Wire
TraceCompliance Mapping Guide
Continuous Compliance Evidence from the Wire
WireTrace v1.2.4 generates audit-ready compliance evidence automatically from observed network traffic and active enrichment. Asset inventories, communication flows, access control validation, encryption posture, file activity audit trails, and segmentation evidence are always current - replacing periodic manual assessments that go stale between audits. The AI agent with 21 query tools generates streaming compliance reports and evidence summaries on demand. This guide maps WireTrace capabilities to specific control requirements across 5 supported frameworks.
The WireTrace Approach to Compliance
Continuous, Not Periodic
Evidence is generated from live traffic observations every day - not collected manually once per audit cycle. Compliance posture is always current.
Evidence-Based, Not Self-Reported
Findings are derived from what is actually happening on the network. Asset inventories, encryption usage, and communication patterns are observed facts, not questionnaire responses.
Operationally Useful, Not Just Audit Artifacts
The same data that satisfies auditors also drives daily security operations: incident investigation, risk prioritization, and change monitoring.
IEC 62443 - Industrial Automation Security
| IEC 62443 Requirement | WireTrace Evidence | How It Works |
|---|
| Zone & Conduit Model (3-2) | Zone boundaries mapped from observed traffic. Cross-zone communications documented with protocol detail. | Passive traffic analysis identifies which assets communicate across zone boundaries and over which protocols. |
| Asset Inventory (2-1, 3-2) | Continuously updated inventory of every industrial asset: PLCs, RTUs, HMIs, gateways, engineering workstations. 68 device types classified. | 411 classification rules with intelligent multi-signal classification: protocol fingerprints, DPI identity, manufacturer identification, automatic device discovery from network announcements, device identity fields, multi-source passive fingerprinting with thousands of signatures. Optional SNMP active polling for hardware model, serial, firmware. |
| Access Control (3-3) | Communication pattern evidence showing which devices access which systems over which protocols. | Protocol-level inspection identifies who is communicating with controllers and what commands are being sent. |
| Network Monitoring (3-3, 4-2) | Continuous monitoring of all industrial network communications with alerting on deviations. 12 ransomware kill chain detection rules including OT isolation violation. File activity monitoring across 6 protocols. | Behavioral baselines per device and per protocol. Kill chain correlation scores multiple indicators per asset. File operations tracked with full audit trail. Deviations surfaced with protocol context. |
| Security Assessment (2-1) | Attack surface analysis: cleartext protocols, unprotected industrial communications, exposed services. | Security Insights engine automatically identifies unsafe configurations from observed traffic. |
NCA OTCC - Saudi OT Cybersecurity Controls
| OTCC Domain | WireTrace Evidence | How It Works |
|---|
| OT Asset Management | Complete OT asset inventory with vendor, model, firmware, and protocol details. Continuously updated. | Passive discovery from observed industrial protocol communications. |
| OT Network Security | Network segmentation evidence, cross-zone communication detection, unauthorized lateral movement alerts. | Zone boundary monitoring from traffic analysis. Purdue level assignment per asset. |
| OT Monitoring & Detection | Continuous monitoring of all OT communications. Behavioral baseline deviations, unauthorized commands, anomalous patterns. | Protocol-aware baselines detect changes in command patterns, polling frequencies, and communication peers. |
| OT Incident Management | Protocol-level forensic evidence for incident investigation. Full communication history per asset. | Historical records of all observed communications, commands, and connection changes. |
Wire
TraceCompliance Mapping Guide
NCA ECC - Essential Cybersecurity Controls
| ECC Domain | WireTrace Evidence | How It Works |
|---|
| Asset Management (2-2) | Comprehensive asset inventory across IT, OT, and IoT. Vendor, OS, firmware, and classification details. | Passive protocol analysis identifies every communicating device without agents or scanning. |
| Network Security (2-7) | Segmentation validation, communication flow documentation, unauthorized access detection. | Cross-segment communication monitoring. Protocol-level access pattern evidence. |
| Continuous Monitoring (2-12) | Real-time monitoring of network communications with alerting on deviations and threats. | Behavioral baselines, IoC matching, and attack surface analysis from observed traffic. |
| Vulnerability Mgmt (2-3) | CVE correlation with observed assets. Prioritized by real protocol exposure and active firmware. Industrial security advisories. | National vulnerability databases with risk-based prioritization matched against discovered assets and their observed software versions. Industrial advisory sync for OT-specific vulnerabilities. |
ISO 27001 - Information Security Management
| ISO 27001 Control | WireTrace Evidence | How It Works |
|---|
| A.8 Asset Management | Continuously updated asset inventory. Classification by type, vendor, OS, firmware, network role. | Multi-signal passive discovery and weighted classification from observed protocol behavior. |
| A.9 Access Control | Communication pattern evidence. Which devices access which services over which protocols. | Protocol-level access monitoring. Unauthorized communication peer detection. |
| A.10 Cryptography | TLS certificate inventory: subject, issuer, validity, key strength. Self-signed and expired certificate detection. | TLS handshake inspection extracts certificate fields from observed connections. |
| A.12 Operations Security | Change monitoring: new devices, removed devices, new services, configuration changes. | Continuous traffic analysis detects changes in network behavior and device communications. |
| A.13 Communications | Network segmentation evidence. Cleartext protocol detection. Encryption posture per connection. | Protocol-aware inspection identifies unencrypted communications and cross-segment flows. |
HIPAA - Healthcare Security Rule
| HIPAA Requirement | WireTrace Evidence | How It Works |
|---|
| 164.310 Physical (Device Inventory) | Complete medical device inventory. Manufacturer, model, function, firmware, communication patterns. | Proprietary medical protocol parsing identifies clinical devices by vendor and function. |
| 164.312 Technical (Access Controls) | Access pattern evidence showing which devices communicate with ePHI systems. | Protocol-level monitoring of EMR, PACS, and clinical gateway communications. |
| 164.312 Transmission Security | Encryption posture per connection. Cleartext ePHI flow detection. | TLS inspection and protocol analysis identify unencrypted clinical data transmissions. |
| 164.312 Audit Controls | Continuous communication audit trail per medical device. File activity monitoring tracks ePHI file access across DICOM, SMB, and clinical protocols with full file paths and operation types. | Every observed communication and file operation logged with protocol detail, timestamp, source/destination, and peer information. |
Evidence Types Generated
Asset Inventories & AI Reports
Complete, continuously updated device inventories. Streaming AI reports generate progressively with conversation memory for follow-up questions.
Communication & File Activity
Protocol-level documentation of which devices communicate, over which protocols, with which commands. File activity audit trail across SMB, FTP, TFTP, NFS, HTTP, and DICOM.
Threat & Security Findings
12 ransomware kill chain detection rules. Cleartext credentials, expired certificates, exposed interfaces, unprotected protocols identified from traffic. MITRE ATT&CK mapped.
From Periodic Audits to Continuous Evidence
WireTrace replaces manual compliance evidence collection with continuous, traffic-derived proof. wiretrace.io | [email protected]