Security & Compliance

Security and Access Control

Fine-grained RBAC

Custodeum implements a full role-based access control model with granular permission definitions. Roles are assigned specific permissions across resources and actions, and the same model governs both UI and API access.

Least-privilege Operations

The platform is delegated only the permissions required to perform specific actions. Operators interact through Custodeum's RBAC model, eliminating the need for broad admin permissions in downstream identity systems.

Compliance & Evidence Mapping

Custodeum helps support identity controls commonly required by frameworks such as SOC 2, ISO/IEC 27001, and IT general controls (ITGCs) used in SOX and J-SOX programs.

Capability	Control Objective	Frameworks
Governance campaigns	Periodic review of user access and privileged entitlements	SOC 2, ISO 27001, SOX, NIST
Centralized audit trail	Accountability and monitoring of identity operations	SOC 2, ISO 27001, NIST
JML Automation (Coming soon)	Timely provisioning and deprovisioning based on HR data	SOC 2, ISO 27001, SOX
AD Password Analysis	Authentication policy posture visibility and compliance	ISO 27001, NIST, SOC 2

Disclaimer

Custodeum helps support identity controls and produce evidence for audits and compliance programs. It does not, by itself, certify compliance with any specific framework. Compliance outcomes depend on organizational policies, configurations, operations, and auditor expectations.