This section provides formal crosswalk mappings between HATS (H33 Attestation and Trustworthiness Standard) capabilities and established regulatory and compliance frameworks. Each crosswalk identifies specific framework controls, maps them to HATS capabilities, specifies the evidence type produced, and describes the verification method.
These crosswalks are technical mappings. They identify where HATS-generated cryptographic governance attestation receipts can serve as evidence artifacts for framework controls. They do not constitute legal advice, certification claims, or compliance guarantees.
Each crosswalk follows a consistent four-column mapping structure:
Mapping across all six NIST CSF functions: Govern, Identify, Protect, Detect, Respond, Recover. Per-category control mappings with evidence types.
6 functions 22 categoriesMapping to SOC 2 Trust Service Criteria CC1 through CC9. Addresses Security, Availability, Processing Integrity, Confidentiality, and Privacy.
9 criteria Type IIMapping to EU AI Act articles for high-risk AI systems. Covers transparency, human oversight, record-keeping, and post-market monitoring.
High-risk AI Articles 9-72Mapping to HIPAA Security Rule technical safeguards (45 CFR 164.312). Covers access controls, audit controls, integrity controls, and transmission security.
Security Rule 45 CFR 164Mapping to PCI DSS 4.0 requirements for cardholder data protection. Covers cryptography, access control, monitoring, and testing requirements.
12 requirements v4.0Mapping to EU Digital Operational Resilience Act articles. Covers ICT risk management, incident reporting, resilience testing, and third-party risk.
EU regulation Financial sector