Apologies for the shameless plugin. I generally don't do this, but I just thought our product might be relevant for the use case you mentioned. We do not compete with Credal, but at Adaptive [1], we have been building a platform that helps with infrastructure access management and allows users to automatically generate and collect evidence, especially for CC5 and CC6 (logical access). Vendor security questionnaires become easy to answer when we, as an organisation, use our product.
We have seen reproducibility and access auditability in organisations that adopt products that access schema and metadata from databases, compute infrastructures, etc. comforts customers. Your customers care about security incidents like unauthorised access, privilege abuse, accidental operations, insider threats, etc. on the vendor's side which in my opinion are real threats.
We have seen reproducibility and access auditability in organisations that adopt products that access schema and metadata from databases, compute infrastructures, etc. comforts customers. Your customers care about security incidents like unauthorised access, privilege abuse, accidental operations, insider threats, etc. on the vendor's side which in my opinion are real threats.
[1] http://adaptive.live