Architecture

How ProTecht works

Your cloud already proves compliance. ProTecht makes it visible. Two layers work together. Observability surfaces the signals. Intelligence interprets what they mean for your compliance posture.

1 Connect

Instrument your infrastructure

Connect your AWS account via IAM role. ProTecht accesses Config, CloudTrail, and Security Hub. No agents to install. No code changes. Read-only access to your existing infrastructure telemetry.

Source

AWS Config

Resource state snapshots

Source

CloudTrail

API activity events

Source

Security Hub

Security findings

Also supports: Google Drive, SharePoint, S3 for document-based evidence sync.

2 Collect

Upload the evidence your cloud cannot emit

Policies, attestations, access reviews, vendor assessments. Drag in the artifacts that live in Drive, Notion, or a shared folder, and ProTecht parses, tags, and maps them to the controls they satisfy.

PDF

Access Control Policy v3.2.pdf

Manual upload → Parsed → AC-1, AC-2, AC-6 mapped

Approved

PNG

Q1 Quarterly Access Review screenshot

Manual upload → Tagged → AC-2(1), AC-6(7) mapped

Approved

DOC

Vendor attestation, payroll processor

Manual upload → Parsed → SA-9, SA-12 mapped

Approved

3 Observe

Signals emit as your systems run

Every infrastructure event becomes a compliance signal automatically. Deployments, IAM changes, config updates, each one classified as evidence and mapped to the controls it affects. No manual collection. No re-collection sprints before audit.

IAM policy change detected

CloudTrail → Signal emitted → AC-6(9) control mapped

Approved

S3 encryption config verified

AWS Config → Signal emitted → SC-8, SC-28 controls mapped

Approved

Least-privilege review completed

Security Hub → Signal emitted → AC-6 control family mapped

Approved

4 Intelligence

Know your live compliance posture

Every signal and uploaded document is classified and matched to specific framework controls. ProTecht scores the match, surfaces gaps, generates audit-ready narratives, and tracks how your posture evolves. One live view of what passes, what drifts, and what needs attention.

Control Match

50% match

AC-6(9): Log Use of Privileged Functions

Supports 0 covered statement(s) and 0 covered objective(s). Still missing 1 statement(s) and 0 objective(s).

Intelligence-Generated SSP Narrative

"The organization employs automated mechanisms to audit the execution of privileged functions. AWS CloudTrail logging captures all IAM policy changes and privilege escalations..."

Citations valid Human-in-the-loop review

Live posture

Updated continuously

Audit package

Builds every day

Frameworks supported

One platform. Multiple frameworks. Evidence mapped natively across all of them.

SOC 2 (Type I & II)

Primary entry point. Trust Services Criteria mapped to infrastructure evidence.

NIST SP 800-53 Rev. 5

Full control catalog with 19 families. Baseline-aware scoping.

FedRAMP

OSCAL-native from day one. Supports Low, Moderate, and High baselines. Built for FedRAMP 20x machine-readable evidence requirements.

See it on your infrastructure

20-minute call to see if your stack fits. If it does, we connect and you see compliance signals in days, not months.

Apply for early access →