ComplianceView: Compliance Monitoring
What is ComplianceView?
ComplianceView is a continuous compliance monitoring platform for financial services. It provides real-time visibility into the status of 96 security controls aligned with National Institute of Standards and Technology: organismo federal estadounidense que publica estándares técnicos ampliamente referenciados en ciberseguridad, incluyendo el Cybersecurity Framework y la familia SP 800.NIST SP 800-53r5, Estándar internacional para sistemas de gestión de seguridad de la información (SGSI). Define controles y proceso de auditoría certificable. Versión vigente: ISO/IEC 27001:2022.ISO 27001:2022, Digital Operational Resilience Act: reglamento UE 2022/2554 sobre resiliencia operativa digital. Exige a entidades financieras de la UE resistir, responder y recuperarse de incidentes TIC. En vigor desde 17 enero 2025. Leer más → DORA, and Fintech Open Source Foundation: fundación bajo la Linux Foundation centrada en open source para servicios financieros. Mantiene proyectos como CDM (Common Domain Model) y SDLC Controls referenciados en compliance.FINOS SDLC Controls.
The Problem
Financial organizations must demonstrate to regulators that they maintain active and continuously verified security controls. Manual audit processes and spreadsheets don't scale, produce false positives, and fail to provide real-time visibility into actual compliance status.
Value Proposition
Weighted Scoring
Scoring engine weighted by security zone (External 1.4x, Infra 1.2x, SDLC 1.1x) with maturity bonuses.
6 Automated Collectors
Automatic verification against Gitea, Trivy, GCP, Docker, Kubernetes, and NATS.
Built-in RBAC
Role-based access control with Keycloak OIDC (admin / auditor / viewer).
30-Day Trending
SVG sparkline tracking daily compliance score evolution.
Coverage Radar
Interactive radar chart showing coverage across security zones.
Modelo arquitectónico bajo el axioma "nunca confíes, verifica siempre". Cada acceso se verifica individualmente con identidad criptográfica, en cada interacción — sin importar si la petición viene de dentro o fuera de la red. Leer más → Zero Trust Native
Accessible as a Dark Service on the Empresa creadora de OpenZiti, respaldada por Cisco Investments. BlueUP es partner oficial: ofrece despliegue self-hosted y conectividad managed sobre su plataforma. Leer más → NetFoundry overlay (no internet exposure).
Product Presentation
Live Demo
The video showcases the interactive dashboard, automated collector execution, coverage radar, and audit timeline.
Target Audience
Compliance Officers
Monitor compliance status and generate regulatory reports.
CISOs
Gain executive visibility into security posture with weighted scoring.
IT Security
Run automated collectors and manage technical evidence.
External Auditors
Access the public Trust Center and export PDF/JSON/CSV reports.
Key Features
- Interactive Dashboard — Weighted score ring chart, real-time stats, 30-day sparkline, and zone coverage radar
- 96 Unified Controls — Cybersecurity Framework (84) + FINOS SDLC³ (12), cross-mapped to NIST, ISO 27001, and DORA
- 6 Automated Collectors — Gitea (branches, PRs, webhooks), Trivy (CVEs, SBOM), GCP (IAM, KMS, audit), Docker (root, secrets), Kubernetes (RBAC, network policies), NATS (mTLS, auth)
- Scheduling + Alerts — Configurable scheduling (6h/12h/24h/weekly) with notifications to Slack, Discord, and Microsoft Teams
- Audit Timeline — Immutable record of every status change with attached evidence
- Trust Center — Public transparency page with real-time control status
- Multi-format Export — Professional PDF, structured JSON, and CSV for auditors
Preview
Technology Stack
| Layer | Technology |
|---|---|
| Frontend | React 19, Vite 8, Dark Glassmorphism CSS |
| Backend | Express 5, SQLite, node-cron |
| Auth | Keycloak OIDC (PKCE), JWT/JWKS |
| Infrastructure | Docker, Gitea Actions CI/CD |
| Zero Trust | NetFoundry overlay (Dark Service) |
Regulatory Compliance
DORA, NIST SP 800-53r5, ISO 27001:2022, and FINOS SDLC³ — full regulatory coverage. → View compliance
Request a Demo
Personalized 30-minute session for your organization. → Request demo