Skip to content
PostMTA Hosted
StatusSign inOpen panelRequest access
Open menu

Compliance

Framework crosswalk

Mappings help your compliance officer — they are not certifications. PostMTA Hosted is designed so customers can attest SOC 2, HIPAA BAA workflows, and regional privacy on their deployment.

FrameworkRequirementPMH-SEC controlsEvidence
SOC 2CC6.1 Logical access controlsPMH-SEC-002,004,006RBAC tests, panel.matrix
SOC 2CC6.6 Encryption in transitPMH-SEC-011,018STARTTLS gate, Caddy TLS
SOC 2CC7.2 MonitoringPMH-SEC-012,013audit_events, Activity panel
HIPAA§164.312(a) Access controlPMH-SEC-002,005,006JWT + MFA optional
HIPAA§164.312(b) Audit controlsPMH-SEC-012,013Append-only audit export
HIPAA§164.312(e) Transmission securityPMH-SEC-018,011TLS SMTP + HTTPS
NIST CSFPR.AC Identity managementPMH-SEC-001–006controls.md
NIST CSFDE.CM Continuous monitoringPMH-SEC-012Queues/metrics panel
CIS v86.1 Access control processPMH-SEC-004,005RLS + editor helper
CAN-SPAMSender identification & opt-outProduct policyAUP + FBL ingest
PIPEDAAccountability & consentLegal + cookiesPrivacy policy, cookie banner
CCPA/CPRADo Not Sell/ShareN/A B2B applianceNo ad-tech; GPC honored

← Trust center