PolicyDiff

PolicyDiff is a web app (with optional CLI) that continuously detects “security architecture drift” between what your organization says it does (policies, standards, reference architectures) and what is actually deployed (cloud configs, network controls, IAM patterns). It ingests policy documents and architecture diagrams, maps requirements to concrete control checks, then runs scheduled validations across AWS/Azure/GCP and key SaaS. The output is a living, versioned “architecture-to-control” traceability matrix with diffs, ownership, and remediation tickets. This is not a full GRC suite: it focuses narrowly on keeping architecture decisions enforceable and current. An AI layer helps extract requirements from messy documents and propose control mappings, but every mapping is reviewable and auditable. The goal is fewer surprise findings, faster design reviews, and less tribal knowledge in security architecture.