TATER evaluates 4,000+ controls across 19 compliance frameworks using automated scanning and threshold-based analysis. One scan satisfies multiple standards simultaneously-so you collect evidence once and map it everywhere.
From technical CIS Benchmarks to regulatory crosswalks like NIST and ISO, TATER evaluates each control with real configuration data-not questionnaires.
The gold standard for federal information security. TATER maps M365 and endpoint configurations to 20 control families-from Access Control (AC) through System and Information Integrity (SI)-giving you a continuous compliance posture instead of point-in-time snapshots.
Complete Annex A coverage across all four themes: Organizational, People, Physical, and Technological. TATER links technical scan results to each ISO control and generates audit-ready narratives that describe your actual implementation posture.
Maps technical controls to Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria. Cross-references automated scan evidence so your SOC 2 Type II audit starts with machine-verified data rather than manual screenshots.
Payment Card Industry requirements mapped to your M365 tenant and endpoint configurations. TATER evaluates network segmentation controls, encryption posture, access restrictions, and logging requirements against PCI-DSS 4.0 sections.
Safeguards for electronic protected health information (ePHI) mapped to your actual tenant configuration. Covers access controls, audit controls, transmission security, and authentication requirements from 45 CFR 164.312.
Secure Cloud Business Applications baselines as mandated by BOD 25-01 for federal agencies. TATER evaluates every SCuBA baseline for Entra ID, Exchange Online, Defender, SharePoint, and Teams with automated PowerShell scripts that match CISA's exact evaluation criteria.
Defense Information Systems Agency Security Technical Implementation Guides for DoD-compliant configurations. TATER maps DISA STIG requirements for Microsoft 365, Windows endpoints, and Entra ID to automated checks with CAT I/II/III severity categorization.
The most comprehensive automated benchmark for M365. TATER evaluates every CIS recommendation across Entra ID, Exchange, SharePoint, Teams, Defender, Purview, Power BI, and Power Platform using PowerShell scripts and the Microsoft Graph API.
Endpoint hardening for Windows 11 evaluated locally via the TATER Agent. Checks security policies, registry settings, audit policies, firewall rules, and service configurations against the full CIS L1 and L2 benchmark.
Server hardening benchmarks for Windows Server 2019, 2022, and 2025. Each version gets version-specific checks covering security options, user rights, audit subcategories, and Windows Firewall with Advanced Security profiles.
Device configuration compliance for Intune-managed endpoints. Evaluates Settings Catalog policies, device configuration profiles, and compliance policies against CIS Intune benchmarks for both Windows 11 and Microsoft 365 Apps.
Browser hardening for Google Chrome evaluated via Group Policy and registry settings. Covers security, privacy, content, extensions, and network policies to ensure browsers do not become attack vectors.
Comprehensive Edge browser benchmark including SmartScreen, InPrivate mode, password manager, telemetry, and extension controls. Evaluated locally by the TATER Agent alongside other endpoint benchmarks in a single scan pass.
Covers Gmail, Google Drive, Calendar, Groups, Sites, and Marketplace security settings. Evaluates sharing policies, authentication requirements, DLP rules, and app access controls for Google Workspace tenants.
The Cybersecurity Framework 2.0 adds Govern alongside Identify, Protect, Detect, Respond, and Recover. TATER cross-maps your existing technical controls to CSF functions and categories, providing a risk-based maturity view without duplicate evaluation.
Prioritized set of safeguards organized into Implementation Groups (IG1, IG2, IG3). TATER maps your technical scan results to CIS Controls and shows which Implementation Group level your organization currently achieves across all 18 control areas.
Create organization-specific or industry-specific frameworks with the visual framework builder. Define custom domains, map controls with threshold logic, import/export JSON for MSP distribution, and cross-reference your custom framework to any standard framework.
TATER Ops ships three ITIL 4-aligned process profiles out of the box: Incident Management (8-state lifecycle, impact/urgency/severity, business service, configuration items, per-priority SLAs), Service Request (Approval Pending + Fulfilled states, customer-visible by default), and Problem Management (root-cause analysis + Known Error states). Field-visibility templating means your team only sees the columns the chosen process requires.
The Computer Security Incident Handling Guide lifecycle (Detected → Triage → Contained → Eradicating → Recovering → Resolved → Post-Incident Review → Closed) ships as a pre-seeded process profile with a False Positive branch and aggressive Critical SLAs (15-minute response). Use it standalone for security incident response or alongside the ITIL Incident profile for split ITSM/SecOps workflows.
Govern the AI tools, models, and agents your organization uses. The AI Governance pack ships an AI System Inventory (classified by EU AI Act risk tier — prohibited / high-risk / GPAI / limited / minimal) and a 22-control checklist crosswalked across ISO/IEC 42001 (clauses 4–10 + Annex A), the NIST AI RMF (Govern / Map / Measure / Manage), and the EU AI Act (risk management, data governance, transparency, human oversight, logging). AI systems link to your vendor register for third-party AI supply-chain risk, and posture rolls up into TATER Insights — answering "what AI do we use, how is each classified, and are our AI controls in place?" as the EU AI Act comes into force.
SOC 2 readiness without re-scanning. TATER crosswalks the Trust Services Criteria — the mandatory Common Criteria (CC1–CC9) plus the optional Availability, Confidentiality, Processing Integrity, and Privacy categories — to the M365 control checks it already evaluates (MFA, conditional access, privileged-access management, logging, DLP, device compliance, and more). A computed readiness view shows coverage per category and per criterion, citing the exact controls that evidence each one and flagging the criteria that remain auditor-attested. Surfaced in TATER Insights and queryable from the MCP server for live SOC 2 gap analysis.
A practitioner-grade view of where TATER does the work for you and where Manual Review is required. "Predict the Unknown" surfaces a confidence-rated guess for unscanned manual controls so the count below isn't the whole picture.
Counts are baseline approximations from the May 2026 catalog. Manual Review controls represent legitimate human-in-the-loop checks (paper policies, vendor attestations, training records) that no platform can fully automate. Predict the Unknown surfaces a TATER-generated confidence-rated guess for unscanned controls so coverage gaps are explicit instead of invisible.
TATER does not rely on self-assessment questionnaires. Every control is evaluated against live configuration data collected from your tenant and endpoints.
PowerShell scripts query the Microsoft Graph API, Exchange Online, Defender, Intune, and local endpoints. The TATER Agent runs CIS benchmarks on Windows, Linux, and macOS machines.
The V2 threshold engine analyzes each data point using typed evaluators: boolean, compare, includes, excludes, count, regex, and composite (AND/OR) rules. No ambiguity-every control has a deterministic pass/fail outcome.
Each evaluated control is cross-mapped to every framework it satisfies. One MFA control maps to NIST AC-7, ISO A.8.5, SOC CC6.1, PCI 8.3, and HIPAA 164.312(d) simultaneously. Evidence collected once serves all frameworks.
Gap analysis breaks each framework into sections with per-section compliance percentages. AI-generated narratives, exportable reports, and trust center dashboards present results to auditors, executives, and clients.
Many compliance frameworks share overlapping requirements. Enabling MFA satisfies controls in NIST AC-7, ISO 27001 A.8.5, SOC 2 CC6.1, PCI-DSS 8.3, and HIPAA 164.312(d). TATER identifies these overlaps and maps them automatically, reducing audit preparation from weeks to hours.
TATER breaks each framework into its constituent sections and shows which controls map to each one, along with the current compliance percentage. Drill down from framework to section to individual control status in seconds.
Every compliance zone below has dedicated evaluation scripts. Control counts reflect the actual number of automated checks in the TATER catalog.
Control counts reflect the current TATER catalog. New controls are added with each CIS Benchmark and SCuBA baseline release. Custom controls can be defined with the V2 threshold engine for any data source.
For each standard section, TATER analyzes your linked controls, their current pass/fail status, overrides, and exceptions-then generates a narrative tailored to your actual posture. Not generic boilerplate. Your specific implementation, described accurately.