CC6.1
AICPA TSP-100 / Logical access
Logical access — MFA enforcement and group-membership snapshots
no evidence yetCC6.3
AICPA TSP-100 / Authorization
Authorization — group-membership for least-privilege review
no evidence yetCC6.6
AICPA TSP-100 / Protection of transmissions
Branch protection rules on production repositories
no evidence yetCC6.7
AICPA TSP-100 / Transmission
CloudTrail multi-region, restricted-key inventory
no evidence yetCC6.8
AICPA TSP-100 / Encryption
KMS key rotation policy
no evidence yetCC7.2
AICPA TSP-100 / System monitoring
Signed-commit enforcement policy
no evidence yetCC7.4
AICPA TSP-100 / Incident response
Webhook-secret rotation log
no evidence yet
firmguardio
90-second sweep · 5 OAuth anchors
Start a 90-second SOC 2 evidence sweep
One click triggers parallel OAuth fetches against GitHub, AWS, Okta, Google Workspace, and Stripe. Each captured leaf is SHA-256 hashed into your per-tenant Merkle tree. Your auditor verifies inclusion proofs in WebCrypto, on her own laptop, without the firm’s server being online.
- Leaves collected
- 0
- Total sweep time
- —
- Merkle root
- e3b0c442…b855
- Algorithm
- sha256-merkle
Hit “Start 90-second sweep” or open this page with ?run=collect to populate the binders with evidence leaves.
The audit binder — three frameworks, one crosswalk