COMPLIANCE & FRAMEWORK MAPPING
// Framework Crosswalk

The mapping your auditor
will ask for first.

Shield helps government and critical infrastructure organizations block malicious network traffic at scale. The Global Threat Engine has been refining threat intelligence since 2001 with 8.5 billion IP and DNS combinations.

At a Glance

What it doesBlocks malicious network traffic in government and critical infrastructure environments.
Who it's forFederal, SLED, and critical infrastructure security teams.
How it deploysFive Shield products with deployment patterns suited to government environments.
What you getNetwork-layer prevention with evidence appropriate to government reporting requirements.

Shield supports the network monitoring, access control, and audit logging requirements across the major frameworks public sector and regulated buyers operate under. The crosswalk below is what you can show your auditor, your procurement team, and your insurance carrier.

// Read This First

What Shield is, and
what it is not.

We frame this carefully because procurement and audit teams ask precise questions and we give them precise answers.

What Shield Supports

Network monitoring and access control evidence

Shield blocks known-bad traffic at the network edge and produces event logs of every blocked connection. Those logs evidence the network monitoring and boundary protection controls that most frameworks require. Shield is a control. It supports compliance with frameworks. It is not a compliance certification itself.

Our Stance

HIPAA and PCI-DSS

Shield does not process, store, or transmit protected health information or cardholder data, so the data-handling provisions of HIPAA and PCI-DSS do not apply to Shield. That is our stance, and it is intentional: the data Shield uses is network telemetry and reputation lookups, not regulated personal data. Shield supports the technical controls HIPAA and PCI-DSS require of the systems that do handle that data.

What INTRUSION Is Compliant With

GDPR

INTRUSION as a company complies with GDPR for the business contact information processed through its websites and marketing operations. Shield itself does not process regulated personal data, so the data-handling provisions of GDPR do not apply directly to the product. The technical controls Shield provides support the network-layer obligations GDPR places on data controllers and processors. Records of processing, data minimization practices, and data subject rights handling are documented at the company level and described in the INTRUSION Privacy Policy.

// Framework Mapping

Where Shield fits
in each framework.

For each framework below, we identify the specific controls or sections Shield supports. Your auditor or compliance lead can use this as a starting point for the formal crosswalk.

NIST CSF
NIST Cybersecurity Framework. Shield maps primarily to the Protect (PR) and Detect (DE) functions. Specifically PR.AC (Identity Management and Access Control), PR.PT (Protective Technology), and DE.CM (Continuous Monitoring) categories. Shield event logs evidence ongoing monitoring of network communications.
NIST 800-171
Required for organizations handling Controlled Unclassified Information. Shield supports controls in the Access Control (3.1), Audit and Accountability (3.3), and System and Communications Protection (3.13) families. Specifically 3.1.20, 3.1.21, 3.3.1, 3.3.2, 3.13.1, 3.13.5, 3.13.6.
NIST 800-53
The full federal control catalog. Shield supports controls across the AC (Access Control), AU (Audit and Accountability), CA (Assessment, Authorization, and Monitoring), and SC (System and Communications Protection) families. Specifically AC-4, AC-17, AU-2, AU-12, CA-7, SC-7, SC-7(3), SC-7(5).
NIST 800-82
Guidance for Industrial Control Systems. Shield supports the network monitoring, boundary protection, and asset visibility recommendations in 800-82 without requiring endpoint instrumentation on PLCs, RTUs, or other control system devices.
CMMC
Cybersecurity Maturity Model Certification. CMMC inherits its practices from NIST 800-171. Shield supports the same set of practices noted above. Note that Shield is a security control, not a CMMC certification or assessment service.
HIPAA Security Rule
Shield supports the Technical Safeguards in 45 CFR 164.312, specifically 164.312(a) Access Control, 164.312(b) Audit Controls, 164.312(c) Integrity, and 164.312(e) Transmission Security. Shield does not process protected health information. Because of the data Shield uses, the data-handling provisions of HIPAA do not apply directly to Shield.
HITRUST CSF
Shield supports HITRUST controls related to network protection (10.h, 10.i), monitoring of network communications (10.l), and boundary protection. The Shield event log is referenced as evidence in HITRUST audit conversations.
HHS 405(d)
Health Industry Cybersecurity Practices. Shield aligns with the network management, endpoint protection, and data protection practices recommended in the 405(d) framework, particularly for medium and large healthcare practices.
CIS Controls v8
Shield supports CIS Controls 12 (Network Infrastructure Management), 13 (Network Monitoring and Defense), 8 (Audit Log Management), and 10 (Malware Defenses). Shield is most directly relevant to Control 13.
IEC 62443
The international standard for industrial automation and control system security. Shield enforces traffic policy at conduits between zones, blocking known-bad destinations on cross-zone traffic without requiring changes to control system devices.
CISA Shields Up
Shield supports the CISA Shields Up guidance for critical infrastructure operators by blocking known-bad inbound and outbound traffic and producing event logs that evidence active monitoring.
EPA and CISA Water Sector Cybersecurity Guidance
Shield supports the network monitoring and access control practices identified in the joint EPA and CISA Water and Wastewater Cybersecurity guidance, including the Top Cyber Actions for Water Systems.
AWIA §2013 Risk and Resilience Assessment
America's Water Infrastructure Act §2013 requires community water systems serving 3,300 or more people to conduct Risk and Resilience Assessments and maintain Emergency Response Plans, recertified on a five-year cadence. Shield event logs provide network monitoring evidence for the cybersecurity portion of the RRA and ERP.
TSA Pipeline Security Directives
Shield supports the network monitoring, segmentation enforcement, and incident detection requirements in TSA Pipeline Security Directive SD02 series for pipeline operators.
Cyber Insurance
Most cyber insurance underwriters now ask whether the applicant has continuous network monitoring and blocking of known-bad traffic. Shield event logs provide direct evidence for both questions.
// Audit Artifacts

What Shield gives your auditor
when they ask.

Audit conversations go faster when the evidence is already in a format the auditor expects. Shield produces these artifacts natively, no manual report generation required.

Artifact 01

Event log of blocked connections

Every blocked connection is logged with timestamp, source, destination, protocol, and reason for the block. Exportable to CSV and Excel from Shield Command Hub. The auditor sees what was blocked and when.

Artifact 02

Shield OnPremise Syslog feed for SIEM

Shield OnPremise produces a Syslog feed your SIEM can ingest. Your existing audit workflows continue to operate against your SIEM. Shield events become part of your unified audit record.

Artifact 03

Configuration documentation

Deployment topology, blocking policy, and operational mode are documented during deployment. The documentation is what your auditor and procurement team can attach to the formal control evidence.

Note on retention: Shield maintains 72 hours of full evidence retention for blocked events at the platform level. For longer retention, customers forward Syslog from Shield OnPremise to the customer's SIEM or log management system.

// Important Boundaries

Things Shield is not.

We name these explicitly because procurement teams sometimes assume capabilities that Shield does not have, and we would rather be clear up front.

Not a certification

FedRAMP / GSA Schedule / SOC 2 / ISO 27001

Shield is a security control, not a federal accreditation or compliance certification. Do not assume Shield is FedRAMP authorized, on a GSA Schedule, SOC 2 audited, or ISO 27001 certified. Those are separate processes that may or may not apply depending on deployment.

Not a regulated-data handler

PHI, cardholder data, personal data

Shield does not process, store, or transmit regulated personal data, protected health information, or cardholder data. Because of the data Shield uses, the data-handling provisions of GDPR, HIPAA, and PCI-DSS do not apply directly to Shield itself. Shield supports the technical controls those regulations require of the systems that do handle the data. Separately, INTRUSION as a company processes business contact information submitted through its websites and marketing forms; that processing is governed by the INTRUSION Privacy Policy.

Not a SIEM or SOAR

Log aggregation, case management, automated response

Shield is a network enforcement platform. It produces an event log and a Syslog feed. It does not aggregate logs from other tools, run a case management workflow, or orchestrate response across other security tools. Shield feeds into those tools, it does not replace them.

Not an EDR

Endpoint detection and response

Shield protects at the network. Shield Endpoint provides reputation-based filtering on Windows and Android, with ZTNA on Android, but it is not an EDR product. Shield is complementary to an EDR, not a replacement for it.

FOR AUDITORS

Need the long version
for your audit team?

We can produce a formal crosswalk document mapped to the specific framework version your auditor uses, with the relevant Shield event log fields and Syslog format documented. Ask during your POV scoping conversation.

RECOMMENDED NEXT STEP

Ready to see what Shield finds in your environment?

Request a POV Book a Meeting Talk to an Engineer