closegate ships control mappings, not certifications.
Compliance is a property of your deployment (your policy.yaml,
your IdP-bound actors, your retention policy, your incident response). The
framework gives you operational evidence — the audit log, the eval harness,
the SOC 2 monitoring loop, the audit-evidence-export PBC bundle — that
makes the certification engagement defensible.
SOX 404 ICFR (Sarbanes-Oxley §404, internal controls over financial reporting)
For US public companies. closegate addresses:
- Segregation of duties (SoD) — server-side enforcement;
Deny(SOD_SAME_ACTOR)on same-actor confirms and LLM-impersonating-human attempts. Implemented inclosegate_policy/gate.py:120-180. - Materiality — global threshold + per-entity overrides; above-threshold actions route to HITL automatically.
closegate_policy/gate.py:157-178. - Sensitive accounts —
always_human_accountsfrozenset forces HITL regardless of materiality.closegate_policy/gate.py:200-220. - Period close lock — once a period is closed, posting requires a T3 dual-HITL action. Implemented in the
period_closeFSM. - Evidence retention — audit log is append-only; archive to immutable cold storage on a quarterly cadence.
SOC 2 Trust Services Criteria
For SaaS finance teams pursuing Type 1 or Type 2 attestation:
| Criterion | Where it's addressed |
|---|---|
| CC6.1 (logical access) | OIDC + reverse-proxy auth backends. Per-actor identity. auth_middleware.py. |
| CC6.2 (authorization) | Policy gate's tier routing. Server-side SoD. closegate_policy/gate.py. |
| CC6.3 (revocation) | Actor identity backed by IdP; revoke via IdP, propagates on next token validation. |
| CC4.1 (monitoring) | 4-dimension eval harness + nightly SOC 2 monitor. eval/runner.py, closegate_engine/soc2.py. |
| CC4.2 (operating effectiveness) | SOC 2 monitor JSON artifact with 365-day CI retention. |
| CC7.2 (detection) | Adversarial robustness dimension + hash-chained audit log verification. |
| CC7.3 (response) | Incident playbook in documentation/operations/incident-playbook.md. |
NIST AI RMF Agentic Profile (CSA 2026)
The newest framework specifically for AI agents in production:
- Reversibility classification — T0/T1/T2/T3 tiers; routing enforced at the gate.
- Per-agent identity —
X-Actor-Idon every MCP call, bound to the transport. - HITL on irreversible actions — T3 requires dual-HITL with three distinct actor identities.
- Tamper-evident logging — append-only audit log with DB-layer triggers and hash chain.
- Model card binding —
CLOSEGATE_AGENT_MODELpinned; model card version recorded in audit events. - Schema fingerprint on ingestion — ingestion adapters record SHA-256 of incoming schema; replay-able.
PCAOB AS 1215 (audit documentation)
For external auditors of US public companies:
- Audit documentation — every state-changing decision is replay-able from
audit_events+ the git history ofpolicy.yaml. - Retention — append-only enforced at the DB layer; archive to immutable cold storage to meet 7-year retention requirements.
- Reconstruction — anyone with the audit log + the policy commit hash can reconstruct any decision in any prior period.
EU GDPR Article 22 (automated decision-making)
For EU operations:
- Automated decision-making with legal effect — closegate's T2/T3 routing ensures legal-effect decisions get human review.
- Right to explanation — verbatim policy clause text on every blocked event gives data subjects a defensible explanation of what rule fired and why.
- Data minimization — actor identity is the only PII recorded in the audit log; configurable redaction available for European deployments.
State sales-tax jurisdictional rounding
For US multi-state operations:
- Per-line vs invoice-total rounding — configurable in
closegate_policy.money. Some states require per-line; others require total. - ROUND_HALF_UP adapter for IRS reports — IRS forms require ROUND_HALF_UP, not the GAAP default of ROUND_HALF_EVEN. closegate ships both rounders;
closegate_policy/money.py:200-240.
What we don't claim
- closegate is not SOC 2 Type 2 certified. It ships the controls and the monitoring loop; the certification is a property of your deployment + your audit engagement.
- closegate is not pre-audited by any commercial vendor. The compliance posture is verifiable from the source code; no third-party attestation is bundled.
- closegate is not a legal-advice substitute. Your CFO + general counsel make the compliance calls. closegate gives them defensible operational evidence.
Adjacent reading
- For auditors — the 5-minute one-pager + control-testing script
- Security posture — threat model + go-live checklist
COMPLIANCE.mdin the repo — the full mapping with file.py:line citations