iValue Center of Excellence
Your Technology. Proven. Positioned. Sold.
• Sell outcomes, not features
BFSI Upsell Stack with Controls
BFSI (Banking, Financial Services, and Insurance) sector requires robust Identity and Access Management (IDAM) controls to ensure the security and integrity of sensitive financial data. The following table outlines the key IDAM control areas, consolidated requirements, and their alignment with various regulatory mandates such as CERT-In, RBI, SEBI CSCRF, IRDAI, DPDP, and NCIIPC.
| # | Domain | Control Area | Control Description | What it Secures | Technology Category | iValue OEM / Tools | CERT-In | RBI | SEBI CSCRF | IRDAI | DPDP | NCIIPC | PCI DSS 4.0 | ISO 27001:2022 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Governance | Security Governance & Policy | Enterprise security policy, roles, approvals, accountability | Enterprise | GRC/Governance | Whitehats | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 2 | Governance | Control Framework Mapping | Map controls to CERT-In/RBI/SEBI/IRDAI/DPDP/PCI/ISO | Compliance | GRC | Whitehats | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 3 | Governance | Risk Assessment (Enterprise) | Periodic cyber risk assessments; inherent/residual risk | Risk posture | Risk/GRC | Whitehats | ⬜ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 4 | Governance | Cyber Risk Quantification | Loss scenarios, financial impact modeling, cyber VaR | Business risk | Risk Quantification | Whitehats | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 5 | Governance | Compliance Evidence Management | Evidence collection, control attestation, audits | Audit readiness | GRC | Whitehats | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 6 | Governance | Regulatory Reporting Process | CERT-In incident reporting workflow & SLA tracking | Reg reporting | Process | Whitehats + SOC | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ |
| 7 | Governance | Third-Party Risk Management | Vendor/fintech/TPA risk onboarding, due diligence, reviews | Supply chain | TPRM | Whitehats, RSA | ⬜ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 8 | Governance | Security Awareness Program | Org-wide training, phishing drills, role-based training | People risk | Awareness | Progist | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 9 | Governance | Privacy Governance (DPDP) | DPO roles, privacy impact, purpose limitation governance | Personal data | Privacy/GRC | Whitehats | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 10 | Governance | BCP/DR Governance | BCP policy, DR tests, RTO/RPO governance | Resilience | BCP/DR | OpenText | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 11 | Governance | Secure Change Governance | CAB, approvals, change audit trail, segregation | Change integrity | ITSM | Symphony Summit / OpenText ITOM | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 12 | Governance | Asset Criticality & Crown Jewels | Crown jewel classification, criticality tiers, ownership | Asset risk | Asset Mgmt | OpenText ITOM (CMDB) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 13 | Governance | Incident Response Governance | IR policy, RACI, escalation, comms plans | IR readiness | IR Program | SOAR + Whitehats | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 14 | Governance | Tabletop / Simulation Drills | CXO ransomware drills, comms rehearsals, decision logs | Crisis readiness | IR Readiness | Whitehats + SOC | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 15 | Governance | Secure SDLC Governance | SSDLC policy, gates, exceptions, risk acceptance | App supply chain | SSDLC | OpenText Fortify, Digital.ai | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 16 | Governance | Records Retention Policy | Retention schedules, legal holds, mapping to DPDP | Data lifecycle | Data Lifecycle | Whitehats | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 17 | Governance | Secure Disposal & Proof | Deletion workflows + disposal evidence, audit trail | Data lifecycle | Data Lifecycle | Whitehats + OpenText | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 18 | Governance | Fraud–Cyber Fusion | Processes aligning fraud monitoring & cyber detections | Fraud signals | Process | SOC + UEBA | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ |
| 19 | Identity | Identity Governance (IGA) | Joiner/Mover/Leaver, access reviews, SoD checks | Identities | IGA | RSA | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 20 | Identity | SSO / Federation | SSO for workforce and partners | Authentication | SSO | RSA | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 21 | Identity | Adaptive MFA | Risk-based MFA for workforce/partners | Authentication | MFA | RSA + Yubico | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 22 | Identity | Passwordless (FIDO2) | Phishing-resistant authentication | Authentication | Strong Auth | Yubico | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 23 | Identity | CIAM | Customer IAM, step-up auth, consent-aware access | Customer identity | CIAM | RSA + Yubico | ⬜ | ⬜ | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 24 | Identity | Consent & Preference Mgmt | Capture/track consent; purpose limitation | Personal data | Consent Mgmt | Whitehats (governance) | ⬜ | ⬜ | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 25 | Identity | Privileged Access Management | Vaulting, approvals, JIT/JEA | Privileged accounts | PAM | CyberArk | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 26 | Identity | Privileged Session Management | Session recording, proxy, keystroke | Admin actions | PSM | CyberArk | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 27 | Identity | Secrets Management | App/API secrets vault & rotation | Secrets | Secrets Vault | CyberArk | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 28 | Identity | Endpoint Privilege Management | Least privilege on endpoints | Endpoints | EPM | CyberArk (EPM) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 29 | Identity | ITDR | Detect AD attacks (DCsync, Kerberoast, etc.) | Identity layer | ITDR | Tenable.AD | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 30 | Identity | NAC | Device identity & network admission control | Network access | NAC | Arista | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 31 | Identity | ZTNA | App-level zero trust access | App access | ZTNA | Netskope | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 32 | Identity | SASE | Secure access edge for users/branches | Edge access | SASE | Netskope | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 33 | Identity | CASB | SaaS visibility & policy control | SaaS data | CASB | Netskope | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 34 | Identity | SSPM | SaaS posture management | SaaS configs | SSPM | Netskope | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 35 | Identity | Remote Browser Isolation | Isolate browsing to reduce web-borne threats | Browser threats | RBI | Netskope RBI | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 36 | Identity | Secure Vendor Access | Vendor access controls + monitoring | Third-party access | ZTNA/PAM | Netskope + CyberArk | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 37 | Identity | Step-up for High-Risk Transactions | Dynamic authentication for risky actions | Fraud prevention | Risk-based Auth | RSA | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 38 | Identity | Authentication Logging to SIEM | Auth logs centralized for audit/detections | Auditability | Logging | Splunk / Chronicle / ArcSight | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 39 | Endpoint | Endpoint Protection (EPP) | Signature + exploit prevention baseline | Endpoints | EPP | SentinelOne | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 40 | Endpoint | Endpoint Detection & Response (EDR) | Behavioral detection & response | Endpoints | EDR | SentinelOne | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 41 | Endpoint | Threat Containment & Rollback | Isolation, remediation, rollback where supported | Endpoints | EDR Response | SentinelOne | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 42 | Endpoint | Endpoint Vulnerability Visibility | Endpoint CVE visibility and prioritization | Endpoints | VA | Tenable | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 43 | Endpoint | Endpoint Patch Compliance | Endpoint patch SLAs and exceptions | Endpoints | Patch Mgmt | OpenText ITOM | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 44 | Endpoint | Endpoint Hardening Baselines | CIS baselines, secure configs, drift control | Endpoints | Hardening | OpenText ITOM | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 45 | Endpoint | Endpoint Privilege Management | Least privilege and privilege elevation workflows | Endpoints | EPM | CyberArk (EPM) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 46 | Endpoint | Device Control | USB/peripheral policy enforcement | Data exfiltration | Device Control | Forcepoint | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 47 | Endpoint | Endpoint DLP | Monitor/control endpoint data use/storage/sharing | Personal/sensitive data | Endpoint DLP | Forcepoint | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 48 | Email Security | Email Security | Inbound/outbound email malware/phishing controls | Email Security | Forcepoint | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | |
| 49 | Email Security | BEC / Impersonation Defense | Spoofing, executive fraud defense, lookalike domains | Email fraud | Anti-BEC | Forcepoint + CloudSEK (brand) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 50 | Endpoint | User Awareness & Training | Role-based training + simulations | People | Awareness | Progist | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 51 | Endpoint | Endpoint Telemetry to SIEM | EDR/OS logs to SIEM for detections | Detection | Logging | SentinelOne + Splunk/Chronicle | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 52 | Endpoint | Endpoint Forensics Collection | Rapid triage and evidence collection | Evidence | DFIR | OpenText EnCase | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 53 | Network | Next-Gen Firewall | Perimeter security, IPS, app control | Network edge | NGFW | Check Point | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 54 | Network | IPS / Threat Prevention | Inline threat prevention and IPS | Network | IPS | Check Point | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 55 | Network | Network Segmentation / Policy | Crown-jewel isolation, micro-segmentation policy | Lateral movement | Segmentation | AlgoSec | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 56 | Network | Network Change Control | Firewall rule change risk analysis and approvals | Policy integrity | Policy Mgmt | AlgoSec | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 57 | Network | Secure Web Gateway | Web filtering + malware prevention | Internet access | SWG | Netskope | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 58 | Network | DDoS Protection | Availability protection at edge | Availability | DDoS | Thales (Imperva) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 59 | Network | NDR | Network detection and response | Network threats | NDR | Netscout | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ⬜ | ✅ |
| 60 | Network | NBAD | Behavioral analytics on traffic | Network anomalies | NBAD | Netscout | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ⬜ | ✅ |
| 61 | Network | PCAP / Taps | Full-fidelity packet capture | Network evidence | PCAP/TAP | Keysight / Netscout | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ⬜ | ✅ |
| 62 | Network | Network Packet Broker | Traffic aggregation & distribution | Visibility fabric | NPB | Keysight / Netscout | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ⬜ | ✅ |
| 63 | Network | NAC | Device admission control | Network access | NAC | Arista | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 64 | Network | Data Diode (Selective) | One-way telemetry export for crown jewels (where justified) | Command isolation | Data Diode | Terrafence | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ |
| 65 | Application Security | SAST | Static code security testing | Code | SAST | OpenText Fortify | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 66 | Application Security | DAST | Dynamic testing of web applications | Web apps | DAST | OpenText Fortify (WebInspect) | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 67 | Application Security | MAST | Mobile application security testing | Mobile apps | MAST | OpenText Fortify | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 68 | Application Security | SCA | Open-source dependency risk management | Supply chain | SCA | OpenText Fortify | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 69 | Application Security | SBOM | Bill of materials generation/management | Supply chain | SBOM | OpenText Fortify | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 70 | Application Security | CI/CD Security Gates | Policy gates in pipelines; fail builds on risk | Pipelines | DevSecOps | OpenText Fortify + Digital.ai | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 71 | Application Security | Secrets Detection in Code | Detect and prevent secrets in repos/pipelines | Secrets | Secrets Scanning | CyberArk | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ | ✅ |
| 72 | Application Security | WAF | Protect web portals and APIs | Web apps | WAF | Thales (Imperva) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 73 | Application Security | API Runtime Security | API abuse protection (REST/GraphQL) | APIs | API Security | Imperva + Levo | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ✅ |
| 74 | Application Security | Bot Management | Automation abuse, credential stuffing mitigation | Web/API abuse | Bot Protection | Thales (Imperva) | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 75 | Application Security | Vulnerability Disclosure Program | VDP intake, triage, remediation workflows | Exposure | VDP | OpenText Fortify (process) | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 76 | Cloud Security | CSPM | Cloud posture/config drift (optional Wiz if used) | Cloud config | CSPM | Native CSP tools (Wiz optional) | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 77 | Cloud Security | CWPP | Protect cloud workloads | Workloads | CWPP | SentinelOne | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 78 | Cloud Security | CIEM | Cloud entitlements and identity risk | Cloud IAM | CIEM | Native CSP tools | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 79 | Cloud Security | CASB | SaaS visibility & policy | SaaS data | CASB | Netskope | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 80 | Cloud Security | SSPM | SaaS posture checks | SaaS configs | SSPM | Netskope | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 81 | Cloud Security | Cloud DLP | Prevent data leakage in SaaS/cloud | Personal data | DLP | Forcepoint + Netskope | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 82 | Cloud Security | DSPM | Discover/monitor cloud data stores | Cloud data | DSPM | Forcepoint | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 83 | Cloud Security | Container Image Scanning | Scan images for CVEs | Containers | Image Scanning | Tenable | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 84 | Cloud Security | Kubernetes Runtime Security | Runtime protection for clusters | Containers | Runtime Protection | SentinelOne | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 85 | Cloud Security | K8s Secrets Management | Secrets in Kubernetes | Secrets | Secrets Mgmt | CyberArk | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 86 | Cloud Security | Cloud KMS / HSM Governance | Key custody and rotation governance | Keys | KMS/HSM | Thales | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ |
| 87 | Data Security | Data Discovery & Classification | Identify PII and sensitive data | Data | Classification | Forcepoint | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 88 | Data Security | DLP (Network/Cloud/Endpoint) | Prevent data exfiltration across channels | Data | DLP | Forcepoint | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 89 | Data Security | Encryption & Key Management | Encrypt data and manage keys | Data/Keys | Encryption/KMS | Thales | ⬜ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 90 | Data Security | HSM | Hardware-backed key custody | Keys | HSM | Thales / Utimaco / Entrust | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 91 | Data Security | Tokenization | Protect PAN/PII fields | Card data | Tokenization | Thales | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ |
| 92 | Data Security | Digital Rights Management | Control document sharing | Documents | DRM/IRM | Vaultize | ⬜ | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ |
| 93 | Data Security | Database Activity Monitoring | Monitor DB access & queries | Databases | DAM | Imperva SecureSphere | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 94 | Data Security | DB Vulnerability & Hardening | DB VA + config compliance | Databases | DB Security | Imperva SecureSphere | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 95 | Data Security | Data Retention & Disposal Ops | Retention, deletion, proof (DPDP ops) | Data lifecycle | Data Lifecycle | Whitehats + OpenText | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |
| 96 | SOC | SIEM | Central detection, correlation & alerting | Detections | SIEM | Splunk / Google Chronicle / ArcSight | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | ✅ |
| 97 | SOC | UEBA | Insider threat & anomaly detection | Users/entities | UEBA | Gurucul / Innspark | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 98 | SOC | SOAR | Automation & orchestration | Response | SOAR | Chronicle SOAR / Splunk SOAR / OpenText SOAR / Innspark | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 99 | SOC | Threat Intelligence Platform | Intel ingestion and enrichment | Context | TIP | Innspark + feeds | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 100 | SOC | External Attack Surface Mgmt | Discover and reduce internet exposure | External exposure | EASM | CloudSEK | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 101 | SOC | Dark Web Monitoring | Credential/leak monitoring | External exposure | Digital Risk | CloudSEK | ⬜ | ✅ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | ✅ |
| 102 | SOC | BAS | Breach attack simulation and validation | Assurance | BAS | Keysight / Fourcore | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 103 | SOC | Deception | Decoys/honeypots | Lateral movement | Deception | Threacle | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 104 | SOC | Forensics Tooling | Evidence acquisition and analysis | Evidence | DFIR | OpenText EnCase + KapurGaurai | ⬜ | ✅ | ✅ | ✅ | ⬜ | ✅ | ⬜ | ✅ |
| 105 | AI Security | Prompt Injection Protection | Block prompt attacks and jailbreaks | LLM layer | AI Security | Lakera | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 106 | AI Security | Prompt/Response Security | Guardrails for prompts & outputs | LLM layer | AI Security | Prompt Security (SentinelOne) | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ |
| 107 | AI Security | AI Data Leakage Control | Prevent PII leakage via GenAI | Personal data | AI DLP | Forcepoint + Prompt Security | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ |