Behavry — Compliance & Regulatory Mapping
Informational only. This document is provided for reference purposes. It does not constitute legal or compliance advice. Consult your compliance team, legal counsel, and qualified assessors for formal certifications, audits, or regulatory filings.
Overview
Behavry provides technical controls that map to requirements across multiple compliance frameworks, including SOC 2 Type II, ISO/IEC 27001:2022, NIST AI Risk Management Framework (AI RMF), the EU AI Act, GDPR, and HIPAA. The table below summarizes these mappings.
Control Mapping
Audit Logging & Monitoring
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Log all AI system activity | SOC 2 | CC7.2 — System Monitoring | Immutable audit log (TimescaleDB hypertable) captures every tool call, policy decision, DLP finding, and latency measurement |
| Maintain audit trail integrity | SOC 2 | CC7.2 — Log Integrity | SHA-256 hash chain across all audit events; tampering detectable by hash verification |
| Log and monitor user and system activity | ISO 27001 | A.8.15 Logging / A.8.16 Monitoring | Structured JSON logs with agent_id, session_id, tool_name, policy_result, timestamp |
| Monitor AI-specific behaviors | NIST AI RMF | MG-2.2 — Monitor AI System Behavior | Behavioral Monitor tracks per-agent rolling statistics; anomaly score calculated continuously |
| Detect behavioral anomalies | SOC 2 | CC7.3 — Anomaly Detection | Behavioral Monitor detects statistical deviations; raises ALERT events when thresholds exceeded |
| Monitor for security events | ISO 27001 | A.8.16 Monitoring | EventBus publishes all events to real-time dashboard SSE stream and configurable webhooks |
Access Control & Identity
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Authenticate all AI agent requests | SOC 2 | CC6.1 — Logical Access | Every proxy request requires a valid RS256 JWT issued via OAuth 2.1 client credentials flow |
| Enforce least-privilege access | SOC 2 | CC6.1 — Least Privilege | Role-based permissions (e.g., filesystem:read) enforced at the proxy layer before any tool call reaches the target server |
| Verify agent identity | NIST AI RMF | MG-2.1 — AI Actor Authentication | Agent identity bound to client_id + client_secret; session tracked by JWT jti claim |
| Revoke access on termination | SOC 2 | CC6.2 — Revocation | Agent suspension and deprovisioning immediately invalidate issued tokens |
| Rotate credentials | SOC 2 | CC6.1 | Credential rotation endpoint (POST /api/v1/agents/{id}/rotate) replaces client_secret without downtime |
| Separate admin and agent identities | ISO 27001 | A.8.2 Privileged Access Management | Admin JWT (RS256, separate signing flow) and agent JWT are issued via different endpoints and carry different claims |
Policy Enforcement
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Enforce technical controls on AI actions | SOC 2 | CC6.6 — Boundary Protection | OPA policy engine evaluates every tool call before forwarding; deny results in immediate rejection |
| Define and enforce acceptable use policies | NIST AI RMF | GV-1.2 — Policies and Procedures | Rego policies define allow/deny/escalate rules per agent type, tool, resource, and action |
| Maintain policy versioning | SOC 2 | CC8.1 — Change Management | Policy version number incremented on each update; history maintained in DB |
| Test policies before activation | ISO 27001 | A.8.8 Management of Technical Vulnerabilities | Policy evaluate endpoint (POST /api/v1/policies/{id}/evaluate) enables pre-activation testing against sample inputs |
| Prevent unauthorized AI model access | NIST AI RMF | MG-2.2 | OpenAI and Anthropic API proxies gate all programmatic model access behind Behavry JWT + OPA policy check |
Sensitive Data Controls (DLP)
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Protect sensitive data from unauthorized disclosure | SOC 2 | CC6.7 — Data Protection in Transit | DLP scanner inspects all tool inputs and outputs; 12 built-in patterns (SSN, credit card, PII, keys, etc.) |
| Prevent exfiltration of PII and sensitive data | GDPR | Art. 32 — Security of Processing | DLP auto-blocks tool calls rated critical; lower severities raise alerts |
| Protect PHI / ePHI | HIPAA | §164.312(a)(1) — Access Control | DLP patterns include medical record number and HIPAA-relevant identifiers; critical findings are blocked |
| Log DLP findings | SOC 2 | CC7.2 | dlp_findings field in every audit event records all matched patterns with severity |
| Block outbound data to unauthorized endpoints | SOC 2 | CC6.7 | OPA policies can deny web write operations to external domains; demonstrated in threat exfiltration demo |
Human Oversight of AI
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Maintain meaningful human oversight of AI systems | EU AI Act | Art. 14 — Human Oversight | Human-in-the-loop (HITL) escalation queue holds sensitive operations pending human approval |
| Ensure humans can override AI decisions | NIST AI RMF | GO-1.7 — Human Override | Escalation approve/deny endpoints allow human operators to permit or block held requests in real time |
| Log human oversight decisions | SOC 2 | CC7.2 | Escalation resolution (approver identity, timestamp, decision) recorded in audit log |
| Define escalation timeout policies | EU AI Act | Art. 14 | Escalations automatically expire after configurable timeout; timed-out requests are treated as denied |
| Track escalation audit trail | NIST AI RMF | MG-4.2 — Risk Monitoring | Full escalation lifecycle (created → pending → resolved) emits audit events visible in dashboard |
Incident Response
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Detect and alert on security incidents | SOC 2 | CC7.4 — Incident Response | Alert system raises ALERT events for anomalies, DLP violations, and policy breaches |
| Notify stakeholders of high-severity events | SOC 2 | CC7.4 | Webhook delivery module sends signed HTTP POST to Slack, PagerDuty, or custom SIEM endpoints for high/critical alerts |
| Maintain incident audit trail | ISO 27001 | A.5.24 — Information Security Incident Management | All alert events stored with full context (agent_id, session_id, tool_name, details) |
| Classify alert severity | SOC 2 | CC7.4 | Alerts are classified as low, medium, high, or critical; webhooks filter by configurable minimum severity |
| Support threat hunting and forensics | ISO 27001 | A.8.15 | Audit log queryable by agent, action, policy_result, time range; SSE stream for real-time investigation |
Risk Assessment
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Assess and score AI agent risk | NIST AI RMF | MG-2.2 — Risk Assessment | Behavry Risk Framework (BRF) risk scorer evaluates 6 dimensions: access, action, decision_scope, oversight, intent_drift, observability |
| Classify agents by risk tier | NIST AI RMF | GV-6.2 — AI Risk Tiers | Risk tiers (low / medium / high / critical) determine escalation thresholds and policy behavior |
| Recalculate risk on behavioral change | NIST AI RMF | MG-2.2 | Risk score recalculated on demand and after behavioral anomaly alerts |
| Document AI system capabilities and risks | EU AI Act | Art. 11 — Technical Documentation | Agent registry captures agent_type, owner, assigned roles, and current risk tier |
Encryption & Cryptographic Controls
| Control Description | Framework | Clause / Control | Behavry Feature |
|---|
| Use strong cryptography for authentication tokens | SOC 2 | CC6.1 | RS256 (RSA 2048+) JWT signing for all agent and admin tokens |
| Sign outbound webhook payloads | ISO 27001 | A.8.24 — Use of Cryptography | X-Behavry-Signature: sha256=<hmac> on all webhook deliveries; recipients should verify before processing |
| Never log sensitive credentials | SOC 2 | CC6.1 | API proxy (X-OpenAI-Key, X-Anthropic-Key) strips and never logs upstream API keys; client_secret stored as bcrypt hash |
Framework Quick Reference
SOC 2 Type II (Trust Services Criteria)
Behavry primarily addresses the Security trust service category (CC6–CC8) with supporting controls in Availability (CC9) through its reliability design.
| CC Category | Description | Coverage |
|---|
| CC6.1 | Logical and physical access controls | Identity Service, RBAC, JWT |
| CC6.2 | Account provisioning and revocation | Agent lifecycle APIs |
| CC6.6 | Boundary protection | MCP Proxy, OPA policy enforcement |
| CC6.7 | Data protection in transit | DLP scanner, TLS in production |
| CC7.2 | System monitoring and logging | Audit Logger, hash chaining |
| CC7.3 | Anomaly detection | Behavioral Monitor |
| CC7.4 | Incident response | Alerts, webhooks |
| CC8.1 | Change management | Policy versioning |
ISO/IEC 27001:2022
| Control | Description | Coverage |
|---|
| A.5.24 | Information security incident management | Alert system |
| A.8.2 | Privileged access management | Separate admin/agent identity flows |
| A.8.15 | Logging | Structured audit log |
| A.8.16 | Monitoring activities | SSE dashboard, behavioral monitor |
| A.8.24 | Use of cryptography | RS256 JWT, HMAC webhook signing |
NIST AI Risk Management Framework (AI RMF 1.0)
| Function | Sub-category | Coverage |
|---|
| GOVERN | GV-1.2 — Policies | Rego policy management |
| GOVERN | GV-6.2 — Risk Tiers | Behavry Risk Framework risk scoring |
| MAP | MP-2.3 — Impact Assessment | DLP + alert severity classification |
| MEASURE | MG-2.1 — Authentication | Agent identity + JWT |
| MEASURE | MG-2.2 — Monitor Behavior | Behavioral Monitor, anomaly detection |
| MEASURE | MG-4.2 — Risk Monitoring | Escalation audit trail |
| MANAGE | GO-1.7 — Human Override | HITL escalation queue |
EU AI Act (High-Risk AI Systems)
| Article | Requirement | Coverage |
|---|
| Art. 11 | Technical documentation | Agent registry with type, owner, risk tier |
| Art. 14 | Human oversight | HITL escalation with approve/deny/timeout |
| Art. 17 | Quality management system | Policy versioning, audit trail, incident response |
GDPR
| Article | Requirement | Coverage |
|---|
| Art. 5(1)(f) | Integrity and confidentiality | DLP scanner, audit log, access controls |
| Art. 25 | Data protection by design | DLP auto-block on critical findings |
| Art. 32 | Security of processing | Encryption (JWT RS256), DLP, access controls |
HIPAA
| Section | Requirement | Coverage |
|---|
| §164.312(a)(1) | Access control | Identity Service + RBAC |
| §164.312(b) | Audit controls | Immutable audit log |
| §164.312(c)(1) | Integrity | Hash-chained audit events |
| §164.312(e)(2) | Encryption | TLS in production (infra-level) |
Evidence Collection Guide
For auditors and compliance teams: the following Behavry artifacts can serve as evidence for the controls listed above.
| Evidence Artifact | Location / API | Relevant Controls |
|---|
| Audit log export | GET /api/v1/audit/events (filterable by time range) | CC7.2, A.8.15, Art. 32 |
| Agent registry | GET /api/v1/agents | CC6.1, GV-6.2 |
| Policy definitions | GET /api/v1/policies | CC6.6, GV-1.2 |
| Policy history | GET /api/v1/policies/{id} (version field) | CC8.1 |
| Alert log | GET /api/v1/alerts | CC7.3, CC7.4, A.5.24 |
| Escalation log | GET /api/v1/escalations | Art. 14, GO-1.7 |
| Agent risk scores | GET /api/v1/agents/{id}/risk | MG-2.2, GV-6.2 |
| Behavioral baselines | GET /api/v1/agents/{id}/behavior | MG-2.2 |
Last updated: February 2026