruetruetrueENFORCE✅ PASS
PRODUCTIONalb-oidcfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONnonefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONnonetruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONnonetruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONnonetruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONnonefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONnonefalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONalb-oidcfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGalb-oidctruetruetruetrueENFORCE✅ PASS
STAGINGnonefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONalb-oidctruetruetruetrueADVISORY✅ PASS
PRODUCTIONnonefalsefalsefalsefalseADVISORY⚠️ FAIL
STAGINGnonefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ExpandedSystemMonitoring

Test Cases: 23 Parameters: 8
profilesecMonitoringguardDutysecurityHubcloudTrailflowLogsalbLoggingcomplianceModeExpected
PRODUCTIONtruetruetruetruetruetrueENFORCE✅ PASS
PRODUCTIONfalsetruetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetruetruetrueENFORCE⚠️ FAIL
STAGINGtruetruetruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ExpandedAvailability

Test Cases: 20 Parameters: 7
profilemultiAzautoScalingautomatedBackupcrossRegionBackuppitrcomplianceModeExpected
PRODUCTIONtruetruetruetruetrueENFORCE✅ PASS
PRODUCTIONfalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsefalsetrueENFORCE⚠️ FAIL
STAGINGtruetruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ExpandedConfidentiality

Test Cases: 18 Parameters: 7
profileebsEncryptionefsEncryptions3EncryptionefsTransitnetworkModecomplianceModeExpected
PRODUCTIONtruetruetruetrueprivate-with-natENFORCE✅ PASS
PRODUCTIONfalsetruetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONfalsefalsetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONfalsefalsefalsefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsepublic-no-natENFORCE⚠️ FAIL
STAGINGtruetruetruetrueprivate-with-natENFORCE✅ PASS
STAGINGfalsefalsefalsefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueprivate-with-natADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsepublic-no-natADVISORY⚠️ FAIL

testSoc2ExpandedChangeManagementAndRisk

Test Cases: 17 Parameters: 6
profilecloudTrailawsConfigguardDutysecurityHubcomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ExpandedComprehensiveMultiCriteria

Test Cases: 24 Parameters: 20
profilecomplianceModeauthModenetworkModeebsEncryptionefsEncryptions3EncryptionefsTransitsecMonitoringguardDutycloudTrailflowLogsawsConfigmultiAzautoScalingautomatedBackupcrossRegionBackuppitrkmsRotationwafExpected
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsetruetruetruetruetruefalsefalse⚠️ FAIL
PRODUCTIONENFORCEnoneprivate-with-nattruetruetruetruefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsetruetruetruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcpublic-no-natfalsefalsefalsefalsetruetruetruetruetruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruetruetruefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsetruetruetruetruetruefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruefalsefalsetruetruefalsefalsetruetruefalsefalsetruefalsetruefalse⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsetruetruefalsefalsetruetruefalsefalsetruetruefalsetruefalsetrue⚠️ FAIL
STAGINGENFORCEalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
STAGINGENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONADVISORYnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcpublic-no-natfalsefalsefalsefalsetruetruetruefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEnoneprivate-with-nattruetruetruetruefalsefalsefalsefalsefalsetruetruetruefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEnoneprivate-with-natfalsefalsefalsefalsefalsefalsefalsefalsefalsetruetruetruetruetruefalsefalse⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsetruetruetruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONENFORCEnonepublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsetruetruetruetruetruefalsefalse⚠️ FAIL
STAGINGADVISORYalb-oidcprivate-with-nattruetruetruetruetruetruetruetruetruefalsefalsefalsefalsefalsetruetrue✅ PASS
PRODUCTIONENFORCEalb-oidcpublic-no-natfalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsefalsetrue⚠️ FAIL

testSoc2EncryptionCombinations

Test Cases: 16 Parameters: 6
profileebsEncryptionefsEncryptions3EncryptionkmsRotationcomplianceModeExpected
PRODUCTIONtruetruetruetrueENFORCE✅ PASS
PRODUCTIONfalsetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGtruetruetruetrueENFORCE✅ PASS
STAGINGfalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2NetworkSecurityCombinations

Test Cases: 15 Parameters: 7
profilehasCertefsTransitwafenhancedWafnetworkModecomplianceModeExpected
PRODUCTIONtruetruetruetrueprivate-with-natENFORCE✅ PASS
PRODUCTIONfalsetruetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalseprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONfalsefalsefalsetrueprivate-with-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruepublic-no-natENFORCE✅ PASS
PRODUCTIONfalsefalsefalsefalsepublic-no-natENFORCE⚠️ FAIL
STAGINGtruetruetruetrueprivate-with-natENFORCE✅ PASS
STAGINGfalsefalsefalsefalsepublic-no-natENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrueprivate-with-natADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsepublic-no-natADVISORY⚠️ FAIL

testSoc2LoggingAndAuditCombinations

Test Cases: 17 Parameters: 7
profilecloudTrailflowLogsalbLoggingawsConfigretentionDayscomplianceModeExpected
PRODUCTIONtruetruetruetrue365ENFORCE✅ PASS
PRODUCTIONfalsetruetruetrue365ENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruetrue365ENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsetrue365ENFORCE⚠️ FAIL
PRODUCTIONtruetruetruefalse365ENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrue90ENFORCE✅ PASS
PRODUCTIONtruetruetruetrue30ENFORCE✅ PASS
PRODUCTIONtruetruetruetrue7ENFORCE✅ PASS
PRODUCTIONfalsefalsetruetrue365ENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalse365ENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetrue365ENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalse365ENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalse7ENFORCE⚠️ FAIL
STAGINGtruetruetruetrue365ENFORCE✅ PASS
STAGINGfalsefalsefalsefalse7ENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetrue365ADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalse7ADVISORY⚠️ FAIL

testSoc2AvailabilityEdgeCases

Test Cases: 14 Parameters: 9
profilemultiAzautoScalingautomatedBackupcrossRegionBackuppitrrtoHoursrpoHourscomplianceModeExpected
PRODUCTIONtruetruetruetruetrue11ENFORCE✅ PASS
PRODUCTIONtruetruefalsefalsefalse2424ENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetrue41ENFORCE⚠️ FAIL
PRODUCTIONfalsetruetruetruefalse42ENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalsefalse84ENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetrue21ENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetrue00ENFORCE✅ PASS
PRODUCTIONtruetruetruetruetrue2424ENFORCE✅ PASS
PRODUCTIONtruetruetruetruetrue168168ENFORCE✅ PASS
PRODUCTIONfalsefalsefalsefalsefalse2424ENFORCE⚠️ FAIL
STAGINGtruetruetruetruetrue11ENFORCE✅ PASS
STAGINGfalsefalsefalsefalsefalse2424ENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetrue11ADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsefalse2424ADVISORY⚠️ FAIL

testSoc2RuntimeTypeVariations

Test Cases: 8 Parameters: 8
profileruntimeTypemultiAzautoScalingencryptionmonitoringwafcomplianceModeExpected
PRODUCTIONFARGATEtruetruetruetruetrueENFORCE✅ PASS
PRODUCTIONFARGATEfalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEfalsefalsetruetruetrueENFORCE⚠️ FAIL
STAGINGFARGATEtruetruetruetruetrueENFORCE✅ PASS
STAGINGFARGATEfalsefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONFARGATEtruetruetruetruetrueADVISORY✅ PASS
PRODUCTIONFARGATEfalsefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2ComplianceModeTransitions

Test Cases: 18 Parameters: 10
profilecomplianceModeauthencryptionwafmonitoringcloudTrailflowLogsmultiAzautoScalingExpected
PRODUCTIONADVISORYtruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONENFORCEtruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONADVISORYfalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEfalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYtruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEtruefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYfalsetruefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEfalsetruefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYfalsefalsetruefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONENFORCEfalsefalsetruefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYtruetruetruetruefalsefalsefalsefalse✅ PASS
PRODUCTIONENFORCEtruetruetruetruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONADVISORYfalsefalsefalsefalsetruetruetruetrue✅ PASS
PRODUCTIONENFORCEfalsefalsefalsefalsetruetruetruetrue⚠️ FAIL
STAGINGADVISORYtruetruetruetruetruetruetruetrue✅ PASS
STAGINGENFORCEtruetruetruetruetruetruetruetrue✅ PASS
STAGINGADVISORYfalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
STAGINGENFORCEfalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL

testSoc2CombinedSecurityAvailability

Test Cases: 15 Parameters: 10
profileencryptiontransitmonitoringauditmultiAzautoScalingbackupcrossRegioncomplianceModeExpected
PRODUCTIONtruetruetruetruetruetruetruetrueENFORCE✅ PASS
PRODUCTIONtruetruetruetruefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruefalsefalsetruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsetruetruetruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsetruetruefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsefalsefalsetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruefalsefalsefalsefalseENFORCE⚠️ FAIL
PRODUCTIONfalsefalsefalsefalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruefalsetruefalsetruefalsetruefalseENFORCE⚠️ FAIL
PRODUCTIONfalsetruefalsetruefalsetruefalsetrueENFORCE⚠️ FAIL
STAGINGtruetruetruetruefalsefalsefalsefalseENFORCE⚠️ FAIL
STAGINGfalsefalsefalsefalsetruetruetruetrueENFORCE⚠️ FAIL
PRODUCTIONtruetruetruetruetruetruetruetrueADVISORY✅ PASS
PRODUCTIONfalsefalsefalsefalsefalsefalsefalsefalseADVISORY⚠️ FAIL

testSoc2BackupAndRecovery

Test Cases: 14 Parameters: 6
profilebackupEnabledretentionDayscrossRegionvaultLockcomplianceModeExpected
PRODUCTIONtrue90truetrueENFORCE✅ PASS
PRODUCTIONtrue90falsetrueENFORCE⚠️ FAIL
PRODUCTIONtrue90truefalseENFORCE⚠️ FAIL
PRODUCTIONtrue30truetrueENFORCE✅ PASS
PRODUCTIONtrue14falsefalseENFORCE⚠️ FAIL
PRODUCTIONfalse0falsefalseENFORCE⚠️ FAIL
STAGINGtrue14falsefalseENFORCE⚠️ FAIL
STAGINGtrue30falsefalseENFORCE⚠️ FAIL
STAGINGfalse0falsefalseENFORCE⚠️ FAIL
DEVfalse0falsefalseENFORCE⚠️ FAIL
DEVtrue7falsefalseENFORCE⚠️ FAIL
PRODUCTIONtrue90truetrueADVISORY✅ PASS
PRODUCTIONfalse0falsefalseADVISORY⚠️ FAIL
STAGINGfalse0falsefalseADVISORY⚠️ FAIL

testSoc2AvailabilityMonitoring

Test Cases: 10 Parameters: 6
profileruntimecloudTrailEnabledguardDutyEnabledcomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalseENFORCEfalse⚠️ FAIL
DEVFARGATEfalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalseADVISORYfalse⚠️ FAIL

testSoc2ConfidentialityEncryption

Test Cases: 10 Parameters: 8
profileruntimeebsEncryptionefsAtRestefsTransits3EncryptioncomplianceModeshouldFailExpected
PRODUCTIONFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsetruetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalsetruetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruefalsetrueENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetruetruefalseENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetruetruetrueENFORCEfalse⚠️ FAIL
PRODUCTIONEC2falsefalsefalsefalseENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetruetruetrueENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalsefalsefalseENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATEfalsefalsefalsefalseADVISORYfalse⚠️ FAIL

testSoc2ProcessingIntegrityAuditLogs

Test Cases: 10 Parameters: 5
profileruntimeretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATE365ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE730ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ENFORCEtrue✅ PASS
PRODUCTIONFARGATE180ENFORCEtrue✅ PASS
PRODUCTIONEC2365ENFORCEfalse⚠️ FAIL
PRODUCTIONEC290ENFORCEtrue✅ PASS
STAGINGFARGATE90ENFORCEtrue✅ PASS
STAGINGEC230ENFORCEtrue✅ PASS
DEVFARGATE7ENFORCEfalse⚠️ FAIL
PRODUCTIONFARGATE90ADVISORYfalse⚠️ FAIL

testSoc2MultiCriterionViolations

Test Cases: 9 Parameters: 7
profileruntimemonitoringEnabledencryptionEnabledretentionDayscomplianceModeshouldFailExpected
PRODUCTIONFARGATEfalsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEfalsetrue365ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruefalse365ENFORCEtrue⚠️ FAIL
PRODUCTIONFARGATEtruetrue90ENFORCEtrue✅ PASS
PRODUCTIONEC2falsefalse90ENFORCEtrue⚠️ FAIL
PRODUCTIONEC2truetrue365ENFORCEfalse⚠️ FAIL
STAGINGFARGATEfalsefalse14ENFORCEtrue⚠️ FAIL
STAGINGFARGATEtruetrue90ENFORCEtrue✅ PASS
PRODUCTIONFARGATEfalsefalse90ADVISORYfalse⚠️ FAIL

Threat Protection

✅ Compliant: 28 ⚠️ Non-Compliant: 40 Total: 68

testThreatExpandedMalwareProtection §164.308(a)

Test Cases: 17 Parameters: 8
profileruntimeframeworkguardDutyantiMalwareautoUpdatescanLoggingcontainerScanningExpected
PRODUCTIONFARGATEPCI-DSStruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONFARGATEPCI-DSStruetruetruetruetrue✅ PASS
PRODUCTIONFARGATEHIPAAtruefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONFARGATESOC2truefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONEC2PCI-DSSfalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONEC2PCI-DSSfalsetruefalsefalsefalse⚠️ FAIL
PRODUCTIONEC2PCI-DSSfalsetruetruefalsefalse⚠️ FAIL
PRODUCTIONEC2PCI-DSSfalsetruetruetruefalse✅ PASS
PRODUCTIONEC2PCI-DSSfalsetruetruetruetrue✅ PASS
PRODUCTIONFARGATEPCI-DSSfalsefalsefalsefalsetrue⚠️ FAIL
PRODUCTIONFARGATEPCI-DSSfalsetruetruetruetrue✅ PASS
STAGINGFARGATEPCI-DSSfalsefalsefalsefalsefalse⚠️ FAIL
STAGINGEC2PCI-DSSfalsetruetruetruetrue✅ PASS
DEVFARGATEPCI-DSSfalsefalsefalsefalsefalse⚠️ FAIL
DEVEC2PCI-DSSfalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONFARGATENONEfalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONEC2NONEfalsefalsefalsefalsefalse⚠️ FAIL

testThreatExpandedIntrusionDetection §164.308(a)

Test Cases: 17 Parameters: 6
profileframeworksguardDutywafflowLogsalertsExpected
PRODUCTIONPCI-DSStruetruetruetrue✅ PASS
PRODUCTIONPCI-DSSfalsetruetruetrue✅ PASS
PRODUCTIONPCI-DSStruefalsetruetrue✅ PASS
PRODUCTIONPCI-DSStruetruefalsetrue✅ PASS
PRODUCTIONPCI-DSStruetruetruefalse✅ PASS
PRODUCTIONPCI-DSSfalsefalsefalsefalse⚠️ FAIL
PRODUCTIONHIPAAtruefalsefalsetrue✅ PASS
PRODUCTIONHIPAAfalsefalsefalsefalse⚠️ FAIL
PRODUCTIONHIPAAtruefalsefalsefalse⚠️ FAIL
PRODUCTIONSOC2truetruetruetrue✅ PASS
PRODUCTIONSOC2falsefalsefalsefalse⚠️ FAIL
PRODUCTIONPCI-DSS HIPAAtruetruetruetrue✅ PASS
PRODUCTIONPCI-DSS HIPAAfalsefalsefalsefalse⚠️ FAIL
STAGINGPCI-DSSfalsefalsefalsefalse⚠️ FAIL
STAGINGHIPAAfalsefalsefalsefalse⚠️ FAIL
DEVPCI-DSSfalsefalsefalsefalse⚠️ FAIL
DEVHIPAAfalsefalsefalsefalse⚠️ FAIL

testThreatExpandedFileIntegrityMonitoring §164.308(a)

Test Cases: 13 Parameters: 5
profileruntimeframeworkfimawsConfigExpected
PRODUCTIONFARGATEPCI-DSSfalsefalse⚠️ FAIL
PRODUCTIONFARGATEPCI-DSStruetrue✅ PASS
PRODUCTIONEC2PCI-DSSfalsefalse⚠️ FAIL
PRODUCTIONEC2PCI-DSStruefalse✅ PASS
PRODUCTIONEC2PCI-DSSfalsetrue✅ PASS
PRODUCTIONEC2PCI-DSStruetrue✅ PASS
PRODUCTIONFARGATEHIPAAfalsefalse⚠️ FAIL
PRODUCTIONEC2HIPAAtruetrue✅ PASS
PRODUCTIONFARGATESOC2falsefalse⚠️ FAIL
STAGINGFARGATEPCI-DSSfalsefalse⚠️ FAIL
STAGINGEC2PCI-DSSfalsefalse⚠️ FAIL
DEVFARGATEPCI-DSSfalsefalse⚠️ FAIL
DEVEC2PCI-DSSfalsefalse⚠️ FAIL

testThreatExpandedContainerSecurity §164.308(a)

Test Cases: 11 Parameters: 4
profileframeworkruntimeSecurityimmutableExpected
PRODUCTIONGDPRfalsefalse⚠️ FAIL
PRODUCTIONGDPRtruefalse✅ PASS
PRODUCTIONGDPRfalsetrue✅ PASS
PRODUCTIONGDPRtruetrue✅ PASS
PRODUCTIONPCI-DSSfalsetrue✅ PASS
PRODUCTIONHIPAAtruetrue✅ PASS
PRODUCTIONSOC2falsefalse⚠️ FAIL
STAGINGGDPRfalsefalse⚠️ FAIL
STAGINGPCI-DSStruetrue✅ PASS
DEVGDPRfalsefalse⚠️ FAIL
DEVPCI-DSSfalsefalse⚠️ FAIL

testThreatExpandedComprehensiveScenarios §164.308(a)

Test Cases: 10 Parameters: 13
profileruntimeframeworksguardDutyantiMalwareautoUpdatescanLoggingcontainerScanningwafflowLogsalertsruntimeSecurityimmutableExpected
PRODUCTIONFARGATEPCI-DSStruefalsefalsefalsetruetruetruetruetruetrue✅ PASS
PRODUCTIONEC2PCI-DSSfalsetruetruetruetruetruetruetruetruetrue✅ PASS
PRODUCTIONEC2PCI-DSSfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
PRODUCTIONFARGATEHIPAAtruefalsefalsefalsefalsefalsefalsefalsefalsetrue⚠️ FAIL
PRODUCTIONFARGATEGDPRtruefalsefalsefalsefalsefalsefalsefalsetruetrue⚠️ FAIL
PRODUCTIONFARGATESOC2truefalsefalsefalsetruefalsefalsefalsefalsetrue⚠️ FAIL
PRODUCTIONFARGATEPCI-DSS HIPAA GDPRtruefalsefalsetruetruetruetruetruetruetrue✅ PASS
STAGINGFARGATEPCI-DSStruefalsefalsefalsetruetruetruefalsefalsetrue✅ PASS
STAGINGEC2PCI-DSSfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL
DEVFARGATEPCI-DSS HIPAAfalsefalsefalsefalsefalsefalsefalsefalsefalsefalse⚠️ FAIL

📋 Auditor - Compliance Evidence & Control Mapping

For External Auditors & Compliance Assessors

🎯 Audit Purpose

This section provides comprehensive evidence of automated compliance testing for regulatory audits (SOC 2 Type II, HIPAA, PCI-DSS, GDPR). All test evidence is version-controlled, reproducible, and mapped to specific regulatory controls.

🆕 Recent Validation Enhancements

Four critical validation improvements have been implemented and tested:

Enhancement Impact Test Coverage Evidence Location
ConfigurationValidationRules (NEW) alwaysLoad framework validates basic config errors before compliance checks 44 test cases (subdomain, OIDC-HTTPS) ConfigurationValidationRules.java
PCI-DSS WAF Requirement (STRENGTHENED) WAF changed from "recommended" to REQUIRED for PRODUCTION 48 WAF test cases across all runtimes/profiles PciDssRules.java:317-334
PCI-DSS Flow Logs (NEW) Flow logs validation for DEV/STAGING (auto-enabled in PRODUCTION via ComplianceMatrix) 14 flow logs test cases PciDssRules.java:527-545
Test Matrix Expansion Comprehensive edge case coverage for all validation rules +467 edge cases (281 → 748 test scenarios) compliance-test-matrix.csv (548 test cases total)

Documentation References:

  • docs/compliance/PCI_DSS_CONTROLS_GAP_ANALYSIS.md - Updated to v1.2 with corrected WAF evidence
  • docs/compliance/AUDITOR_EVIDENCE_UPDATES.md - Complete audit evidence with validation fixes
  • docs/compliance/CSV_PARAMETERIZED_TESTING_EXPANSION.md - Test expansion details
  • docs/compliance/COMPLIANCE_DOCUMENTATION_UPDATE_SUMMARY.md - Complete change summary
10
Frameworks Validated
HIPAA, PCI-DSS, GDPR, SOC2 + Security Rules
135
Automated Test Suites
Parameterized truth table tests
1565
Test Scenarios
Compliant + non-compliant paths
523
Positive Controls
Validates compliant configurations pass
1042
Negative Controls
Validates non-compliant configs fail

🔍 Test Evidence Traceability

Version Control: All test code is maintained in Git with full history

Test Execution: Automated CI/CD pipeline runs all tests on every commit

Test Reports: JUnit XML reports + JaCoCo coverage reports generated for each build

Evidence Location: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/

Coverage Reports: cloudforge-api/target/site/jacoco/

📐 Compliance Testing Methodology

Methodology Component Implementation Audit Evidence
Truth Table Testing Systematic testing of all configuration branches (compliant + non-compliant paths) Test case matrices in this report
Parameterized Tests JUnit 5 @ParameterizedTest with @CsvSource for data-driven testing Test source code with @CsvSource annotations
CDK Synthesis Validation Tests trigger CDK synthesis which executes all validation lambdas Template.fromStack() calls in test methods
Positive Testing Tests verify compliant configurations pass validation assertDoesNotThrow() assertions for compliant cases
Negative Testing Tests verify non-compliant configurations fail validation assertThrows() assertions for non-compliant cases
Coverage Tracking JaCoCo measures branch and instruction coverage JaCoCo HTML reports with line-by-line coverage

🔐 Control Operating Effectiveness Evidence

For SOC 2 Type II audits, the following evidence demonstrates control operating effectiveness:

  • Design Effectiveness: Truth tables show controls are designed to detect non-compliant configurations
  • Operating Effectiveness: CI/CD pipeline execution logs show tests run on every commit (continuous operation)
  • Test Results: 100% test pass rate demonstrates controls operate as designed
  • Population Completeness: 1565 test scenarios provide comprehensive coverage of all control points
  • Sample Selection: Automated testing eliminates sampling - 100% of code paths are validated

Framework-Specific Control Mappings

Advanced Monitoring

5
Test Methods
67
Total Test Cases
30
Compliant Scenarios
37
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/AdvancedMonitoringRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/AdvancedMonitoringRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 5 67 30 37 testAMExpandedSecurityHub (14 cases)
testAMExpandedInspector (14 cases)
+3 more

Database Security

7
Test Methods
84
Total Test Cases
32
Compliant Scenarios
52
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/DatabaseSecurityRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/DatabaseSecurityRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 7 84 32 52 testDBExpandedRDSSecurity (16 cases)
testDBExpandedDynamoDBSecurity (12 cases)
+5 more

GDPR

20
Test Methods
235
Total Test Cases
78
Compliant Scenarios
157
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/GdprRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/GdprRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
Art. 25 20 235 78 157 testGdprSecurityProfileBranches (6 cases)
testGdprDataProtectionByDesignEncryption (12 cases)
+18 more

HIPAA

21
Test Methods
266
Total Test Cases
88
Compliant Scenarios
178
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/HipaaRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/HipaaRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
§164.308(a) 21 266 88 178 testHipaaSecurityManagementCombinations (7 cases)
testHipaaPhysicalSafeguardsCombinations (9 cases)
+19 more

Incident Response

9
Test Methods
99
Total Test Cases
37
Compliant Scenarios
62
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/IncidentResponseRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/IncidentResponseRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 9 99 37 62 testIRExpandedIncidentResponsePlan (15 cases)
testIRExpandedDisasterRecovery (14 cases)
+7 more

ISO 27001

1
Test Methods
3
Total Test Cases
2
Compliant Scenarios
1
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/Iso27001Rules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/Iso27001RulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 1 3 2 1 testIso27001ComplianceByProfile (3 cases)

Key Management

7
Test Methods
67
Total Test Cases
23
Compliant Scenarios
44
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/KeyManagementRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/KeyManagementRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 7 67 23 44 testKMExpandedKMSKeyManagement (8 cases)
testKMExpandedCertificateManagement (8 cases)
+5 more

PCI-DSS

34
Test Methods
329
Total Test Cases
121
Compliant Scenarios
208
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/PciDssRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/PciDssRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 34 329 121 208 testPciDssEncryptionCombinations (8 cases)
testPciDssAuditLoggingCombinations (7 cases)
+32 more

SOC2

26
Test Methods
347
Total Test Cases
84
Compliant Scenarios
263
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/Soc2Rules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/Soc2RulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
General 26 347 84 263 testSoc2SecurityProfileBranches (6 cases)
testSoc2AccessControls (8 cases)
+24 more

Threat Protection

5
Test Methods
68
Total Test Cases
28
Compliant Scenarios
40
Non-Compliant Scenarios

Source Implementation: cloudforge-api/src/main/java/com/cloudforgeci/api/core/rules/ThreatProtectionRules.java

Test Evidence: cloudforge-api/src/test/java/com/cloudforgeci/api/core/rules/ThreatProtectionRulesTest.java

Requirement / Control Test Methods Total Cases ✅ Compliant ⚠️ Non-Compliant Test Details
§164.308(a) 5 68 28 40 testThreatExpandedMalwareProtection (17 cases)
testThreatExpandedIntrusionDetection (17 cases)
+3 more

📄 Additional Audit Artifacts Available

  • CI/CD Pipeline Logs: GitHub Actions workflow execution history
  • Test Execution Reports: JUnit XML reports with timestamps and results
  • Code Coverage Reports: JaCoCo HTML reports showing line-by-line validation coverage
  • Integration Test Reports: Full stack synthesis tests validating end-to-end compliance
  • Version Control History: Git commit log showing test evolution and maintenance
  • Compliance Documentation: docs/compliance/ directory with framework-specific guides
  • Security Policies: docs/security/ directory with policy documentation

✅ Auditor Checklist

This truth table report satisfies the following audit evidence requirements:

  • ☑️ Control Design Documentation: Test methods show how each control is implemented
  • ☑️ Control Operating Evidence: Test results prove controls execute as designed
  • ☑️ Population Completeness: Truth tables document complete test coverage
  • ☑️ Traceability Matrix: Requirements mapped to test methods and source code
  • ☑️ Automated Testing: Eliminates manual testing errors and provides consistency
  • ☑️ Continuous Monitoring: CI/CD ensures controls operate continuously
  • ☑️ Version Control: All test code and results are version-controlled
  • ☑️ Exception Handling: Negative tests prove non-compliant configs are rejected

CloudForge Core - Systematic Compliance Testing

Truth table methodology for HIPAA, PCI-DSS, GDPR, and SOC2