The easiest way to get your apps complaint
Jit supports a wide variety of industry and government regulations that have application and/or cloud security-related requirements, including straightforward integrations and reporting to demonstrate progress quickly.
Jit simplifies compliance for a wide variety of regulations and standards
Framework
Control Number/Name
Description
Technical Controls Needed
NIST SP 800-53
SA-8
Security Engineering Principles
CI/CD Secure Config, IAC Scanning
SA-11
Developer Security Testing & Evaluation
SAST, DAST, Secrets Detection
SA-15
Development Process, Standards & Tools
SCA, Open Source License Check, SBOM
SOC 2
CC6.1
Logical and Physical Access Controls
CI/CD Secure Config
CC7.1
System Operations
Cloud Security CSPM
CC8.1
Change Management
IAC Scanning, CI/CD Secure Config
ISO/IEC 27001
A.14.2.1
Secure Development Policy
SAST, SCA, Open Source License Check
A.14.2.5
Secure System Engineering Principles
CI/CD Secure Config, IAC Scanning
A.14.2.9
System Acceptance Testing
DAST, Secrets Detection
HIPAA
164.312(c)(1)
Integrity
SAST, DAST
164.312(c)(1)
Transmission Security
Cloud Security CSPM
PCI DSS
Requirement 6
Develop and maintain secure systems and applications
SAST, SCA, DAST
6.3
Develop software applications securely
Open Source License Check, SBOM
FedRAMP
SA-8, SA-11, SA15 (via NIST SP 800-53)
Security Engineering Principles, Developer Security Testing, Development Process
SAST, DAST, SCA, Open Source License Check, SBOM, CI/CD Secure Config
NYS DFS 23 NYCRR 500
Section 500.03
Cybersecurity Policy
Cloud Security CSPM, CI/CD Secure Config
Section 500.08
Application Security
SAST, DAST, Secrets Detection
EU Cybersecurity Act
N/A
Emphasizes secure development practices as part of certification schemes
SCA, Open Source License Check, SBOM
Cyber Resilience
N/A
Incorporates secure development into broader resilience strategies
Cloud Security CSPM, CI/CD Secure Config
DORA
N/A
Focuses on ICT risk management, including secure development practices
SAST, SCA, Cloud Security CSPM
CIS Controls
Control 16
Application Software Security
SAST, SCA, DAST, Open Source License Check, SBOM, Secrets Detection
16.3
Perform Static Code Analysis
SAST
16.1
Establish and Maintain a Secure Application Development Process
CI/CD Secure Config, IAC Scanning
16.4
Perform Dynamic Application Security Testing
DAST
16.5
Perform Software Composition Analysis
SCA, Open Source License Check, SBOM
Define policies to automatically triage compliance violations to the relevant developer
Define risk thresholds to focus on the compliance violations that matter most
Flag the top risks with granular detection rules based on factors like “In Production”, “Externally accessible”, “Connected to a database”, “Severe criticality”, and more.
Automatically triage top risks to the relevant development teams
Jit maps security issues to the responsible development teams, streamlining triage via Jira, Slack, LinearB, and Monday.com.
Define policies to govern use of Jit
Define policies to limit actions that could prevent compliance, like preventing developers from ignoring compliance violations.
Implement compliance controls that are easy for developers to adopt
Simplified UX for developers
With Jit, developers never leave GitHub, GitLab, or their IDE to identify and resolve security issues before production.
Change-based scanning
Jit provides immediate feedback on the security of every code change, so developers aren’t bombarded with issues.
Auto Remediation
Jit provides suggested code fixes for security issues, so developers can resolve problems quickly without having to be security experts.
Fulfill compliance requirements faster with Security Plans
Jit’s Security Plans provide out-of-the-box scanners and reporting that drives your team toward compliance outcomes.
Don’t see a Plan that aligns to your compliance objective? Reach out to us and we’ll build one for you.
Don’t see a Plan that aligns to your compliance objective? Reach out to us and we’ll build one for you.
OWASP ASVS Plan
Includes the DAST and vulnerability management requirements to fulfill OWASP ASVS.
AWS FTR Plan
Includes IaC scanning, CSPM, secrets detection, and vulnerability management requirements for AWS FTR.
SOC2 Plan
Will include the required x capabilities for SOC 2 compliance.
OWASP Top 10 Plan
Will include the security controls needed to surface the most recent OWASP Top 10 vulnerabilities.
CIS Benchmark Plan
Coming soon! Will include the security controls needed to score well for the CIS Benchmark.
Fulfill compliance requirements faster with Security Plans
Get a high-level view of product security metrics across your organization
Monitor metrics like scanning coverage, resolved vs unresolved security issues, MTTR, developer security engagement, exposure window, and others across your organization.
Monitor security progress and gaps across every development teams
Jit Teams maps services to every development team, so they can monitor and own the security of their services and code repositories.
Export as CSV
Export any data collected by Jit as a CSV to demonstrate compliance.