SecureEndpoint
Request Demo
Compliance Guides

Meet Regulators
With Evidence, Not Theater.

Step-by-step compliance playbooks mapped to FFIEC, PCI-DSS, SOX, and NIST — with real remediation workflows, not checkbox exercises. Built for the people who have to answer to auditors.

Frameworks

Choose your framework.

FFIEC
Federal Financial Institutions Examination Council
The primary regulatory framework for US banks. Examiners increasingly cite EOL software as a key finding in IT examination reports. This guide maps every Secure Endpoint capability to FFIEC IT Handbook requirements.
  • Patch and Vulnerability Management (FFIEC IT Handbook)
  • Configuration Management and Change Control
  • Third-Party Risk Management
  • Incident Response Communication Requirements
  • Audit Trail and Evidence Documentation
Download FFIEC Guide (PDF) →
PCI-DSS
Payment Card Industry Data Security Standard
PCI DSS v4.0 requirements 6.2 and 6.3 directly address EOL software management. This guide covers what Requirement 6 demands, how to demonstrate compliance, and how to automate the evidence generation.
  • Requirement 6.2 — Bespoke and custom software security
  • Requirement 6.3 — Security vulnerabilities are identified and addressed
  • Requirement 6.3.3 — All system components protected from known vulnerabilities
  • Continuous scanning evidence for QSA review
  • Compensating controls documentation
Download PCI-DSS Guide (PDF) →
NIST
NIST Cybersecurity Framework 2.0
NIST CSF 2.0 introduces expanded guidance on vulnerability management and supply chain risk. This guide shows how Secure Endpoint maps across the Identify, Protect, and Respond functions.
  • ID.AM — Asset Management and Inventory
  • ID.RA — Risk Assessment (EOL as risk factor)
  • PR.IP — Information Protection Processes and Procedures
  • RS.MI — Mitigation of incidents
  • GV.SC — Supply chain risk management
Download NIST CSF Guide (PDF) →
SOX
Sarbanes-Oxley Act — IT General Controls
SOX ITGC audits regularly surface EOL software as a control deficiency. This guide covers how to document EOL remediation as evidence for IT General Control effectiveness.
  • Change Management controls
  • Access Controls (EOL software as access risk)
  • IT Operations — patch management evidence
  • Audit trail completeness for SOX reviewers
  • Management remediation sign-off documentation
Download SOX Guide (PDF) →
OCC
Office of the Comptroller of the Currency
OCC Bulletin 2023-17 on technology and cybersecurity risk management explicitly references EOL software monitoring. This guide walks through OCC examination expectations and how to produce compliant documentation.
  • OCC Bulletin 2023-17 alignment
  • Risk Management Framework documentation
  • Board-level risk reporting requirements
  • Examination response preparation
  • Corrective action tracking
Download OCC Guide (PDF) →
More
Additional Frameworks
ISO 27001, DORA, GLBA, and state-level frameworks are on our roadmap. If you need a specific framework guide, let us know and we'll prioritize it.
  • ISO 27001 — In development
  • DORA (EU) — In development
  • GLBA Safeguards Rule — Planned
  • NY DFS Part 500 — Planned
Request a Framework →
Pre-Audit Checklist

Are you exam-ready?

Run through this checklist before any regulatory examination. Every item maps to a capability in Secure Endpoint, so if you're running the platform, most of this is already handled automatically.

Download Full Checklist (PDF) Talk to a Compliance Expert
Control AreaRequirementAuto-Generated by SEManual Required
Asset InventoryComplete, current inventory of all IT assets including software versions✓ Auto
EOL IdentificationDocumented list of all EOL/EOS software with dates and risk ratings✓ Auto
Vulnerability ScoringCVSS scores for all identified vulnerabilities✓ Auto
Remediation PlanWritten remediation plan with owners, timelines, and milestones✓ TemplateOwner assignment
Ticket EvidenceEvidence that remediation work has been assigned and tracked✓ Auto (ServiceNow)
Closure DocumentationConfirmation that remediation has been completed and verified✓ TemplateSign-off required
Audit TrailImmutable log of all scan results, findings, and remediation actions✓ Auto
Executive ReportingBoard or senior management briefing on EOL risk posture✓ Auto (PDF)
Compensating ControlsDocumentation of interim controls for EOL assets pending remediation✓ TemplateControl description
Communication SecurityEvidence of secure communication channels for sensitive IR activities✓ PHANTOM