Reference
MFT compliance framework map
Pick the frameworks your file transfers fall under. The tool consolidates every distinct requirement, shows which xevolve features satisfy it, and flags the items only you can sign off on.
Pick at least one framework to see your map
All eight cover overlapping ground. Selecting two or three is normal for enterprise MFT.
| Requirement | Required by | xevolve | How |
|---|
Decisions you don't need to make
xevolve enforces these by default for every workspace.
Decisions you do need to make
Customer responsibility. We provide the evidence, you do the sign-off.
Why the consolidated view matters
- Frameworks overlap by design. Encryption in transit, audit logging, MFA, and access reviews show up in seven of these eight standards. Mapping them once saves a quarter of audit prep time.
- Most enterprise teams handle three or more at once. A typical xevolve customer is in scope for SOC 2, ISO 27001, and one of HIPAA, PCI-DSS, or GDPR. The combined requirement set is smaller than the sum.
- xevolve covers the technical 80%. Crypto, logging, segmentation, and key management are wired into the product. The remaining 20% is people and process: signing the BAA or DPA, reviewing access lists, and writing your own incident response plan. We give you the architecture, you give the signature.
Honest gaps
- SOC 2 Type 2 and ISO 27001 audits are on the roadmap. We are architected for both readiness frameworks today and can share our control mapping under NDA. The standing audit reports do not exist yet. If your procurement process requires a current SOC 2 report, raise that with us early so we can scope a mutual NDA + architecture review instead.
- FedRAMP authorisation is in pursuit. We are not on the FedRAMP Marketplace today. If you must serve federal customers with CUI right now, use a FedRAMP-authorised provider and revisit when our ATO lands.
- Specific clauses vary by version. PCI-DSS 4.0 future-dated requirements (key custodian responsibilities, automated log review) became mandatory on 31 March 2025. NIST 800-171 Rev 3 is current. Verify any version-sensitive item with your QSA or auditor before relying on this map alone.
Related free tools
More from the xevolve tools shelf, no signup required.
SFTP to S3 cost calculator
AWS Transfer Family + S3 + egress cost vs flat-fee MFT.
MFT 3-year TCO calculator
Build your own SFTP, buy a vendor, or run xEvolve. Compare.
SFTP / SSH key strength checker
Paste a key, get the algorithm, length, and a NIST verdict.
File transfer protocol picker
Five questions, one verdict across SFTP, AS2, FTPS, HTTPS API.
Procurement security review?
We share what we have today: the standard DPA with EU SCCs, an architecture overview, our control mapping for SOC 2 and ISO 27001 readiness, and a security questionnaire response. SOC 2 Type 2 audit and a formal pen test program are on the roadmap. Honest scope, no demo gate.
Get in touch