Skip to content
Cased Documentation

Checking Terraform for SOC2 Compliance

Cased can automatically analyze your Terraform code to identify resources that may not be compliant with SOC2 controls, helping you to maintain a strong security and compliance posture.

Ensuring that your infrastructure is compliant with security standards like SOC2 is a continuous process. Cased helps to automate this process by analyzing your infrastructure-as-code and identifying potential compliance issues before they become a problem.

How it Works

Cased’s compliance checking is a multi-step process that combines static analysis with AI-powered classification:

  1. Code Analysis: Cased scans your Terraform code and identifies resources and configurations that could have an impact on your compliance posture.
  2. Sub-agent Creation: For each potential issue, Cased creates a new sub-agent in Mission Control with details about the resource and the potential issue.
  3. Compliance Classification: Cased then uses an AI agent to analyze the sub-agent and to determine which, if any, compliance standards it might violate. The agent will add a “compliance_standards” tag to the sub-agent with the results of its analysis (e.g., “SOC2 CC6.1”).
  4. Review and Remediation: You can then review the sub-agents in Mission Control, prioritize them based on the compliance standards they affect, and take action to remediate any issues.

Getting Started

To get started with compliance checking, you’ll need to enable the infrastructure analysis for your projects. Once enabled, Cased will automatically begin to analyze your Terraform code and to create sub-agents for any potential compliance issues it finds.