# Matproof ## Docs - [Authentication & Getting Started](https://docs.matproof.com/api-reference/authentication.md): How to authenticate with the Matproof REST API, base URLs, headers, error handling, rate limits, and pagination. - [Create a finding](https://docs.matproof.com/api-reference/findings-create.md): Push a finding from an external scanner, audit, or custom check into Matproof's unified Findings view. - [List people](https://docs.matproof.com/api-reference/people-list.md): Get all members of an organization with their roles and basic profile data. - [Resource Reference](https://docs.matproof.com/api-reference/resources.md): Catalogue of every resource group exposed by the Matproof REST API — what each covers, common operations, and sample endpoints. - [List vendors](https://docs.matproof.com/api-reference/vendors-list.md): Retrieve the full vendor register including criticality, DPA status, and DORA Article 28 fields. - [Changelog](https://docs.matproof.com/changelog/overview.md): What's new in Matproof. - [Core Concepts](https://docs.matproof.com/concepts.md): Understand how Matproof structures compliance programs before diving into the features. - [Double Materiality Assessment](https://docs.matproof.com/csrd/double-materiality.md): How to complete your ESRS double materiality assessment in Matproof. - [ESRS Data Point Mapping](https://docs.matproof.com/csrd/esrs-mapping.md): See which ESRS disclosure requirements you've covered and what's missing. - [CSRD Module Overview](https://docs.matproof.com/csrd/overview.md): Collect ESG data from your entire supplier base and generate ESRS-compliant reports. - [CSRD Reporting](https://docs.matproof.com/csrd/reporting.md): Who must report, when, and how Matproof helps you prepare your CSRD report. - [Scope 3 GHG Calculations](https://docs.matproof.com/csrd/scope3-calculations.md): How Matproof calculates Scope 3 greenhouse gas emissions from supplier data. - [Supplier Questionnaires](https://docs.matproof.com/csrd/supplier-questionnaires.md): Automate ESG data collection from your supplier base using Matproof's questionnaire system. - [FAQ & Troubleshooting](https://docs.matproof.com/faq.md): Answers to the most common questions about using Matproof. - [AI Policy Editor](https://docs.matproof.com/features/ai-policy-editor.md): Generate and refine compliance policies with AI-powered suggestions, inline editing, and framework-aware content. - [Audit Programs](https://docs.matproof.com/features/audit-programs.md): Plan and execute internal compliance audits, manage findings, and generate audit reports. - [Audit Trail](https://docs.matproof.com/features/audit-trail.md): Immutable, tamper-proof log of every action taken in Matproof — who did what, and when. - [Cloud Tests](https://docs.matproof.com/features/cloud-tests.md): Automated infrastructure resilience testing for DORA compliance. - [Frameworks](https://docs.matproof.com/features/compliance-frameworks.md): How to add, manage, and gap-assess compliance frameworks in Matproof — and what's supported out of the box. - [Controls](https://docs.matproof.com/features/controls.md): The building blocks of every compliance framework — track status, assign owners, and link evidence. - [Corrective Actions](https://docs.matproof.com/features/corrective-actions.md): Track and resolve control gaps, audit findings, and risk deficiencies through to closure. - [CSRD Supply Chain Module](https://docs.matproof.com/features/csrd-supply-chain.md): End-to-end ESG data collection from your supplier base for CSRD reporting. - [Custom Frameworks](https://docs.matproof.com/features/custom-frameworks.md): Build your own compliance frameworks, transposition layers, or industry standards entirely in the Matproof UI. - [Device Agent](https://docs.matproof.com/features/device-agent.md): Endpoint compliance agent for macOS — runs native security checks every hour and matches installed software against the NVD CVE database. - [Evidence Collection](https://docs.matproof.com/features/evidence-collection.md): How Matproof collects evidence — automated from connected tools, from the device agent, from cloud and pen-tests, plus manual upload for the rest. - [Evidence Review](https://docs.matproof.com/features/evidence-review.md): Submit evidence for review, approve or reject submissions, and maintain a complete audit trail of all evidence decisions. - [Findings](https://docs.matproof.com/features/findings.md): Track gaps, non-conformities, and remediation across every framework, control, and audit in one unified view. - [Incidents](https://docs.matproof.com/features/incidents.md): Log, classify, and report ICT incidents in line with DORA requirements. - [Penetration Tests](https://docs.matproof.com/features/penetration-tests.md): Manage penetration testing programs with provider integration, finding tracking, and automated evidence collection. - [People](https://docs.matproof.com/features/people.md): Manage employees and devices for access reviews, security training, and offboarding compliance. - [Plans & Pricing](https://docs.matproof.com/features/plans.md): Compare Matproof Free, Starter, Professional, and Enterprise plans. - [Policy Management](https://docs.matproof.com/features/policy-management.md): AI-generated policies in 6 languages, mapped to your compliance frameworks, with versioning and acknowledgement tracking. - [AI Questionnaire](https://docs.matproof.com/features/questionnaire-ai.md): Auto-fill vendor security questionnaires and send assessments to your own vendors — powered by your existing controls and policies. - [Roles & Permissions](https://docs.matproof.com/features/rbac-roles.md): Role-based access control in Matproof — five built-in roles plus organization-defined custom roles. - [Risk Management](https://docs.matproof.com/features/risk-management.md): Identify, assess, and treat risks across your compliance program. - [Sentinel Methodology](https://docs.matproof.com/features/sentinel-methodology.md): How Matproof Sentinel runs penetration tests — the agents, the tools, what we test, what we don't claim, and how findings map to compliance frameworks. - [Trust Center](https://docs.matproof.com/features/trust-center.md): A public-facing security portal that shows customers and prospects your compliance posture. - [Vendor Risk Management](https://docs.matproof.com/features/vendor-risk.md): Manage third-party risk: GDPR Article 28 register, DORA ICT third-party risk, supplier questionnaires, sanctions screening. - [Getting Started with BaFin MaRisk](https://docs.matproof.com/frameworks/bafin-marisk.md): A practical guide to implementing BaFin MaRisk requirements for German banking and financial institutions using Matproof. - [Getting Started with CSRD](https://docs.matproof.com/frameworks/csrd.md): A step-by-step checklist for companies activating the CSRD framework in Matproof — from double materiality assessment to ESRS report generation. - [Getting Started with the Cyber Resilience Act](https://docs.matproof.com/frameworks/cyber-resilience-act.md): A practical guide to meeting CRA product security requirements for manufacturers, importers, and distributors of products with digital elements. - [Getting Started with DORA](https://docs.matproof.com/frameworks/dora.md): A step-by-step checklist for EU financial institutions and ICT providers activating the DORA framework in Matproof. - [EU AI Act](https://docs.matproof.com/frameworks/eu-ai-act.md): EU AI Act compliance - risk-based AI governance requirements - [Getting Started with GDPR](https://docs.matproof.com/frameworks/gdpr.md): How to use Matproof to document and maintain GDPR compliance for your organization. - [Getting Started with HIPAA](https://docs.matproof.com/frameworks/hipaa.md): A practical guide to meeting HIPAA requirements for covered entities and business associates using Matproof. - [Getting Started with ISO 27001](https://docs.matproof.com/frameworks/iso27001.md): A step-by-step guide to implementing ISO 27001 in Matproof and preparing for certification. - [Getting Started with ISO 42001](https://docs.matproof.com/frameworks/iso42001.md): A practical guide to building an AI management system aligned to ISO/IEC 42001 using Matproof. - [Getting Started with ISO 9001](https://docs.matproof.com/frameworks/iso9001.md): A practical guide to building a quality management system aligned to ISO 9001:2015 using Matproof. - [Getting Started with NEN 7510](https://docs.matproof.com/frameworks/nen7510.md): A practical guide to implementing NEN 7510 information security for Dutch healthcare organizations using Matproof. - [Getting Started with NIS2](https://docs.matproof.com/frameworks/nis2.md): A practical guide to meeting NIS2 obligations for essential and important entities using Matproof. - [Getting Started with NIST CSF and 800-53](https://docs.matproof.com/frameworks/nist.md): A practical guide to implementing NIST Cybersecurity Framework and NIST 800-53 security controls using Matproof. - [NIST SP 800-53](https://docs.matproof.com/frameworks/nist-800-53.md): NIST Special Publication 800-53 Revision 5 — security and privacy controls for federal information systems. - [Getting Started with PCI DSS](https://docs.matproof.com/frameworks/pci-dss.md): A practical guide to meeting PCI DSS v4.0 requirements for organizations that store, process, or transmit cardholder data using Matproof. - [Getting Started with SOC 2](https://docs.matproof.com/frameworks/soc2.md): How to prepare for and achieve SOC 2 Type I or Type II using Matproof. - [AI Providers (Anthropic, OpenAI, Hugging Face, W&B)](https://docs.matproof.com/integrations/ai-providers.md): Connect AI provider credentials so Matproof can produce automated EU AI Act and ISO 42001 evidence against your AI training and inference infrastructure. - [Aikido Security Integration](https://docs.matproof.com/integrations/aikido.md): Connect Aikido to ingest vulnerability scan results and repository security findings into Matproof's unified Findings view. - [API Integration](https://docs.matproof.com/integrations/api.md): Push evidence and data to Matproof via API. - [AWS Integration](https://docs.matproof.com/integrations/aws.md): Connect AWS to collect IAM, CloudTrail, and infrastructure security evidence automatically. - [Microsoft Entra ID (Azure AD) Integration](https://docs.matproof.com/integrations/azure-ad.md): Connect Microsoft Entra ID to collect identity, MFA, and conditional access evidence. - [Deel Integration](https://docs.matproof.com/integrations/deel.md): Connect Deel to sync your employee and contractor directory into Matproof — driving access reviews, training assignments, and offboarding automation. - [Google Cloud Platform Integration](https://docs.matproof.com/integrations/gcp.md): Connect GCP to collect IAM, Security Command Center, encryption, and audit-log evidence automatically. - [GitHub Integration](https://docs.matproof.com/integrations/github.md): Connect GitHub to automatically collect code security and access control evidence. - [Google Workspace Integration](https://docs.matproof.com/integrations/google-workspace.md): Connect Google Workspace to collect user access, MFA, and admin activity evidence. - [Jira Integration](https://docs.matproof.com/integrations/jira.md): Connect Jira to use it as evidence for change management and incident tracking controls. - [Integrations Overview](https://docs.matproof.com/integrations/overview.md): Connect your existing tools to automate evidence collection and reduce manual compliance work. - [Introduction](https://docs.matproof.com/introduction.md): Matproof is the compliance automation platform built for EU financial services and supply chain teams. - [Onboarding](https://docs.matproof.com/onboarding.md): What happens after you sign up — the setup wizard, your first week, and how to get to a moving compliance score. - [Quickstart](https://docs.matproof.com/quickstart.md): Get Matproof set up and your first compliance framework running in under 30 minutes. - [DORA Quickstart](https://docs.matproof.com/quickstarts/dora.md): Practical 90-day plan to get from sign-up to DORA-ready in Matproof — covering ICT risk management, third-party register, incident reporting, and operational resilience testing. - [GDPR Quickstart](https://docs.matproof.com/quickstarts/gdpr.md): Practical 60-day plan to get from sign-up to GDPR-ready in Matproof — covering Article 30 ROPA, Article 32 security measures, breach notification, DPIAs, and data-subject rights. - [NIS2 Quickstart](https://docs.matproof.com/quickstarts/nis2.md): Practical 60-day plan to get from sign-up to NIS2-ready in Matproof — covering Article 21 risk-management measures, Article 23 incident reporting, and management-body accountability. - [Roles and Permissions](https://docs.matproof.com/roles-and-permissions.md): Understand the four Matproof roles and how to invite team members and external auditors. - [Settings](https://docs.matproof.com/settings.md): Configure your Matproof workspace, API access, integrations, and AI context. ## OpenAPI Specs - [openapi](https://docs.matproof.com/openapi.json)