Continuous compliance

The Challenge

Achieving Continuous Compliance for Enterprises

Today, a growing number of organizations are subject to industry, government and regulatory standards. For them, the cost of non-compliance affects the bottom line through fines and lost business. These regulations were born out of a genuine need to protect valuable applications and data, and to ensure continuity of service. Many organizations are now voluntarily adopting standards in order to protect their business.

Preparing for compliance audits is a painstaking, labor-intensive activity that often takes weeks and puts a real strain on resources. In addition to the high cost, relying on audits stands in the way of guaranteeing ongoing security. By the time an issue is found through an audit and is remedied, the threat may have gone unaddressed for months.

Continuous compliance is not a new concept, but until recently, it has not been feasible to implement for firewalls policies that are constantly changing. Only an automated solution can monitor every change, check it for compliance, and alert to violations. An automated solution is an essential component of a successful continuous compliance initiative.

The Solution

Continuous Compliance & Audit Readiness

Tufin Orchestration Suite enables organizations to optimize their policy health and demonstrate continuous compliance with regulatory standards such as PCI DSS, SOX, NERC CIP, GDPR and HIPAA. Tufin allows you to define your PCI zones and cyber assets, and to instantly generate compliance reports that map specific requirements to your actual firewall rules, including supporting evidence of secure configurations and business justification. Tufin also provides recommended mitigations and exception management where needed. An automated audit trail and customizable workflows enable compliance with change management frameworks, such as ITIL, COBIT and ISO 27001.

Tufin checks every access request and every security policy change against compliance policies before approval and after implementation. Tufin's compliance violations dashboard shows the current status and allows generating reports, drastically reducing audit preparation times.

  • Select from templates to demonstrate compliance with PCI DSS, NERC CIP, SOX, HIPAA, and more
  • Leverage best practices templates to establish or guide your corporate security policy
  • Identify pre-existing violations of security policy for automated decommissioning or recertification
  • Assess the compliance of access change requests and eliminate inadvertent introduction of policy violations
  • Automate the entire change workflow providing a complete audit trail with full accountability
  • Generate compliance audit reports



  • Demonstrate continuous compliance with your corporate security policy and regulatory mandates
  • Include a compliance assessment for all access requests to eliminate non-compliant access requests
  • Consistently execute change management with workflows to ensure no steps are ever missed
  • Designate and track exceptions for recertification to maintain compliance
  • Receive real-time alerts for compliance violations
  • Simplify audit preparation and reporting by automating the reporting process
Leverage a USP template for PCI DSS whitelist or blacklist.
The NERC segmentation template can be used as a whitelist or blacklist
Tufin helps identify violations to the USP across vendors and platforms
A drill down identifies the specific violations per rule and enables handling them
Generate dedicated audit reports for PCI DSS, SOX, and other industry regulations and standards