Automating Compliance Management for the Hybrid Enterprise

The Cavirin platform removes security compliance as a barrier to cloud (AWS, Azure, and GCP) adoption by automating compliance of the broadest set of frameworks (NIST, DISA, etc.), benchmarks (CIS OS, cloud, and Docker), and guidelines (SOC, ISO, GDPR, PCI, HIPAA) available today. A customizable policy framework provides flexibility for enterprises so you can craft your own combinations of benchmarks and set risk levels, enabling you to move critical compliance workloads to the cloud with confidence.


  • Implementing proper controls to achieve compliance.
  • Access to documentation of compliance status for workloads running in the cloud and on-premise.
  • Auditing and reporting across multiple clouds.
  • Limited security controls being used by the cloud provider and the inability to know if they map to certifications required by your organization.

Compliance Requirements

  • Automation of compliance through frameworks, benchmarks and guidelines.
  • Ability to craft your own combination of benchmarks and set risk levels.
  • Real time visibility into your vulnerabilities in a hybrid infrastructure.
  • Simplified compliance reporting with prescriptive remediation.
Top Barriers to Cloud Adoption
Security for the Hybrid Environment

the solution = Cavirin

  • Regular assessments of security vulnerabilities with prescriptive remediations across your entire hybrid infrastructure (cloud, on-premise, and containers).
  • Immediate reports/documentation to support compliance with internal security policies to expedite the auditing process.
  • The richest library of security, risk, and regulatory frameworks with advanced compliance mapping.  Co-author of both Docker and Kubernetes Security Benchmarks from the beginning.
  • Complete visibility and management of your entire infrastructure enabling continuous improvement of your security posture.
  • Intelligent, proactive, and preventative cybersecurity and risk management.


Benefits of Cavirin

  • An automated robust cybersecurity, compliance and risk management based program utilizing the richest set of frameworks, benchmarks and guidelines available.
  • A single pane of glass view for compliance automation of diverse, hybrid infrastructures (On-premise, cloud, and Docker/containers).
  • Proactive security monitoring moving you from reactive to preventive. Improve results through data analytics and anomaly detection.  Predict events and provide recommendations for auto remediation.
  • Ability to fullfill multiple regulatory technical compliance requirements using advanced compliance mapping.
  • Introduction of risk security and compliance into code during your development, staging, and deployment cycles.

Security Benchmarks and Compliance Regulations

Cavirin's complete set of fully automated technical controls (IT security frameworks, benchmarks, and guidelines) with remediation guidance is key to building and maintaining a security program when migrating to the cloud. Now you can prove compliance for regulatory audits in the cloud or any hybrid infrastructure.

NIST Cybersecurity Guidelines / NIST 800-171
Cavirin actively supports and contributes to The National Institute of Standards and Technology (NIST) set of cybersecurity guidelines and standards of recommended security controls for information systems at government agencies.
hipaa, hitech automated cloud compliance
Cavirin's continuous automated security spans both on-premise and the cloud, ensuring that the technical controls are in place to protect ePHI and facilitate HIPAA and HiTECH compliance, including AWS HIPAA and GCP HIPAA if leveraging the public cloud.
GDRP deadline May 25, 2018
Cavirin will work closely with customers to ensure GDPR readiness, and will include the required technical control mappings between GDPR and benchmarks to facilitate compliance and meet the May 2018 deadline that is quickly approaching.
Cavirin co-authored both the Docker and Kubernetes CIS Security Benchmarks
Cavirin co-authored both Docker and Kubernetes Security Benchmarks from the beginning. Cavirin's platform integrates and reports results using today's current CIS Security Benchmarks as well as other security frameworks.
PCI cloud compliance
Continuous visibility into your hybrid infrastructure assessing security posture to industry standards and customized benchmarks, further providing prescriptive remediation guidance to meet PCI compliance requirements.
Shared Responsibility Model - AWS, Azure, GCP

The Customers' Role in the Shared Responsibility Model

According to Amazon, Google and Microsoft (today's key providers of public cloud platforms) it is their responsibility to manage the security of the cloud, security in the cloud is the responsibility of the customer. Docker (the leading software container platform) is also taking that position when it comes to security of its containers.  

This stance has become frustating for many organizations in regulated industries, who understand the value of thes architectures but are not sure what to do with regards on taking on the shared responsiblity and compliance management. That's where Cavirin fits in. 

Download this whitepaper to find out how Cavirin helps you meet these challenges.

Developed specifically for enterprise Cloud and Container environments

Google Cloud Platform
Microsoft Azure

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.