Auditor Catalog
Lucid provides 8 official auditors that map to compliance disclosure requirements across 36+ regulatory frameworks worldwide. Each auditor wraps industry-standard open-source libraries while adding cryptographic attestation and hardware-backed trust through TEE execution.
The crosswalk below shows which specific disclosure clauses each auditor addresses. Scroll horizontally to view all frameworks.
| Auditor | Control Area | SOC 2 | SOX | CCPA | HIPAA | PCI-DSS | GLBA | FERPA | FedRAMP | CMMC | CO AI | NIST AI | GDPR | EU AI Act | DORA | NIS2 | ISO 27001 | ISO 42001 | C5 | DPDP | RBI FREE | RBI IT | SEBI | CERT-In | IRDAI | India AI | LGPD | PIPL | APPI | PDPA SG | PDPA TH | CSA STAR | HITRUST | CIS | COBIT | OECD AI | AIUC-1 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Guardrails Auditor
LLM Guard-based prompt injection, jailbreak, and toxicity detection
|
Prompt Injection Defense
Preventing malicious prompt manipulation attacks
|
CC6.6 | — | — | §164.308(a)(5)(ii)(B) | Req 6.5 | — | — | SI-10 | 3.14.2 | — | MEASURE 2.7 | Art.32 | Art.15(5) | Art.9 | Art.21(e) | A.8.26 | 8.4 | C5-08 | — | §5.2 | §8.1 | §6.1 | Dir.4 | §5.2 | §4.1 | Art.46 | Art.21 | Art.23 | §24 | §22 | AIS-01 | 09.a | CIS 16 | DSS05 | P1.2 | SEC-2 |
|
Toxicity & Harmful Content
Detecting and filtering harmful, offensive, or inappropriate outputs
|
PI1.1 | — | — | — | — | — | — | — | — | — | MAP 3.4 | — | Art.5(a) | — | — | — | 9.3 | — | §8(8) | §6.3 | — | — | — | — | §5.1 | — | — | — | — | — | — | — | — | — | P1.4 | SAF-1 | |
|
Eval Auditor
UK AISI Inspect-based pre-deployment safety benchmarks
|
Model Integrity & Safety
Ensuring models are not tampered with or contain malicious code
|
CC8.1 | §404 | — | §164.312(c) | Req 11 | — | — | SI-7 | 3.4.1 | §6-1-1702(2)(b) | GOV 4.1 | Art.5(1)(f) | Art.15 | Art.8 | Art.21(d) | A.8.9 | 8.2 | C5-09 | §8(4) | §5.1 | §8.3 | §6.2 | Dir.5 | §5.3 | §4.2 | Art.46 | Art.51 | Art.23 | §24 | §22 | IAM-12 | 10.a | CIS 2 | BAI10 | P1.5 | SEC-1 |
|
RAG Groundedness
Ensuring RAG responses are grounded in retrieved context
|
— | — | — | — | — | — | — | — | — | — | MAP 2.2 | — | Art.13 | — | — | — | 8.3 | — | — | — | — | — | — | — | §4.3 | — | — | — | — | — | — | — | — | — | P2.2 | ACC-1 | |
|
Adversarial Testing
Red team evaluation for AI system vulnerabilities
|
CC4.2 | — | — | — | — | — | — | — | 3.11.2 | — | MEASURE 2.7 | — | Art.9(5) | Art.26 | — | — | 9.2 | — | — | — | — | — | — | — | — | — | — | — | — | — | — | — | — | — | — | SEC-4 | |
|
Observability Auditor
Langfuse-style LLM observability with TEE-signed traces
|
Audit Logging & Observability
Comprehensive logging and monitoring of AI system activities
|
CC7.2 | §802 | — | §164.312(b) | Req 10 | §501(b) | — | AU-2 | 3.3.1 | — | MEA 1.1 | Art.30 | Art.12 | Art.10 | Art.23 | A.8.15 | 9.1 | C5-15 | §8(9) | §7.1 | §9.1 | §7.1 | Dir.3 | §6.1 | §6.1 | Art.37 | Art.54 | Art.26 | §11 | §39 | LOG-01 | 06.g | CIS 8 | DSS02 | P2.1 | OBS-1 |
|
Fairness Auditor
Bias detection and fairness evaluation for AI systems
|
Bias & Fairness
Detecting and mitigating algorithmic bias in AI decisions
|
— | — | — | — | — | — | — | — | — | §6-1-1702(1) | MEASURE 2.11 | Art.22 | Art.10(2) | — | — | — | 6.4 | — | — | — | — | — | — | — | §5.2 | — | — | — | — | — | — | — | — | — | P1.3 | FAI-1 |
|
PII Compliance Auditor
PII detection, data classification, and access control
|
PII Detection & Protection
Identifying and protecting personal data in inputs/outputs
|
CC6.7 | §302 | §1798.100 | §164.502 | Req 3 | §501(b) | §99.31 | SI-12 | 3.8.3 | — | — | Art.5(1)(c),9(1) | Art.10 | — | Art.21(e) | A.8.11 | 6.3 | C5-06 | §8(5) | §4.1 | §7.3 | §5.2 | Dir.6 | §4.1 | §3.2 | Art.7 | Art.10 | Art.20 | §13 | §19 | DSI-01 | 01.c | CIS 3 | APO01 | P1.1 | DP-1 |
|
Credential & Secret Detection
Detecting and preventing exposure of credentials and secrets
|
CC6.1 | — | — | §164.312(d) | Req 3.4 | — | — | IA-5 | 3.5.10 | — | GOV 2.3 | Art.32(1)(a) | — | Art.9 | Art.21(h) | A.5.17 | — | C5-07 | — | — | §8.4 | §6.3 | Dir.5 | — | — | — | — | — | — | — | IAM-09 | 01.d | CIS 16 | DSS05 | — | SEC-3 | |
|
Policy Enforcement
Runtime enforcement of organizational AI policies
|
CC5.1 | §302(a) | §1798.150 | §164.312(d) | Req 7-8 | §501(b) | §99.31(a) | AC-2,3 | 3.1.1 | — | GOV 2.1 | Art.25,32 | Art.13 | Art.9 | Art.21 | A.5.15 | 6.2 | C5-03 | §8(1) | §3.1 | §5.1 | §4.1 | — | §3.1 | §2.1 | Art.46 | Art.51 | — | — | — | GRM-01 | 00.a | — | APO01 | — | POL-1 | |
|
Sovereignty Auditor
Data sovereignty verification via location attestation
|
Data Sovereignty & Localization
Ensuring data remains within approved geographic jurisdictions
|
— | — | §1798.145 | — | — | — | — | SC-12 | — | — | — | Art.44-49 | — | — | — | — | — | — | §17 | — | — | — | — | — | — | Art.33 | Art.38-40 | Art.28 | §26 | §28 | DSI-03 | — | — | — | — | — |
|
Watermark Auditor
LLM token watermarking for AI provenance
|
AI Provenance & Watermarking
Marking AI-generated content for authenticity and provenance
|
— | — | — | — | — | — | — | — | — | — | GOV 6.1 | — | Art.50 | — | — | — | 7.3 | — | — | — | — | — | — | — | §7.1 | — | — | — | — | — | — | — | — | — | P3.1 | PRV-1 |
Framework Reference
US Frameworks
| Code | Framework | Description |
|---|---|---|
| SOC 2 | Service Organization Control 2 | Security, availability, processing integrity, confidentiality, privacy |
| SOX | Sarbanes-Oxley Act | Financial reporting and internal controls |
| CCPA | California Consumer Privacy Act | Consumer privacy rights for California residents |
| HIPAA | Health Insurance Portability and Accountability Act | Protected health information |
| PCI-DSS | Payment Card Industry Data Security Standard | Cardholder data protection |
| GLBA | Gramm-Leach-Bliley Act | Financial institution privacy |
| FERPA | Family Educational Rights and Privacy Act | Student education records |
| FedRAMP | Federal Risk and Authorization Management Program | Cloud services for federal agencies |
| CMMC | Cybersecurity Maturity Model Certification | Defense contractor cybersecurity |
| CO AI | Colorado AI Act | Algorithmic discrimination prevention |
| NIST AI | NIST AI Risk Management Framework | AI risk identification and mitigation |
EU Frameworks
| Code | Framework | Description |
|---|---|---|
| GDPR | General Data Protection Regulation | Data privacy and protection |
| EU AI Act | European AI Act | AI system risk management and transparency |
| DORA | Digital Operational Resilience Act | Financial sector digital resilience |
| NIS2 | Network and Information Security Directive | Critical infrastructure cybersecurity |
| ISO 27001 | Information Security Management | Information security management systems |
| ISO 42001 | AI Management System | AI system management standard |
| C5 | Cloud Computing Compliance Criteria Catalogue | German cloud security standard |
India Frameworks
| Code | Framework | Description |
|---|---|---|
| DPDP | Digital Personal Data Protection Act | Personal data protection |
| RBI FREE | RBI Framework for Responsible AI | Financial sector AI governance |
| RBI IT | RBI IT Framework | IT governance for banks |
| SEBI | SEBI Cybersecurity Framework | Securities market cybersecurity |
| CERT-In | CERT-In Directions | Incident reporting and security |
| IRDAI | IRDAI IT Guidelines | Insurance sector IT governance |
| India AI | India AI Ethics Guidelines | AI ethics and governance |
Asia-Pacific Frameworks
| Code | Framework | Description |
|---|---|---|
| LGPD | Lei Geral de Proteção de Dados (Brazil) | Brazilian data protection law |
| PIPL | Personal Information Protection Law (China) | Chinese personal data protection |
| APPI | Act on Protection of Personal Information (Japan) | Japanese data protection |
| PDPA SG | Personal Data Protection Act (Singapore) | Singapore data protection |
| PDPA TH | Personal Data Protection Act (Thailand) | Thailand data protection |
Industry Standards
| Code | Framework | Description |
|---|---|---|
| CSA STAR | Cloud Security Alliance STAR | Cloud security certification |
| HITRUST | HITRUST CSF | Healthcare information security |
| CIS | CIS Controls | Critical security controls |
| COBIT | Control Objectives for IT | IT governance framework |
| OECD AI | OECD AI Principles | International AI principles |
| AIUC-1 | AI Use Case Standard | AI use case classification |