6 Frameworks

Compliance & Regulyatsiyalar

OPA (Open Policy Agent) Rego deklarativ siyosat'lar bo'yicha xalqaro va milliy talablarga muvofiqlikni real-time tekshiradi. Eng strict natija qabul qilinadi (priority block > alert > redact > allow).

🇪🇺

GDPR

EU 2016/679 — General Data Protection Regulation
  • Art. 44-49 — Adequacy decision check (14 davlat + 27 EU member)
  • Art. 9 — Special categories (health, racial, biometric) — explicit consent
  • Art. 17 — Right to be forgotten (deletion request)
  • Art. 5(c) — Data minimization (≥ 50 fields without purpose)
  • Art. 5(e) — Storage limitation (> 5 years)
  • Art. 8 — Children under 16 — parental consent
💳

PCI-DSS v4.0

Payment Card Industry Data Security Standard
  • Req. 3.4 — Full PAN unreadable (non-PCI destination = block)
  • Req. 3.5 — Sensitive Auth Data (CVV/PIN/track) — never stored
  • Req. 4 — PAN over HTTP/SMTP/weak TLS = block
  • Req. 7 — Need-to-know access (RBAC)
  • Req. 10 — Audit logging mandatory
🇺🇿

O'zR Shaxsiy Ma'lumotlar

ZRU-547 (2019) + Davlat siri + Bank/Tibbiy sir
  • Art. 16 — Shaxsiy ma'lumotlar O'zR'dan tashqariga (Adliya vazirligi)
  • Strict PII — pasport, JShShIR, INN, biometric
  • Bolalar — 14 yoshgacha qonuniy vakil consent'i
  • Davlat siri — markerlar bo'yicha avto-block
  • Tibbiy sir — Sog'liqni saqlash kodeksi
  • Bank siri — Bank to'g'risidagi qonun
📊

Sarbanes-Oxley (SOX)

Financial reporting + insider trading
  • Section 302 — Corporate responsibility (financial reports)
  • Section 404 — Segregation of duties (developer ≠ financial data)
  • Section 802 — Audit log tampering = block
  • MNPI — Material Non-Public Info to external = block
⚕️

HIPAA

Health Insurance Portability and Accountability Act
  • Privacy Rule — PHI (Protected Health Information) himoyasi
  • Security Rule — Administrative, Physical, Technical safeguards
  • Minimum Necessary — minimal kerakli ma'lumot
  • Breach Notification — 60 kun ichida xabar berish
⚙️

Orchestrator

Compliance Aggregator

Barcha 5 framework qarorini birlashtiradi va eng strict natijani qabul qiladi: 

action = block (any) > alert (any) > redact > allow
  • frameworks_evaluated — qaysi framework'lar tekshirildi
  • blocking_frameworks — qaysi'lari block dedi
  • all_reasons — to'liq sabablar ro'yxati

Compliance qaror oqimi

1
Klassifikatsiya

Hybrid Cascade matn yoki paketni tekshiradi (P_RF · α + P_BERT · (1−α))

2
AHP qaror

8 kriteriya bo'yicha vazn vektor + Saaty CR < 0.10

3
Compliance Rego

5 framework tekshiradi → eng strict natija

4
MITRE mapping

Tactics/Techniques bog'lanadi (T1041, T1567, ...)

5
Action

allow / alert / redact / block + audit log