Compliance
Compliance support for browser-based cloud access
FirmBrowser helps professional and financial firms strengthen and evidence security controls around cloud application access, user behaviour, password governance, session visibility and data movement.
Important. FirmBrowser does not make an organisation compliant by itself. Compliance depends on the organisation's full environment, policies, processes, people and technical controls. FirmBrowser helps support and evidence relevant controls.
| Framework | Relevant area | How FirmBrowser helps | Evidence produced |
|---|---|---|---|
NIST Cybersecurity Framework 2.0 | Govern, Identify, Protect, Detect | Supports access governance, app visibility, role-based access, password isolation, protected sessions and detection of risky browser activity. | Policy records, user/app access logs, blocked events, audit reports, session recordings where enabled. |
Essential Eight | Application control, restrict admin privileges, user application hardening, MFA support, patching support by reducing unmanaged browser use. | Helps restrict which browser apps users can access, reduces risky browser behaviours, supports least privilege access and helps reduce exposure from unmanaged endpoints. | Allowed app lists, role access records, access attempts, blocked actions, policy history. |
Cyber Essentials | User access control, secure configuration, malware protection support, cloud-service access control. | Supports controlled access to cloud services, reduces unmanaged access, hides credentials and improves governance over user access. | App access policies, device access logs, user activity reports. |
CIS Controls | Account management, access control management, data protection, audit log management, web browser protections. | Supports controlled browser access, credential isolation, data movement controls and audit logging. | User/app records, audit logs, data movement events, blocked workflow attempts. |
ISO/IEC 27001 | Access control, identity management, logging and monitoring, information transfer, data leakage prevention, supplier/third-party access governance. | Provides technical controls and evidence around cloud app access, password handling, browser activity and data movement. | Access policy configuration, logs, session recordings, export/download/print events. |
SOC 2 | Security, confidentiality and privacy control evidence. | Supports restricted access, auditability, credential governance and data handling controls for cloud applications. | Access logs, control configuration, session audit records, policy enforcement reports. |
APRA CPS 234 | Information security controls, information asset protection, third-party access, incident detection and response. | Helps financial services organisations control access to sensitive information assets accessed through browser-based applications. | App access logs, device policy logs, blocked activity, user session evidence. |
GDPR / UK GDPR | Security of processing and appropriate technical and organisational measures. | Helps reduce unauthorised access, credential exposure and uncontrolled data movement from browser-based systems containing personal data. | Access records, policy controls, data movement logs, session evidence where enabled. |
Speak with us about mapping FirmBrowser to your firm's security and compliance requirements.
We'll work through your relevant frameworks and cloud application stack together.
