Frameworks

One agent, every framework.

Frameworks are data, not code — each one is a set of controls Tess tests against your evidence. ITGC and Cloud Security are live today; more are on the way.

ITGC

Available

IT General Controls · SOX

The IT general controls that underpin a SOX audit: access management, change management, IT operations & resilience, incident & security monitoring, data protection, and third-party management.

6 domains · 81 controls · 258 tests

Browse controls →

Cloud Security

Available

AWS · Azure · OCI

IAM, logging, networking, data protection, and key management across AWS, Azure, and OCI — each control paired with a read-only command you can run yourself.

3 domains · 78 controls · 78 tests

Amazon Web Services Microsoft Azure Oracle Cloud
Browse controls →

SOC 2

Coming soon

Trust Services Criteria

Security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

Coming soon

Annex A controls

Information-security management system controls and the evidence behind them.

PCI DSS

Coming soon

Cardholder data

The payment-card security requirements for handling cardholder data.

NIST CSF

Coming soon

Govern · Identify · Protect

The cybersecurity framework core functions.