TATER evaluates 5,000+ controls across 19 compliance frameworks using automated scanning and threshold-based analysis. One scan satisfies multiple standards simultaneously—so you collect evidence once and map it everywhere.
From technical CIS Benchmarks to regulatory crosswalks like NIST and ISO, TATER evaluates each control with real configuration data—not questionnaires.
The gold standard for federal information security. TATER maps M365 and endpoint configurations to 20 control families—from Access Control (AC) through System and Information Integrity (SI)—giving you a continuous compliance posture instead of point-in-time snapshots.
Complete Annex A coverage across all four themes: Organizational, People, Physical, and Technological. TATER links technical scan results to each ISO control and generates audit-ready narratives that describe your actual implementation posture.
Maps technical controls to Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria. Cross-references automated scan evidence so your SOC 2 Type II audit starts with machine-verified data rather than manual screenshots.
Payment Card Industry requirements mapped to your M365 tenant and endpoint configurations. TATER evaluates network segmentation controls, encryption posture, access restrictions, and logging requirements against PCI-DSS 4.0 sections.
Safeguards for electronic protected health information (ePHI) mapped to your actual tenant configuration. Covers access controls, audit controls, transmission security, and authentication requirements from 45 CFR 164.312.
Secure Cloud Business Applications baselines as mandated by BOD 25-01 for federal agencies. TATER evaluates every SCuBA baseline for Entra ID, Exchange Online, Defender, SharePoint, and Teams with automated PowerShell scripts that match CISA's exact evaluation criteria.
Defense Information Systems Agency Security Technical Implementation Guides for DoD-compliant configurations. TATER maps DISA STIG requirements for Microsoft 365, Windows endpoints, and Entra ID to automated checks with CAT I/II/III severity categorization.
The most comprehensive automated benchmark for M365. TATER evaluates every CIS recommendation across Entra ID, Exchange, SharePoint, Teams, Defender, Purview, Power BI, and Power Platform using PowerShell scripts and the Microsoft Graph API.
Endpoint hardening for Windows 11 evaluated locally via the TATER Agent. Checks security policies, registry settings, audit policies, firewall rules, and service configurations against the full CIS L1 and L2 benchmark.
Server hardening benchmarks for Windows Server 2019, 2022, and 2025. Each version gets version-specific checks covering security options, user rights, audit subcategories, and Windows Firewall with Advanced Security profiles.
Device configuration compliance for Intune-managed endpoints. Evaluates Settings Catalog policies, device configuration profiles, and compliance policies against CIS Intune benchmarks for both Windows 11 and Microsoft 365 Apps.
Browser hardening for Google Chrome evaluated via Group Policy and registry settings. Covers security, privacy, content, extensions, and network policies to ensure browsers do not become attack vectors.
Comprehensive Edge browser benchmark including SmartScreen, InPrivate mode, password manager, telemetry, and extension controls. Evaluated locally by the TATER Agent alongside other endpoint benchmarks in a single scan pass.
Covers Gmail, Google Drive, Calendar, Groups, Sites, and Marketplace security settings. Evaluates sharing policies, authentication requirements, DLP rules, and app access controls for Google Workspace tenants.
The Cybersecurity Framework 2.0 adds Govern alongside Identify, Protect, Detect, Respond, and Recover. TATER cross-maps your existing technical controls to CSF functions and categories, providing a risk-based maturity view without duplicate evaluation.
Prioritized set of safeguards organized into Implementation Groups (IG1, IG2, IG3). TATER maps your technical scan results to CIS Controls and shows which Implementation Group level your organization currently achieves across all 18 control areas.
Create organization-specific or industry-specific frameworks with the visual framework builder. Define custom domains, map controls with threshold logic, import/export JSON for MSP distribution, and cross-reference your custom framework to any standard framework.
TATER does not rely on self-assessment questionnaires. Every control is evaluated against live configuration data collected from your tenant and endpoints.
PowerShell scripts query the Microsoft Graph API, Exchange Online, Defender, Intune, and local endpoints. The TATER Agent runs CIS benchmarks on Windows, Linux, and macOS machines.
The V2 threshold engine analyzes each data point using typed evaluators: boolean, compare, includes, excludes, count, regex, and composite (AND/OR) rules. No ambiguity—every control has a deterministic pass/fail outcome.
Each evaluated control is cross-mapped to every framework it satisfies. One MFA control maps to NIST AC-7, ISO A.8.5, SOC CC6.1, PCI 8.3, and HIPAA 164.312(d) simultaneously. Evidence collected once serves all frameworks.
Gap analysis breaks each framework into sections with per-section compliance percentages. AI-generated narratives, exportable reports, and trust center dashboards present results to auditors, executives, and clients.
Many compliance frameworks share overlapping requirements. Enabling MFA satisfies controls in NIST AC-7, ISO 27001 A.8.5, SOC 2 CC6.1, PCI-DSS 8.3, and HIPAA 164.312(d). TATER identifies these overlaps and maps them automatically, reducing audit preparation from weeks to hours.
TATER breaks each framework into its constituent sections and shows which controls map to each one, along with the current compliance percentage. Drill down from framework to section to individual control status in seconds.
Every compliance zone below has dedicated evaluation scripts. Control counts reflect the actual number of automated checks in the TATER catalog.
Control counts reflect the current TATER catalog. New controls are added with each CIS Benchmark and SCuBA baseline release. Custom controls can be defined with the V2 threshold engine for any data source.
For each standard section, TATER analyzes your linked controls, their current pass/fail status, overrides, and exceptions—then generates a narrative tailored to your actual posture. Not generic boilerplate. Your specific implementation, described accurately.