Technical Integrations

Automate evidence collection and keep an eye on security across your business with our integrations

Explore the Carbide Platform
Integrations We Support

Integrations to speed your path to compliance

Security doesn’t happen on paper – it’s embedded in the infrastructure you use, the policies you follow, and the applications that power your business.

So when it comes to proving how you’re living up to your security promises, you need an automated way to track and demonstrate how your security controls are being implemented.

How do we do it?

We’ve partnered with Workato, the leader in enterprise automation, to ensure our technical integrations meet our high quality and security standards.

We’ve enabled some of the most common integrations needed, but if you don’t see something you need below, let us know — Workato has more than 1000 integrations we can prioritize.

Cloud Services

Through our integrations with different cloud service providers, we capture critical components of your security posture related to multi-factor authentication status, password complexity requirements, active user and admin lists, groups, and roles.

Amazon Web Services
Microsoft Azure
Google Cloud Platform
Heroku
Amazon Web Services

Our integration with AWS captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5, 3.13.16, 3.12.4)
  • PCI DSS V3.2 (1.7.2, 1.8.3, 1.8.7)
  • SOC 2 (CC6.1, CC6.2-A1, CC6.2-B, CC6.3, CC8.1)
Amazon Web Services
Microsoft Azure

Our integration with Microsoft Azure captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5, 3.13.16, 3.12.4)
  • PCI DSS V3.2 (1.7.2, 1.8.3, 1.8.7)
  • SOC 2 (CC6.1, CC6.2-A1, CC6.2-B, CC6.3, CC8.1)
Microsoft Azure
Google Cloud Platform

Our integration with Google Cloud Platform captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5, 3.13.16, 3.12.4)
  • PCI DSS V3.2 (1.7.2, 1.8.3, 1.8.7)
  • SOC 2 (CC6.1, CC6.2-A1, CC6.2-B, CC6.3, CC8.1)
Google Cloud Platform
Heroku

Our integration with Heroku captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5, 3.13.16, 3.12.4)
  • PCI DSS V3.2.1 (7.2, 8.3, 8.7)
  • SOC 2 (CC6.1, CC6.2-A1, CC6.2-B, CC6.3, CC8.1)
Heroku

Code Repositories

Through our integrations with different code repositories, we scan and capture details related to multi-factor authentication, single sign-on, and development access.

GitHub
GitLab
Bitbucket
GitHub

Our integration with GitHub captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2, A9.4.5)
  • NIST SP 800.171 (3.1.1, 3.3.2, 3.5.2, 3.5.3, 3.5.4, 3.7.5)
  • SOC 2 (CC6.1, CC6.3, CC8.1)
GitHub
GitLab

Our integration with GitLab captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2, A9.4.5)
  • NIST SP 800.171 (3.1.1, 3.3.2, 3.5.2, 3.5.3, 3.5.4, 3.7.5)
  • SOC 2 (CC6.1, CC6.3, CC8.1)
GitLab
Bitbucket

Our integration with Atlassian’s Bitbucket captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2, A9.4.5)
  • NIST SP 800.171 (3.1.1, 3.3.2, 3.5.2, 3.5.3, 3.5.4, 3.7.5)
  • SOC 2 (CC6.1, CC6.3, CC8.1)
Bitbucket

Ticketing Systems

By integrating with ticketing systems such as Jira, we can capture information related to application changes, emergency changes, and remediation.

Jira
Jira

Our integration with Atlassian’s Jira captures evidence related to the following framework / regulation requirements and controls:

  • CIS Implementation (4.2, 4.3, 14.6, 5.1, 6.2 16.8, 16.9)
  • HIPAA (164-310, 164-312, Administrative Safeguards 6, Physical Safeguards 3, Technical Safeguards 3, 5)
  • ISO 27001 (A.9.2.4, A.12.4.2, A.9.4.5, A.11.1.2, A.9.2.1, A.9.2.3, A.9.2.5, A.9.1.1, A.12.6.2, A.14.3.1, A.9.3.1, A.12.4.3, A.18.1.3, A.9.2.2, A.9.4.4, A.7.3.1, A.9.4.2, A.10.1.1, A.9.4.1, A.9.2.6, A.9.1.2, A.14.1.3, A.13.1.2, A.9.4.3, A.6.1.2, A.12.1.2, A.12.4.2, A.14.2.9, A.9.4.5, A.14.2.4, A.14.2.7, A.12.4.1, A.14.2.2, A.14.3.1, A.12.4.3, A.6.1.5, A.14.2.1, A.14.2.6, A.14.2.3, A.12.1.4, A.14.2.5, A.12.5.1, A.14.2.8)
  • GDPR Checklist (Data Security Item 1)
  • NIST SP 800.171 (3.7.2, 3.4.3, 3.3.2, 3.5.11, 3.14.1, 3.4.5, 3.4.4, 3.13.2, 3.1.7, 3.5.2, 3.8.5, 3.5.7, 3.5.8, 3.1.1, 3.13.3, 3.9.1, 3.5.9, 3.1.2, 3.10.1, 3.1.11, 3.5.3, 3.3.6,  3.1.22, 3.1.3, 3.1.10, 3.3.5, 3.4.5, 3.1.5, 3.8.2, 3.14.7, 3.7.5, 3.1.17, 3.7.6, 3.3.9, 3.1.15, 3.5.6, 3.3.1, 3.5.10, 3.9.2, 3.3.2, 3.5.4, 3.13.12, 3.3.8, 3.1.6, 3.1.8, 3.5.5, 3.5.11, 3.14.1, 3.4.5, 3.4.4, 3.13.2, 3.4.3)
  • SOC 2 (CC1.4, CC5.2, CC5.1, CC6.5, CC6.8, CC6.6, CC6.3, CC6.2, CC6.1, CC7.2, CC8.1) 
  • PCI DSS v3.2.1 (6.4, 6.5, 6.3, 8.4, 7.2, 8.3, 9.7, 2.3, 9.2, 8.2, 8.1, 8.5, 7.1, 10.1, 9.1, 10.5, 8.7, 10.7, 10.3, 12.5, 12.3, 8.6, 10.2)
Jira

Business Applications

By integrating with your business applications such as Google Workspace, we can capture evidence related to multi-factor authentication and password complexity.

Google Workspace
Slack
Microsoft Active Directory and Office 365
Google Workspace

Our integration with Google Workspace captures evidence related to the following framework / regulation requirements and controls:

  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5)
  • SOC 2 (CC6.1, CC6.3, CC8.1)
Google Workspace
Slack

Carbide’s integration with Slack keeps your timelines on tracks with integrated alerts and notifications about your security tasks, comments, new courses, policy changes, and other items.

Use our Slack integration to:

  • Get notified about new or edited comments that mention you
  • Stay on track with alerts about tasks delegated to you, completed, or other due date changes
  • Send notifications about policy assignments and reminders
  • Find out when a new security awareness course becomes active
Slack
Microsoft Active Directory and Office 365
Our integration with Microsoft Active Directory and Office 365 captures evidence related to the following framework / regulation requirements and controls:
Framework/Regulation Requirements:
  • CIS CSC 7.1 (14.6)
  • HIPAA (164.308, 164.310, 164.312)
  • ISO 27001 (A9.1.2, A9.4.1, A9.4.2)
  • NIST SP 800.171 (3.1.1, 3.5.2, 3.5.3, 3.5.4, 3.5.7, 3.5.8, 3.5.9, 3.7.5)
  • SOC 2 (CC6.1, CC6.3, CC8.1)
Microsoft Active Directory and Office 365

Human Resources

By integrating with your human resource applications such as BambooHR, we capture critical components of your security posture related to employee documentation including employee directories, onboarding and off-boarding, and personnel training status.

BambooHR
Zenefits
BambooHR

Our integration with BambooHR captures evidence related to the following framework / regulation requirements and controls:

  • CCPA (Checklist Item 1, 11)
  • CIS (17.3, 17.5, 17.6 17.7, 17.8, 17.9)
  • GDPR (Accountability and Governance Items 1, 4 and Data Security Item 4)
  • HIPAA (General Governance HIPAA Security Rule 1, 2, HIPAA 164-306,164-308, 164-314, 164-316, HIPAA Privacy Rule 3, 4,8, 9, HIPAA Administrative Safeguards 4, 5, 7, 10, 1, HIPAA Technical Safeguards 4)
  • ISO 27001 (A.7.2.2, A.5.1.2, A.8.1.4, A.6.1.4, A.5.1.1, A.12.1.1, A.6.1.1, A.8.3.1, A.9.2.1, A.9.1.1, A.7.1.1 A.6.1.5, A.9.2.2, A.13.2.3, A.16.1.3, A.13.2.4, A.7.2.1, A.17.1.2, A.18.1.4, A.7.3.1, A.13.1.1, A.9.2.6, A.12.7.1, A.7.2.3, A.7.1.2, A.8.1.3, A.6.1.2)
  • NIST SP 800-17 (3.9.1, 3.2.1, 3.1.4, 3.12.1, 3.2.2, 3.9.2)
  • PCI DSS v3.2.1 (1.5, 2.5, 3.7, 4.3, 5.4, 6.7, 7.3, 8.8, 9.1, 10.9, 11.6, 12.1, 12.4, 12.5, 12.6, 12.7)
  • PIPEDA Checklist (Item 1)
  • SOC 2 (C1.1, CC1.1,CC1.2, CC1.3, CC1.4, CC1.5, CC2.2, CC2.3, CC3.1, CC3.2, CC3.4, CC5.1, CC5.2, CC5.3)
BambooHR
Zenefits

Our integration with Zenefits captures evidence related to the following framework / regulation requirements and controls:

  • CCPA (Checklist Item 1, 11  )
  • CIS (17.3, 17.5, 17.6 17.7, 17.8, 17.9)
  • GDPR (Accountability and Governance Items 1, 4 and Data Security Item 4)
  • HIPAA (General Governance HIPAA Security Rule 1, 2, HIPAA 164-306,164-308, 164-314 & 164-316, HIPAA Privacy Rule 3, 4,8, 9, HIPAA Administrative Safeguards 4, 5, 7, 10, 11, HIPAA Technical Safeguards 4)
  • ISO 27001 (A.7.2.2, A.5.1.2, A.8.1.4, A.6.1.4, A.5.1.1, A.12.1.1, A.6.1.1, A.8.3.1, A.9.2.1, A.9.1.1, A.7.1.1 A.6.1.5, A.9.2.2, A.13.2.3, A.16.1.3, A.13.2.4, A.7.2.1, A.17.1.2, A.18.1.4, A.7.3.1, A.13.1.1, A.9.2.6, A.12.7.1, A.7.2.3, A.7.1.2, A.8.1.3, A.6.1.2)
  • NIST SP 800-17 (3.9.1, 3.2.1, 3.1.4, 3.12.1, 3.2.2, 3.9.2)
  • PCI DSS v3.2.1 (9.10, 6.7, 12.1, 4.3, 12.4,12.7, 1.5, 3.7, 5.4, 7.3, 12.6, 12.5, 11.6, 10.9, 2.5, 8.8)
  • PIPEDA Checklist (Item 1)
  • SOC 2 (CC1.4, CC5.2, CC3.2, CC2.2, CC1.5, CC5.1, CC3.4, CC1.2, CC1.3, CC5.3, CC2.3, CC3.1, CC1.1, C1.1)
Zenefits

Password Identity Management

By integrating with your password identity management applications such as Okta, we capture critical components of your security posture related to multi-factor authentication status, password complexity requirements, active user and admin lists, groups, and roles.

Okta
OneLogin
Okta

Our integration with Okta captures evidence related to the following framework / regulation requirements and controls:

  • CIS Implementation (4.2, 4.3, 14.6, 16.8, 16.9)
  • HIPAA (HIPAA 164-310,164-312, Administrative Safeguards 6, Physical Safeguards 3, Technical Safeguards 3, 5)
  • ISO 27001 (A.9.2.4, A.12.4.2, A.9.4.5, A.11.1.2, A.9.2.1, A.9.2.3, A.9.2.5, A.9.1.1, A.12.6.2, A.14.3.1, A.9.3.1, A.12.4.3, A.18.1.3, A.9.2.2, A.9.4.4, A.7.3.1, A.9.4.2, A.10.1.1, A.9.4.1, A.9.2.6, A.9.1.2, A.14.1.3, A.13.1.2, A.9.4.3, A.6.1.2)
  • NIST SP 800-171 (3.5.2, 3.8.5, 3.5.7, 3.5.8, 3.1.1, 3.13.3, 3.9.1, 3.5.9, 3.1.2, 3.10.1, 3.1.11, 3.5.3, 3.3.6,  3.1.22, 3.1.3, 3.1.10, 3.3.5, 3.4.5, 3.1.5, 3.8.2, 3.14.7, 3.7.5, 3.1.17, 3.7.6, 3.3.9, 3.1.15, 3.5.6, 3.3.1, 3.5.10, 3.9.2, 3.3.2, 3.5.4, 3.13.12, 3.3.8, 3.1.6, 3.1.8, 3.5.5)
  • PCI DSS v3.2.1 (8.4, 7.2, 8.3, 9.7, 2.3, 9.2, 8.2, 8.1, 8.5, 7.1, 10.1, 9.1, 10.5, 8.7, 10.7, 10.3, 12.5, 12.3, 8.6, 10.2)
  • SOC 2 (CC5.2, CC5.1, CC6.5, CC6.6, CC6.2, CC6.1)
Okta
OneLogin

Our integration with OneLogin captures evidence related to the following framework / regulation requirements and controls:

  • CIS Implementation (4.2, 4.3, 14.6, 16.8, 16.9)
  • HIPAA (164-310, 164-312, Administrative Safeguards 6, Physical Safeguards 3, Technical Safeguards 3, 5)
  • ISO 27001 (A.9.2.4, A.12.4.2, A.9.4.5, A.11.1.2, A.9.2.1, A.9.2.3, A.9.2.5, A.9.1.1, A.12.6.2, A.14.3.1, A.9.3.1, A.12.4.3, A.18.1.3, A.9.2.2, A.9.4.4, A.7.3.1, A.9.4.2, A.10.1.1, A.9.4.1, A.9.2.6, A.9.1.2, A.14.1.3, A.13.1.2, A.9.4.3, A.6.1.2)
  • GDPR (Accountability and Governance Items 1 and 4 / Data Security Item 4)
  • NIST SP 800-171 (3.1.7, 3.5.2, 3.8.5, 3.5.7, 3.5.8, 3.1.1, 3.13.3, 3.9.1, 3.5.9, 3.1.2, 3.10.1, 3.1.11, 3.5.3, 3.3.6,  3.1.22, 3.1.3, 3.1.10, 3.3.5, 3.4.5, 3.1.5, 3.8.2, 3.14.7, 3.7.5, 3.1.17, 3.7.6, 3.3.9, 3.1.15, 3.5.6, 3.3.1, 3.5.10, 3.9.2, 3.3.2, 3.5.4, 3.13.12, 3.3.8, 3.1.6, 3.1.8, 3.5.5)
  • PCI DSS v3.2.1 (8.4, 7.2, 8.3, 9.7, 2.3, 9.2, 8.2, 8.1, 8.5, 7.1, 10.1, 9.1, 10.5, 8.7, 10.7, 10.3, 12.5, 12.3, 8.6, 10.2)
  • SOC 2 (CC5.2, CC5.1, CC6.5, CC6.6, CC6.3, CC6.2, CC6.1)
OneLogin