Compliance

5. Compliance

The compliance-tool differentiator section. What catalogs Evidentia ships, what conformance Evidentia itself claims, how to browse + use the framework crosswalks, and how to contribute a catalog.

Pages in this section

• Catalog inventory — 92 framework catalogs by region/standard family + version pin + last-update date + maintainer.

• Framework conformance — standards Evidentia ITSELF conforms to (OSPS Baseline, NIST 800-53 self-assessment, OpenSSF Best Practices Silver, etc.).

• Crosswalk index — browse + filter all 13 crosswalks.

• OSPS Baseline mapping — OSPS Baseline v2026.02.19 walkthrough + Evidentia's conformance status per assessment-requirement + the 5 OSPS crosswalks + the 16 GitHub OSPS collector helpers.

• OCSF mapping — NORMATIVE SecurityFinding ↔ OCSF field map (v0.10.0 + v0.10.5 ingestion + detection).

• Gemara mapping — NORMATIVE Evidentia ↔ OpenSSF Gemara taxonomy alignment (Catalogs / Logs / Documents / Entities / Collections).

• Financial-sector overlay — composition pattern for federally-supervised banks, broker-dealers, insurers, credit unions (OCC + FRB + FDIC + NCUA + FFIEC + state insurance + SR 11-7 / SR 26-02 + OCC Bulletin 2026-13a).

• Contributing a catalog — 3-file PR recipe + YAML-vs-JSON comparison + required schema + tier conventions.

How to use this section

This section is the answer to "does Evidentia cover [framework X]?" + "how do I use Evidentia's mapping outputs in [audit / compliance / SIEM workflow]?" The OSPS Baseline mapping page is the showcase of the v0.10.6 first-mover work.

Stub status: as of v0.10.7, osps-baseline-mapping.md is the only fully-detailed compliance page; others are stubs that consolidate existing docs/<file>.md content as the wiki migration progresses.