Compliance Engineering Team
Control-ID maps + regulatory write-ups.
The Penaxtra Compliance Engineering Team maintains the control-ID compliance maps across six frameworks, authors the regulatory walkthroughs on the blog, and reviews every product claim that touches a compliance assertion.
Bio
Compliance Engineering sits between security research and the customer GRC team. They take a regulator publication and translate it into actionable control IDs that Penaxtra maps every finding to. Their writing is precise, auditor-facing, and explicit about what is and is not in scope.
Expertise
- EU AI Act (Regulation 2024/1689), Articles 9 through 17
- ISO/IEC 42001 (AI management system)
- NIST AI 600-1 (Generative AI Profile) and NIST AI RMF
- NIST SP 800-218A (SSDF for Generative AI)
- OWASP LLM Top 10 (2025) and OWASP Agentic Top 10 (2026)
- MITRE ATLAS (adversarial machine-learning techniques)
- GDPR (Regulation 2016/679) and the EU Charter of Fundamental Rights
- Cross-framework control overlap analysis
Reviewed topics
This team signs off on every blog post tagged Compliance, every framework landing under /compliance/*, every audit-evidence schema change, and every product claim that references a control ID or a regulatory article.
Articles by this team
- EU AI Act cybersecurity requirements
- NIST AI 600-1 profile in 20 minutes
- EU AI Act compliance mapping
- ISO/IEC 42001 control mapping
Related
Last reviewed: 2026-06-13. Contact: [email protected].