RegScale + Wiz = Continuous Authorization to Operate (cATO)

February 7, 2022 | By Anil Karmel

A growing number of organizations are discovering the advantages of cloud security with Wiz. The innovative cybersecurity provider allows these enterprises to rapidly uncover and eliminate critical risks in AWS, Google Cloud Platform, Microsoft Azure and Kubernetes environments. Ultimately, it enables companies to build out their cloud capabilities faster and more securely with increased transparency.

There’s also a compliance aspect to Wiz. Wiz maps industry standards and benchmarks (CIS, GDPR, NIST, PCI DSS, HIPAA, etc.) to continuously assess compliance posture across frameworks, projects, and subscriptions.

Strong cybersecurity and compliance put Wiz in good company with RegScale. RegScale is the only solution that holistically manages compliance at scale. The platform enables organizations of all sizes and across all industries to:

  • Serve as a digital system of record to create and manage compliance artifacts.
  • Integrate security and compliance tools in real-time via APIs.
  • Assess once and use that information across many compliance standards and frameworks.
  • Deploy in any environment, with secure tenants for every business unit.


Native Integration for Compliance at Enterprise Scale

Compliance teams in highly regulated industries such as finance, energy, healthcare and government often get bogged down with manual, repetitive and reactive processes. They struggle to capture and analyze data from various sites, monitoring systems and file repositories. They also must grapple with multiple systems for creating policies, maintaining evidence of implementation, tracking audits, managing issues and corrective actions and creating reports and compliance artifacts.

The result is a time-consuming, error-prone process. As a compliance professional or executive decision-maker, how do you monitor, log and integrate inputs from various data sources, and then apply outputs to various compliance frameworks? How do you identify and remediate gaps in your compliance posture? How do you deliver audit-ready compliance documentation on demand and achieve a continuous Authorization to Operate (cATO)?

These business-critical compliance considerations are exactly where the integration of RegScale and Wiz can help.

Wiz delivers complete visibility into the security of your cloud footprint. As part of its security assessment, it also automatically provides compliance analysis, mapping against standards such as NIST, CIS, GDPR, HIPAA, PCI DSS and more.

By natively integrating with Wiz, RegScale extends that compliance analysis to enterprise scale while merging automated assessments with traditional manual assessments for programmatic controls. Organizations who adopt both RegScale and Wiz can pull Wiz controls into their compliance-framework mapping on the RegScale platform to update their security documentation automatically by:

  • Parsing results from Wiz.
  • Creating assessments against the security controls.
  • Logging the resulting evidence.
  • Creating issues for remediation in both RegScale and ITIL platforms.
  • Dynamically updating system security plans and documentation in real-time.In addition, RegScale supports API integrations with scanners, CI/CD pipeline tools, and other systems and merges results of manual assessments to create a complete and continuous Authorization to Operate (ATO) package that is self-updating and near real-time. “Compliance has become the equal and opposite force to digital transformation. With our recent Wiz integration, we are another step closer to removing compliance as the bottle neck to rapid technology deployments,” said Travis Howerton, Chief Technology Officer (CTO) of RegScale. “We have to face the fact that we can’t afford to keep doing compliance the same way. Cyber professionals are too hard to find, their talent is too important to waste on remedial tasks, the risks are too high, and the impact on the business is too great. By combining Wiz and RegScale, we are beginning to make the dream of continuous ATO a reality.”


RegScale and Wiz are both designed to power collaboration between compliance teams and cybersecurity teams. Integration of the platforms enables the cybersecurity team to verify that compliance issues are logged appropriately, and that the compliance team will follow up with corrective actions.

Hear what Joint Customers and Industry leaders alike have to say about this partnership

“Managing Security and maintaining Compliance are two of the most important aspects of a CISO’s job” said a U.S. State Agency CISO, “With the seamless integration of tools like Wiz and RegScale continuous compliance platform, we now not only have a line of sight on the real-time state of our security but also the ability to dynamically generate formatted compliance documentation that is real-time, dynamic and complete to satisfy our various Federal Partners and Auditors”

“API-first integration strategies enable best-in-class companies to partner together for their customers with remarkable agility and security. Wiz and RegScale’s partnership is a case study in shifting security and compliance left rapidly.” Karl Mattson, CISO of NoName Security

The payoff? Higher accuracy of compliance documents, lower risk of audit failure, reduce manual labor costs, and the ability to continuously monitor your compliance controls to understand your organization’s compliance posture in real time; achieving a continuous Authorization to Operate.

Contact us today to schedule a demo and explore how RegScale integrated with Wiz can enable continuous compliance at your organization.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.