Compliance Frameworks
Pre-built policy templates for GDPR, HIPAA, SOC2, and PCI-DSS. Automated validation ensures your agents are always compliant.
Supported Frameworks
GDPR
EU data protection and privacy
HIPAA
Healthcare data security
SOC2
Security & availability controls
PCI-DSS
Payment card data security
Checking Compliance
Use the @agentos compliance command to validate your agent:
1 View Available Frameworks
Shows all available compliance frameworks and their requirements.
2 Validate Against a Framework
AgentOS: 🛡️ GDPR Compliance Check
Framework: General Data Protection Regulation (EU)
Version: 2.0
Compliance Score: 92% ✅
Requirements Checked:
✅ Data minimization - Only collect necessary data
✅ Purpose limitation - Data used for stated purpose
✅ Storage limitation - Retention policy defined
⚠️ Consent logging - Consider adding explicit consent audit trail
✅ Access controls - Role-based access implemented
✅ Encryption - Data encrypted at rest and in transit
Recommendations:
1. Add consent logging for user data collection
2. Consider implementing data portability (Art. 20)🇪🇺 GDPR Framework
The General Data Protection Regulation covers EU citizen data protection.
Key Requirements
- Data Minimization: Collect only necessary personal data
- Purpose Limitation: Use data only for stated purposes
- Storage Limitation: Define data retention periods
- Consent Management: Record and manage user consent
- Right to Erasure: Support data deletion requests
- Data Portability: Enable data export
# Auto-generated GDPR policy rules
policies:
- name: "gdpr-data-minimization"
rule: "Only collect fields explicitly required"
enforcement: strict
- name: "gdpr-purpose-limitation"
rule: "Validate data usage matches consent"
enforcement: strict
- name: "gdpr-retention"
rule: "Delete personal data after 90 days"
enforcement: audit
retention_days: 90
- name: "gdpr-encryption"
rule: "Encrypt all PII at rest and in transit"
enforcement: strict🏥 HIPAA Framework
Health Insurance Portability and Accountability Act for healthcare data.
Key Requirements
- PHI Protection: Secure Protected Health Information
- Access Controls: Role-based access with audit logs
- Encryption: AES-256 for data at rest, TLS 1.3 in transit
- Audit Logging: Log all PHI access events
- Minimum Necessary: Access only required PHI
- BAA Compliance: Business Associate Agreement requirements
🔐 SOC2 Framework
Service Organization Control 2 for security, availability, and confidentiality.
Trust Service Criteria
| Criterion | Description | Status |
|---|---|---|
| Security | Protection against unauthorized access | ✅ Enforced |
| Availability | System uptime and reliability | ✅ Enforced |
| Processing Integrity | Accurate and complete processing | ✅ Enforced |
| Confidentiality | Protection of confidential information | ✅ Enforced |
| Privacy | Personal information handling | ✅ Enforced |
💳 PCI-DSS Framework
Payment Card Industry Data Security Standard for handling card data.
Key Requirements
- No Storage of Sensitive Auth Data: Never store CVV, PIN, or track data
- PAN Masking: Display only last 4 digits of card numbers
- Encryption: Strong cryptography for card data transmission
- Key Management: Secure cryptographic key procedures
- Network Security: Firewall and segmentation requirements
PII Detection
AgentOS automatically scans your code for Personally Identifiable Information patterns:
AgentOS: 🔍 PII Detection Results
Patterns Detected:
📧 Email addresses: 3 instances (lines 45, 78, 112)
📱 Phone numbers: 1 instance (line 89)
💳 Credit card patterns: 0 instances ✅
🔢 SSN patterns: 0 instances ✅
Recommendations:
1. Line 45: Hash email before storing
2. Line 78: Add encryption for email transmission
3. Line 89: Mask phone number in logs@agentos security to run a full security audit including PII detection, secret scanning, and vulnerability checks.
Compliance Scores
Understanding your compliance score:
Agents with scores below 70% will be blocked from deployment. Use the recommendations to improve your score.