AEGIS shield

Security Compliance Command

AΞGIS

Client Environment Audits · ISO/IEC 27001:2022 Aligned

Field-verification checklists for client environment hardening. Each checklist tracks completion live, records notes/evidence per control, and prints to a clean client-facing PDF report or certificate.

Email · Exchange Online

Microsoft 365 Email Security

Anti-spam, anti-phishing, anti-spoofing, SPF/DKIM/DMARC, Safe Links & Safe Attachments, connection filtering, and mail flow hardening.

9 sections · 36 controlsOpen checklist
Identity · Entra ID

Microsoft 365 / Entra ID Security

Identity and access hardening for the M365 tenant itself — Conditional Access, privileged roles, guest access, and app governance.

6 sections · 27 controlsOpen checklist
Identity · Data · Google

Google Workspace Security

2-Step Verification, Drive sharing exposure, Gmail authentication, OAuth app governance, Gemini/AI data boundaries, and monitoring.

6 sections · 24 controlsOpen checklist
Endpoint · Windows 11

Windows Endpoint Security

OS lifecycle, Defender, least privilege, BitLocker, USB control, patching, firewall, authentication, application control, logging.

11 sections · 65 controlsOpen checklist
Infrastructure · Applications

Infrastructure & Application Security

Network perimeter, vulnerability management, active monitoring, data masking/leakage, privileged access, and custom application/SDLC security.

7 sections · 32 controlsOpen checklist
Backup · Continuity

Backup & Disaster Recovery

Backup coverage, immutability & ransomware resilience, encryption, restore testing, RTO/RPO documentation, and business continuity.

6 sections · 23 controlsOpen checklist
EU Financial Sector · Reg. 2022/2554

EU DORA Digital Resilience

ICT third-party register & exit strategy, resilience testing programme, threat-led penetration testing (TLPT), and incident reporting readiness.

5 sections · 23 controlsOpen checklist
US Framework · CSF 2.0

NIST CSF 2.0 Readiness

Executive-level cross-walk across Govern, Identify, Protect, Detect, Respond, and Recover — all 22 categories, cross-referenced to the technical checklists in this portal.

6 functions · 23 controlsOpen checklist
職業安定法 · 労働者派遣法 · 番号法 · Japan

Japan Recruiter Personal Information

Employment Security Act, Worker Dispatch Act, and My Number Act obligations for recruiters — collection restrictions, 職業紹介責任者 & 派遣元責任者 roles, and third-party provision rules, fully bilingual with statutory articles.

9 sections · 33 controlsOpen checklist
個人情報保護法 · General Purpose · Japan

APPI Compliance

General-purpose Act on Protection of Personal Information checklist for any Japan-based organization — purpose notification, breach reporting, third-party/cross-border transfer, and data subject rights.

8 sections · 28 controlsOpen checklist
Security Culture · NIST CSF PR.AT

Phishing Awareness Program

Authorization prerequisites, infrastructure isolation, campaign design, training follow-through, and non-retaliation culture for a simulated phishing program.

6 sections · 18 controlsOpen checklist
Companion tool: Phishing Awareness Campaign Results → — a live dashboard that pulls campaign metrics from a self-hosted GoPhish instance via its API. Not a checklist; reporting only.
Scope: these checklists cover technical field verification only. Risk registers, Statements of Applicability, policies, incident response plans, HR/physical security, and GDPR/APPI legal-compliance tracking live in the GRC platform (Probo) as governed controls with maturity levels and owners — not duplicated here.