SigmaSRC FAQ | SigmaSRC

SigmaSRC Frequently Asked Questions

Find answers to common questions about SigmaSRC, our AI-powered cybersecurity platform for Security, Risk, and Compliance automation.

General Platform Questions

What is SigmaSRC?

SigmaSRC is an AI-powered cybersecurity SaaS platform that automates Security, Risk, and Compliance (SRC) management. It uses Agentic AI to continuously enforce security policies, assess risks, and maintain regulatory compliance across your entire IT environment.

How does SigmaSRC differ from traditional GRC tools?

Unlike traditional GRC tools that rely on manual processes and periodic audits, SigmaSRC uses AI agents that autonomously enforce policies, detect compliance drift in real-time, and automatically remediate issues. This provides continuous compliance rather than point-in-time assessments.

What industries does SigmaSRC serve?

SigmaSRC serves organizations across all industries including:

Healthcare - HIPAA, HITRUST compliance
Financial & Insurance Services - SOX, PCI-DSS, GLBA compliance
Government & Defense - NIST, FedRAMP, CMMC compliance
Technology & SaaS - SOC 2, ISO 27001 compliance
Retail - PCI-DSS compliance
Energy & Utilities - NERC CIP compliance

Is SigmaSRC cloud-based or on-premise?

SigmaSRC is primarily a cloud-based SaaS platform, but we also support hybrid and on-premise deployments for organizations with specific requirements. Contact us to discuss your deployment needs.

Compliance & Frameworks

What compliance frameworks does SigmaSRC support?

SigmaSRC supports major compliance frameworks including:

NIST 800-171/172
SOC 2 (all Trust Services Criteria)
HIPAA/HITECH
HITRUST CSF
PCI-DSS 4.0
ISO 27001
NIS2
CIS Controls v8 and Benchmarks
SOX (Sarbanes-Oxley)
CMMC 2.0
FedRAMP
FISMA
GDPR/CCPA (privacy regulations)

How does mandate-to-control mapping work?

SigmaSRC pre-maps regulatory requirements (mandates) to specific technical controls. When you select a compliance framework, the platform automatically identifies required controls, deploys appropriate policies, and tracks compliance status against each mandate.

Can SigmaSRC help with SOC 2 audits?

Yes, SigmaSRC automates SOC 2 compliance by:

Mapping controls to all five Trust Services Criteria
Continuously monitoring compliance status
Automatically collecting audit evidence
Generating audit-ready reports for your assessors
Providing auditor portal access for transparency

How does SigmaSRC support NIST 800-171/172 compliance?

SigmaSRC provides comprehensive NIST 800-171/172 support including:

Pre-mapped controls for all 110 security requirements
Continuous monitoring of CUI protection
Automated SPRS score calculation
POA&M tracking and management
CMMC 2.0 Level 2 alignment

Security Features

How does SigmaSRC enforcement work?

SigmaSRC deploys lightweight agents on endpoints that continuously:

Monitor device configuration and compliance status
Assess risks based on current threats and vulnerabilities
Enforce security policies automatically
Remediate issues without manual intervention
Report status to the central management console

What is adaptive micro-segmentation?

Adaptive micro-segmentation in SigmaSRC automatically:

Isolates compromised devices from the network
Restricts lateral movement of threats
Enforces network access policies based on device compliance
Adjusts segmentation rules based on real-time risk assessment

How does SigmaSRC detect rogue devices?

SigmaSRC continuously listens to network activity and fingerprints devices. When detected, rogue devices can be:

Automatically quarantined
Flagged for administrator review
Blocked from network resources
Tracked for audit purposes

What endpoint protection does SigmaSRC provide?

SigmaSRC provides comprehensive endpoint protection including:

Configuration compliance monitoring
Host-based firewall management
Privilege access control
Application whitelisting
Vulnerability assessment
Patch compliance tracking

Risk Management

How does SigmaSRC calculate risk scores?

SigmaSRC uses Value@Risk modeling that:

Ties technical vulnerabilities to business asset value
Calculates potential financial impact of breaches
Factors in threat intelligence and likelihood
Provides continuous risk score updates
Prioritizes remediation based on business risk

What is continuous monitoring?

Continuous monitoring in SigmaSRC means:

24/7 real-time compliance status tracking
Immediate detection of configuration drift
Automated alerting on policy violations
Real-time risk score updates
Continuous evidence collection for audits

How does SigmaSRC prioritize remediation?

SigmaSRC prioritizes remediation based on:

Risk score and potential impact
Compliance criticality (which frameworks affected)
Asset value and sensitivity
Exploitation likelihood
Remediation effort required

Subscription Plans

What is included in SigmaLITE?

SigmaLITE is the complementary tier that includes:

Basic Information Security Plan (ISP) building
Minimum necessary controls
Essential compliance tracking
Limited framework support
Community support

What is the difference between SigmaPRO and SigmaMAX?

SigmaPRO includes:

Core AI platform
Policy automation
SigmaSRC agents
Standard framework support
Email support

SigmaMAX adds:

Full compliance framework packs
Advanced enforcement capabilities
Expanded integrations
Priority support
Advanced reporting

What are SigmaFuelPacks?

SigmaFuelPacks are add-on modules that extend SigmaSRC capabilities:

Additional compliance framework mappings
Industry-specific control packages
Advanced integration connectors
Specialized features and workflows

What is SigmaQA (QuickAssess)?

SigmaQA is a 90-day assessment license designed for:

Auditors and assessors
Pre-engagement evaluations
Compliance gap assessments
Rapid deployment scenarios

Implementation & Support

How long does implementation take?

Implementation timelines vary by tier:

SigmaLITE: Self-service, immediate
SigmaPRO: 1-2 weeks typical
SigmaMAX: 2-3 weeks typical
SigmaENT: 4-8 weeks with custom integrations

What training is provided?

SigmaSRC offers comprehensive training:

Online documentation and knowledge base
Video tutorials and webinars
Live training sessions
Multi-day certification programs
Dedicated on-boarding for Enterprise

What support options are available?

Support options include:

SigmaLITE: Community and documentation
SigmaPRO: Email support, business hours
SigmaMAX: Phone and email, extended hours
SigmaENT: Dedicated CSM, 24/7 support, SLA-backed

Technical Questions

What operating systems does SigmaSRC support?

SigmaSRC agents support:

Windows 10/11
Windows Server 2016/2019/2022
macOS 11+ (Big Sur and later)
Ubuntu 18.04+
CentOS 7/8
RHEL 7/8/9
Debian 10/11

How do SigmaSRC agents work?

SigmaSRC agents are lightweight software that:

Install on endpoints with minimal footprint
Communicate securely with the cloud platform
Execute policies and controls locally
Report compliance status in real-time
Operate even when disconnected (cached policies)

What integrations are available?

SigmaSRC integrates with:

SIEM: Splunk, QRadar, Sentinel, Elastic
Ticketing: ServiceNow, Jira, Zendesk
Identity: Azure AD, Okta, Ping
Cloud: AWS, Azure, GCP
API: RESTful API for custom integrations

Does SigmaSRC support multi-tenant environments?

Yes, SigmaSRC supports multi-tenant deployments with:

Isolated tenant data
Role-based access control
Centralized management console
Tenant-specific policies and reporting
White-labeling options for partners

Getting Started

Is there a free trial available?

Yes! You can get started with:

SigmaLITE: Complementary tier, no credit card required
SigmaSRC Trials: Contact sales for SigmaPRO/SigmaMAX evaluation

How do I request a demo?

Request a demo to see SigmaSRC in action. Our team will walk you through the platform, answer your questions, and help you understand how SigmaSRC can meet your compliance needs.