TGS:001:2026 · Published 2026-04-25
The IFO4 Tool
Grading Standard
90 items. Each one a test case a vendor either passes, partially passes, or fails. Each one carries a requirement, detection method, actionability bar, automation level, evidence requirement, and enterprise expectation. Vendors design toward this. Customers cite it in RFPs. Evidence is judged against it.
Financial Operations
Financial Visibility · 12 items
TGS-FIN-V-01Multi-Cloud Cost Ingestionweight 3⚫
Ingest billing + usage data from AWS, Azure, GCP, OCI into a single normalized data model.
Requirement
Tool ingests cost AND usage data from at least three of the four major hyperscalers (AWS, Azure, GCP, OCI). Data refresh interval published. Schema normalization documented and aligned to FOCUS where possible.
Enterprise Expectation
All four major hyperscalers ingested with documented schema and sub-24hr refresh.
Detection Method
- Connector configuration screen
- Documented connector list
- Live data refresh timestamps
- API: GET /connectors
Actionability
- Identify ingestion gaps
- Trigger backfill
- Show stale-data warnings to users
Evidence Required
- Screenshot of connector configuration
- Sample normalized output schema
- Refresh-interval documentation
Automation Level
- automated
TGS-FIN-V-02Usage Data Completenessweight 3⚫
All cost lines come paired with usage data sufficient to drive optimization recommendations.
Requirement
For 95%+ of cost lines, the platform has the underlying usage record (vCPU-hours, GB-months, requests, tokens). Coverage gaps surfaced explicitly.
Enterprise Expectation
95%+ of cost has joined usage data; coverage report exposed to user.
Detection Method
- Sample 100 cost lines, verify usage record presence
- API: GET /usage/{lineId}
- Coverage report
Actionability
- Identify untracked workloads
- Prioritize ingestion fixes
Evidence Required
- Coverage report screenshot
- Sample line-to-usage join
Automation Level
- automated
TGS-FIN-V-03SaaS Spend Ingestionweight 2⚫
Ingest SaaS subscription cost + usage from finance, SSO, and direct vendor integrations.
Requirement
At least 50 SaaS app integrations OR direct ingestion from finance / SSO sources. Per-user / per-license attribution where the source supports it.
Enterprise Expectation
Top-200 enterprise SaaS apps covered with per-license utilization.
Detection Method
- Documented integration catalog
- Live test of SaaS connector
- License utilization report
Actionability
- Identify shadow IT
- Reclaim unused licenses
- Renewal alerts
Evidence Required
- Connector list
- Sample license-utilization report
Automation Level
- assisted
- automated
TGS-FIN-V-04Kubernetes Cost Visibilityweight 3⚫
Per-namespace, per-workload, per-pod cost attribution inside K8s clusters across cloud and on-prem.
Requirement
Tool reports cost at namespace, workload, and pod granularity. Supports labels and annotations for allocation. Network and shared-cost attribution documented.
Enterprise Expectation
Pod-level granularity, label-based allocation, multi-cluster aggregation.
Detection Method
- K8s connector deployment
- Namespace-level cost breakdown
- Sample allocation rules
Actionability
- Drive K8s rightsizing
- Allocate platform overhead
Evidence Required
- Namespace cost screenshot
- Allocation rule export
Automation Level
- automated
TGS-FIN-V-05On-Prem / DC Cost Modelingweight 2⚫
Datacenter, private cloud, and colo cost modeling unified with public cloud cost.
Requirement
Tool ingests or models on-prem cost (compute, storage, network, facilities) and presents alongside cloud costs in a unified view.
Enterprise Expectation
On-prem modeled with documented allocation methodology.
Detection Method
- On-prem connector or model documentation
- Unified report including DC line items
Actionability
- TCO comparisons
- Repatriation analysis
- Capacity planning
Evidence Required
- Unified DC + cloud report
- Cost-model documentation
Automation Level
- manual
- assisted
TGS-FIN-V-06Real-Time Reportingweight 2⚫
Sub-day cost telemetry rather than batch refresh.
Requirement
Cost data refreshes at least every 24 hours by default; incremental updates within 6 hours where the source supports it.
Enterprise Expectation
At least daily refresh; ideally hourly for cost anomalies.
Detection Method
- Refresh-interval setting
- Live data freshness indicator
- API: GET /freshness
Actionability
- Detect anomalies sooner
- Catch cost spikes mid-day
Evidence Required
- Freshness indicator screenshot
- Refresh schedule docs
Automation Level
- automated
TGS-FIN-V-07Data Freshness Transparencyweight 1⚫
User can see exactly when each cost line was last refreshed.
Requirement
Every cost line / report exposes a "last refreshed" timestamp. Stale-data warnings shown when refresh exceeds expected interval.
Enterprise Expectation
Per-line freshness exposed; auto-alerts when >2x expected interval.
Detection Method
- Hover-over freshness on report cells
- Stale-data banners
- API: GET /freshness?line=
Actionability
- Trust signals
- Alert when source is broken
Evidence Required
- Screenshot of freshness indicator on a report
Automation Level
- automated
TGS-FIN-V-08Invoice Reconciliationweight 2⚫
Match ingested cost to actual cloud invoices and surface deltas.
Requirement
Tool reconciles ingested cost to monthly cloud invoices and surfaces discrepancies above a threshold (e.g. >0.5%).
Enterprise Expectation
Auto-reconciliation with anomaly thresholds and audit log.
Detection Method
- Invoice reconciliation report
- Delta surfacing UI
Actionability
- Catch billing errors
- Defend audit positions
Evidence Required
- Reconciliation report screenshot
Automation Level
- automated
TGS-FIN-V-09Resource-Level Visibilityweight 2⚫
Drill from invoice down to individual resource (instance, bucket, function, pod).
Requirement
User can navigate from a service-level cost down to the individual resource(s) driving it.
Enterprise Expectation
Two-click drill from any service line to the underlying resource.
Detection Method
- Drilldown UI flow
- Resource detail pages
Actionability
- Pinpoint specific waste
- Tag corrections
Evidence Required
- Drilldown flow screenshots
Automation Level
- automated
TGS-FIN-V-10Service-Level Breakdownweight 1⚫
Cost split by cloud service (EC2, S3, Lambda, BigQuery, etc.) with deep service taxonomy.
Requirement
Cost is broken down by service with hierarchy (e.g., EC2 → instance type → region → AZ).
Enterprise Expectation
Hierarchical service taxonomy across all ingested clouds.
Detection Method
- Service-level reports
- Custom grouping UI
Actionability
- Identify service-level optimization targets
Evidence Required
- Hierarchical service breakdown screenshot
Automation Level
- automated
TGS-FIN-V-11Region / Account Visibilityweight 2⚫
Multi-region, multi-account, multi-subscription views with org-aware hierarchy.
Requirement
Tool models cloud account hierarchy (AWS Organizations, Azure Management Groups, GCP Folders) and aggregates by region and account level.
Enterprise Expectation
Native ingestion of cloud-org hierarchy with multi-level rollup.
Detection Method
- Account hierarchy tree
- Region-level reports
Actionability
- Roll up by org structure
- Detect cross-account anomalies
Evidence Required
- Account hierarchy screenshot
Automation Level
- automated
TGS-FIN-V-12Cross-Environment Aggregationweight 1⚫
Roll up dev / staging / prod or business-unit views with consistent allocation.
Requirement
Tool aggregates costs across environments / business units using configurable rules consistent with allocation logic.
Enterprise Expectation
Custom views with consistent allocation across environments and BUs.
Detection Method
- Custom view builder
- Environment-aware reports
Actionability
- BU rollups
- Environment cost comparison
Evidence Required
- Custom rollup view screenshot
Automation Level
- automated
Allocation & Attribution · 10 items
TGS-FIN-A-01Tag-Based Allocationweight 3⚫
Group cost by cloud-resource tags / labels.
Requirement
Tool supports cost grouping and filtering by all cloud-native tags / labels with mapping for inconsistent tagging.
Enterprise Expectation
Multi-tag combinations with virtual tags / business mapping.
Detection Method
- Tag explorer UI
- Tag-based custom views
Actionability
- Allocate by team / app / cost-center
Evidence Required
- Tag-based view screenshot
Automation Level
- automated
TGS-FIN-A-02Label-Based Allocation (K8s)weight 2⚫
K8s / cluster label allocation distinct from cloud tags.
Requirement
Per-namespace, per-deployment, per-pod label-based allocation surfaces cost by Kubernetes labels.
Enterprise Expectation
Multi-label combinations with virtual / fallback handling.
Detection Method
- Label explorer in K8s view
Actionability
- Allocate K8s costs by team / app / env
Evidence Required
- K8s label allocation report
Automation Level
- automated
TGS-FIN-A-03Account / Subscription Allocationweight 1⚫
Allocate by AWS account / Azure subscription / GCP project.
Requirement
Tool can allocate based on cloud account / subscription / project boundaries.
Enterprise Expectation
Account-based allocation aligned to org-hierarchy rules.
Detection Method
- Account-aware views
- Org hierarchy navigation
Actionability
- BU rollups using account boundaries
Evidence Required
- Account-level allocation screenshot
Automation Level
- automated
TGS-FIN-A-04Shared Cost Allocationweight 3⚫
Distribute platform / network / shared cost across consumers using configurable rules.
Requirement
Tool supports configurable shared-cost models (proportional, fixed, custom) with audit trail of how shared costs were distributed.
Enterprise Expectation
Multi-method allocation, configurable rules, audit log.
Detection Method
- Allocation rule editor
- Shared-cost report with traceability
Actionability
- Fair distribution of platform overhead
Evidence Required
- Allocation rule definition + before/after report
Automation Level
- automated
TGS-FIN-A-05Platform Allocation (K8s / Network)weight 2⚫
Per-consumer allocation of K8s control-plane and network costs.
Requirement
Cluster control-plane cost, ingress / egress, and shared K8s services are allocated per namespace / workload using documented rules.
Enterprise Expectation
Configurable platform-cost rules with documented methodology.
Detection Method
- Platform-cost rule definition
- Per-namespace shared-cost report
Actionability
- Charge platform overhead to consumers
Evidence Required
- Platform-cost allocation report
Automation Level
- automated
TGS-FIN-A-06Proportional Allocationweight 1⚫
Distribute costs by configurable ratios.
Requirement
Tool supports proportional allocation rules driven by usage metrics (vCPU-hours, GB-months, requests).
Enterprise Expectation
Multi-driver proportional allocation with combined-driver support.
Detection Method
- Allocation rule editor with proportional option
Actionability
- Drive cost-by-consumption for shared platforms
Evidence Required
- Proportional rule example
Automation Level
- automated
TGS-FIN-A-07Fixed Allocationweight 1⚫
Static dollar amounts assigned to consumers.
Requirement
Tool supports fixed-amount allocation rules with effective-from/to dates.
Enterprise Expectation
Date-bounded fixed allocation rules with audit trail.
Detection Method
- Allocation rule editor with fixed option
Actionability
- Assign hard-coded amounts where business agreements dictate
Evidence Required
- Fixed-allocation rule + report
Automation Level
- automated
TGS-FIN-A-08Untagged Cost Handlingweight 2⚫
Surface and route untagged / unallocated cost.
Requirement
Untagged / unallocated cost is surfaced explicitly with magnitude and trend; can be routed to a fallback owner via configurable rule.
Enterprise Expectation
Untagged % below 5% across all cost; explicit fallback owner.
Detection Method
- Untagged report
- Fallback owner rule
Actionability
- Drive tagging compliance
Evidence Required
- Untagged cost report
Automation Level
- automated
TGS-FIN-A-09Chargeback Readinessweight 2⚫
Generate invoices to internal cost-centers in finance-grade format.
Requirement
Tool produces chargeback statements per cost-center suitable for ERP import. Includes period, amount, breakdown, and reference to source data.
Enterprise Expectation
ERP-ready statement export, configurable cost-center taxonomy.
Detection Method
- Chargeback statement export
- ERP integration
Actionability
- Drive showback → chargeback transitions
Evidence Required
- Sample chargeback statement export
Automation Level
- automated
TGS-FIN-A-10Allocation Audit Trailweight 1⚫
Log every change to allocation rules with attribution and effective dates.
Requirement
Every allocation rule change recorded with user, timestamp, before/after state, and effective-from/to dates.
Enterprise Expectation
Tamper-resistant log; ability to reproduce historical allocations.
Detection Method
- Audit log UI
- API: GET /audit/allocation
Actionability
- Defend audits
- Reproduce historical allocations
Evidence Required
- Audit log export
Automation Level
- automated
Optimization · 12 items
TGS-FIN-O-01Orphaned Resource Detectionweight 2⚫
Detect unattached storage, unused IPs, orphaned snapshots.
Requirement
Tool detects orphaned resources across all supported clouds and regions, with cost impact and ownership mapping where tags exist.
Enterprise Expectation
<5% orphan share in production; full multi-region visibility.
Detection Method
- API-based polling of cloud resources
- Cross-check against attachment state
- Inactivity threshold configurable
Actionability
- Show resources, cost/month, region
- Recommend deletion or archive
- Allow owner assignment
Evidence Required
- Orphaned resource list
- Cost estimate
- Action history
Automation Level
- manual
- assisted
- automated
TGS-FIN-O-02Idle vs Underutilized Separationweight 2⚫
Distinguish "doing nothing" from "doing too little".
Requirement
Tool classifies resources as idle (zero useful work) vs underutilized (work below threshold) using documented metrics.
Enterprise Expectation
Documented thresholds, configurable, surfaced separately.
Detection Method
- Utilization analysis with classification thresholds
- Per-resource label of idle vs underutil
Actionability
- Different remediation paths for idle vs underutil
Evidence Required
- Classification methodology + sample list
Automation Level
- assisted
- automated
TGS-FIN-O-03Storage Waste Classificationweight 1⚫
Tier storage by access pattern, identify cold-on-hot waste.
Requirement
Tool reports storage by access tier and identifies opportunities to demote hot/warm to colder tiers.
Enterprise Expectation
Multi-cloud tier optimization with lifecycle automation.
Detection Method
- Access-pattern analysis
- Lifecycle policy gap report
Actionability
- Recommend lifecycle policies
- Estimate savings
Evidence Required
- Access-tier report + savings estimate
Automation Level
- assisted
- automated
TGS-FIN-O-04Compute Rightsizingweight 3⚫
CPU / memory / network analysis driving instance recommendations.
Requirement
Tool recommends instance changes based on at least 7-30 days of utilization analysis. Recommendations include type, expected savings, and risk indicator.
Enterprise Expectation
Continuous coverage; >10-20% savings realization on accepted recs.
Detection Method
- Recommendation list
- Utilization graphs
Actionability
- Recommend instance type change
- Show expected savings
- Show performance-risk indicator
Evidence Required
- Before/after utilization graphs
- Savings estimate
- Applied change logs
Automation Level
- assisted
- automated
TGS-FIN-O-05Storage Rightsizingweight 1⚫
Volume / tier recommendations.
Requirement
Tool analyzes volume IOPS, throughput, and capacity to recommend volume-type changes and capacity reductions.
Enterprise Expectation
IOPS and throughput aware recommendations.
Detection Method
- Storage rec list
- Per-volume utilization
Actionability
- Recommend volume type / capacity change
Evidence Required
- Volume rightsize report
Automation Level
- assisted
- automated
TGS-FIN-O-06Instance Family Upgradesweight 1⚫
Recommend newer-generation families for cost / perf gains.
Requirement
Tool detects opportunities to migrate to newer generations (e.g., m5 → m7g) with quantified savings.
Enterprise Expectation
Coverage across all major instance families and ARM transitions.
Detection Method
- Family upgrade rec list
Actionability
- Recommend family upgrade
- Show savings + perf delta
Evidence Required
- Upgrade recs + savings
Automation Level
- assisted
- automated
TGS-FIN-O-07Architecture-Level Inefficiencyweight 2⚫
Detect inefficient design patterns, not just resource sizing.
Requirement
Tool identifies architecture-level waste: over-provisioned multi-AZ, NAT gateway abuse, redundant data transfer, hot-on-hot storage paths.
Enterprise Expectation
Detected patterns linked to remediation playbooks.
Detection Method
- Architecture review report
- Pattern detection rules
Actionability
- Architecture-level recommendations
Evidence Required
- Pattern detection report
Automation Level
- assisted
TGS-FIN-O-08RI / SP / CUD Recommendationsweight 3⚫
Recommend reserved capacity / savings plans / committed use discounts.
Requirement
Tool recommends commitments based on usage patterns. Includes term, payment option, and risk-adjusted savings.
Enterprise Expectation
Multi-cloud commitment optimization with risk-aware modeling.
Detection Method
- Commitment rec list
- Risk modeling
Actionability
- Purchase recommendations
- Show savings + risk profile
Evidence Required
- Commitment rec + risk profile
Automation Level
- assisted
- automated
TGS-FIN-O-09Commitment Coverage Analysisweight 2⚫
Track how much of spend is covered by commitments.
Requirement
Tool reports coverage % of on-demand spend by commitments, with trend over time.
Enterprise Expectation
>70% coverage tracked with ESR transparency.
Detection Method
- Coverage dashboard
Actionability
- Identify under-coverage
- Track ESR (effective savings rate)
Evidence Required
- Coverage dashboard screenshot
Automation Level
- automated
TGS-FIN-O-10Spot / Preemptible Viabilityweight 2⚫
Classify workloads as spot-suitable.
Requirement
Tool classifies workloads by fault tolerance, recommends spot/preemptible candidates, and estimates savings.
Enterprise Expectation
20-50% of eligible workloads optimized; controlled interruption handling.
Detection Method
- Spot suitability report
Actionability
- Migration guidance
- Savings estimate
Evidence Required
- Workload classification report
Automation Level
- assisted
- automated
TGS-FIN-O-11Auto-Remediationweight 3⚫
Programmatically apply fixes (terminate, resize, retire).
Requirement
Tool can apply remediation actions under guardrail policies with approval workflows and rollback paths.
Enterprise Expectation
Multi-step approval, audit trail, rollback within 24hr.
Detection Method
- Auto-action policies
- Action history with rollback evidence
Actionability
- One-click apply or fully automated
Evidence Required
- Policy definition + action log
Automation Level
- automated
TGS-FIN-O-12Savings Validationweight 2⚫
Verify recommended savings actually realized.
Requirement
Tool tracks recommendation acceptance, applied vs not-applied, and measures realized savings against estimate.
Enterprise Expectation
+/-15% accuracy of estimates vs realized within 90 days.
Detection Method
- Realized savings dashboard
Actionability
- Quantify FinOps team value
- Adjust rec models
Evidence Required
- Realized vs projected report
Automation Level
- automated
Forecasting · 8 items
TGS-FIN-F-01Spend Forecastingweight 2⚫
Project future spend across horizons.
Requirement
Tool forecasts spend at 30/90/365 day horizons with confidence intervals.
Enterprise Expectation
Confidence intervals, BU-level forecasts, scenario inputs.
Detection Method
- Forecast report with intervals
Actionability
- Budget planning
- Anomaly anticipation
Evidence Required
- Forecast vs actual chart
Automation Level
- automated
TGS-FIN-F-02Usage Forecastingweight 1⚫
Project future consumption (vCPU-hours, GB-months, tokens).
Requirement
Forecasts in usage units, not just dollars, supporting capacity planning.
Enterprise Expectation
Usage-unit forecasts at primary cost-driver granularity.
Detection Method
- Usage-unit forecast
Actionability
- Capacity reservation planning
Evidence Required
- Usage forecast vs actual
Automation Level
- automated
TGS-FIN-F-03Forecast vs Actual Trackingweight 1⚫
Track and explain forecast accuracy over time.
Requirement
Tool reports forecast accuracy by horizon and explains drivers of deviation.
Enterprise Expectation
+/-5% accuracy at 30 days; +/-15% at 365 days.
Detection Method
- Accuracy dashboard
Actionability
- Improve forecast models
Evidence Required
- Accuracy chart
Automation Level
- automated
TGS-FIN-F-04Budget Integrationweight 2⚫
Connect to FP&A budgets, enforce limits.
Requirement
Tool consumes budget targets from FP&A systems and produces variance reporting and alerts.
Enterprise Expectation
Bidirectional integration with major FP&A platforms.
Detection Method
- FP&A integration setup
- Variance reports
Actionability
- Detect overruns
- Drive enforcement
Evidence Required
- Variance report screenshot
Automation Level
- automated
TGS-FIN-F-05Scenario Modelingweight 1⚫
What-if cost simulations.
Requirement
Tool supports scenario modeling: change inputs (commitment, growth rate, RI strategy) and project outcomes.
Enterprise Expectation
Multi-scenario comparison with narrative explanations.
Detection Method
- Scenario builder UI
Actionability
- Decision support
Evidence Required
- Scenario comparison report
Automation Level
- assisted
TGS-FIN-F-06Business Driver Modelingweight 1⚫
Tie cost forecasts to business drivers (orders, users, transactions).
Requirement
Tool can express forecasts as functions of business drivers (e.g., cost per active user) and forecast based on driver projections.
Enterprise Expectation
Multi-driver models with elasticity calibration.
Detection Method
- Driver-based forecast UI
Actionability
- Unit economics
- Strategic planning
Evidence Required
- Driver-based forecast example
Automation Level
- assisted
TGS-FIN-F-07ERP Alignmentweight 1⚫
Sync to NetSuite / SAP / Workday / Oracle ERP.
Requirement
Tool integrates with major ERPs for chart-of-accounts mapping, journal entries, and cost-center sync.
Enterprise Expectation
Bidirectional sync with audit log.
Detection Method
- ERP integration setup
- Sync history
Actionability
- Reduce manual reconciliation
Evidence Required
- ERP integration screenshot
Automation Level
- automated
TGS-FIN-F-08Renewal Forecastingweight 1⚫
Project SaaS / commitment / license renewals.
Requirement
Tool tracks upcoming renewals with cost impact, utilization signal, and recommended action.
Enterprise Expectation
Coverage of all major SaaS + cloud commitments with negotiation insights.
Detection Method
- Renewal calendar UI
Actionability
- Negotiation prep
- Drop / renegotiate decisions
Evidence Required
- Renewal calendar screenshot
Automation Level
- automated
Automation · 6 items
TGS-FIN-AU-01Event-Driven Automationweight 2⚫
Webhook / event-bus triggers for cost actions.
Requirement
Tool emits events (cost anomaly, threshold breach, rec accepted) to webhooks / event bus.
Enterprise Expectation
HMAC-signed events, retry logic, deliverability metrics.
Detection Method
- Webhook config
- Event bus integration docs
Actionability
- Drive downstream automation
Evidence Required
- Sample webhook payload
Automation Level
- automated
TGS-FIN-AU-02Workflow / Ticketing Integrationweight 2⚫
Jira / ServiceNow / Asana / Linear integrations.
Requirement
Tool can create tickets, update status, and resolve based on cost events.
Enterprise Expectation
Bidirectional sync with status and resolution tracking.
Detection Method
- Integration setup screen
- Ticket creation logs
Actionability
- Engineering accountability
Evidence Required
- Ticket creation example
Automation Level
- automated
TGS-FIN-AU-03API Completenessweight 1⚫
Public REST / GraphQL covering all UI features.
Requirement
All major UI features have programmatic equivalents in the API. API documented and versioned.
Enterprise Expectation
OpenAPI / GraphQL schema, versioning, deprecation policy.
Detection Method
- API documentation review
- Feature parity check
Actionability
- Programmatic integration
Evidence Required
- API doc URL
- API versioning policy
Automation Level
- automated
TGS-FIN-AU-04IaC Integrationweight 1⚫
Terraform / Pulumi / CloudFormation integration for cost gating.
Requirement
Tool integrates with IaC pipelines to flag or block changes that exceed cost thresholds.
Enterprise Expectation
Coverage of major IaC tools with policy enforcement.
Detection Method
- IaC plugin docs
- PR comment example
Actionability
- Pre-deploy cost gating
Evidence Required
- IaC integration screenshot
Automation Level
- assisted
- automated
TGS-FIN-AU-05Auto-Terminationweight 2⚫
Programmatic shutdown of idle / orphaned resources.
Requirement
Tool can auto-terminate resources under guardrail policies with notification + rollback.
Enterprise Expectation
Multi-step approval, scheduled execution, rollback log.
Detection Method
- Termination policy config
- Action history
Actionability
- Automated waste cleanup
Evidence Required
- Termination policy + history
Automation Level
- automated
TGS-FIN-AU-06Auto-Resize w/ Guardrailsweight 2⚫
Automatic resizing under safety policies.
Requirement
Tool can resize resources automatically with workload-aware guardrails (peak protection, change windows).
Enterprise Expectation
Workload-aware guardrails, change windows, instant rollback.
Detection Method
- Resize policy config
- Action history
Actionability
- Automated rightsizing
Evidence Required
- Resize policy + history
Automation Level
- automated
Governance · 6 items
TGS-FIN-G-01Policy Enforcementweight 3⚫
Codified rules that block / quarantine non-compliant cost.
Requirement
Tool supports policy-as-code (or equivalent) for cost rules with detect / warn / block actions.
Enterprise Expectation
Multi-action policies, version control, audit log.
Detection Method
- Policy editor
- Enforcement log
Actionability
- Codified governance
Evidence Required
- Policy definition + enforcement event
Automation Level
- automated
TGS-FIN-G-02RBACweight 2⚫
Role-based access control with org-hierarchy support.
Requirement
Granular RBAC mapped to org hierarchy with custom roles supported.
Enterprise Expectation
SAML/SCIM, attribute-based access, custom roles.
Detection Method
- Role editor
- Permission matrix
Actionability
- Least-privilege access
Evidence Required
- Role configuration screenshot
Automation Level
- automated
TGS-FIN-G-03Approval Workflowsweight 2⚫
Multi-step approval flows for actions / budget overrides.
Requirement
Tool supports configurable multi-step approval workflows with reminders and escalation.
Enterprise Expectation
Multi-stage with delegation, reminders, escalation policies.
Detection Method
- Workflow editor
- Approval history
Actionability
- Drive accountability
- Defend audit
Evidence Required
- Workflow config + approval log
Automation Level
- automated
TGS-FIN-G-04Audit Logsweight 2⚫
Immutable record of all user / system actions.
Requirement
Tool produces an immutable, tamper-resistant audit log of all user and system actions, retained per policy.
Enterprise Expectation
Tamper-resistance, SIEM integration, retention policy.
Detection Method
- Audit log UI
- Export to SIEM
Actionability
- Compliance defense
Evidence Required
- Audit log export
Automation Level
- automated
TGS-FIN-G-05Anomaly Detectionweight 2⚫
ML / heuristic detection of cost anomalies.
Requirement
Tool detects cost anomalies with configurable sensitivity and routes alerts to owners.
Enterprise Expectation
Multi-dimensional anomaly detection, owner routing, deduplication.
Detection Method
- Anomaly UI
- Alert routing
Actionability
- Catch surprises early
Evidence Required
- Anomaly history with resolution
Automation Level
- automated
TGS-FIN-G-06Compliance Alignmentweight 2⚫
Mapping to SOC 2 / ISO 27001 / FedRAMP / HIPAA.
Requirement
Tool publishes attestations and maps controls to common compliance frameworks.
Enterprise Expectation
SOC 2 Type II minimum; FedRAMP if public sector targeted.
Detection Method
- Compliance attestations
- Control mapping doc
Actionability
- Reduce audit prep
Evidence Required
- Attestation reports
Automation Level
- manual
AI Economics · 6 items
TGS-FIN-AI-01Token Cost Trackingweight 3⚫
Per-call token-cost telemetry across LLM providers.
Requirement
Tool tracks input + output tokens per call across at least three major LLM providers with cost overlay.
Enterprise Expectation
OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, GCP Gemini coverage minimum.
Detection Method
- Token-cost dashboard
- Provider integration list
Actionability
- Right-model selection
- Caching optimization
Evidence Required
- Token-cost report screenshot
Automation Level
- automated
TGS-FIN-AI-02Model-Level Attributionweight 2⚫
Cost attributed per model version / variant.
Requirement
Tool tracks model name and version per call, with cost attribution at the model-version level.
Enterprise Expectation
Granular model-version tracking with version transitions captured.
Detection Method
- Model version breakdown
Actionability
- Compare model variants
- Cost-aware routing
Evidence Required
- Model-level cost report
Automation Level
- automated
TGS-FIN-AI-03GPU Utilization Trackingweight 2⚫
GPU memory / SM utilization with cost overlay.
Requirement
Tool tracks GPU utilization (SM, memory, NVLink) and overlays cost per workload.
Enterprise Expectation
Per-job, per-cluster GPU utilization with cost overlay.
Detection Method
- GPU dashboard
Actionability
- Detect underutilized GPUs
- Right-shape workloads
Evidence Required
- GPU utilization + cost screenshot
Automation Level
- automated
TGS-FIN-AI-04Training vs Inference Separationweight 1⚫
Split training cost from inference cost cleanly.
Requirement
Tool separates training vs inference workloads in cost reporting with documented classification.
Enterprise Expectation
Auto-classification with manual override.
Detection Method
- Training/inference split UI
Actionability
- Different optimization paths
Evidence Required
- Split cost report
Automation Level
- automated
TGS-FIN-AI-05Agent Cost Trackingweight 2⚫
Per-agent / per-task cost for autonomous AI workflows.
Requirement
Tool tracks cost per agent run / per task with hierarchical attribution to chains and tools.
Enterprise Expectation
Multi-step traces with retry / fallback cost included.
Detection Method
- Agent-cost dashboard
Actionability
- Optimize agent design
Evidence Required
- Agent-run cost trace
Automation Level
- automated
TGS-FIN-AI-06AI ROI Measurementweight 2⚫
Tie model cost to business outcomes (deflection, retention, automation).
Requirement
Tool can correlate AI workload cost with documented business outcomes.
Enterprise Expectation
Outcome-bound ROI tracking with auditable methodology.
Detection Method
- ROI report definition
Actionability
- Defend AI investment
Evidence Required
- ROI report sample
Automation Level
- assisted
Security Operations
Threat Detection · 8 items
TGS-SEC-T-01SIEM Ingestion Breadthweight 2⚫
Range of sources / formats the SIEM ingests cleanly.
Requirement
Tool ingests from at least 100 documented sources covering major cloud, identity, endpoint, network, and SaaS sources.
Enterprise Expectation
500+ connectors with parsing modules.
Detection Method
- Connector catalog
- Sample ingestion test
Actionability
- Coverage planning
Evidence Required
- Connector catalog list
Automation Level
- automated
TGS-SEC-T-02Detection Rule Coverageweight 3⚫
Out-of-the-box and custom detection rule library.
Requirement
Tool ships at least 500 OOTB rules covering major MITRE techniques, with custom-rule editor.
Enterprise Expectation
1000+ OOTB rules; documented update cadence.
Detection Method
- Rule library
- MITRE coverage chart
Actionability
- Drive detection coverage
Evidence Required
- Rule library screenshot
- MITRE coverage chart
Automation Level
- automated
TGS-SEC-T-03MITRE ATT&CK Mappingweight 2⚫
Detections mapped to MITRE ATT&CK techniques.
Requirement
Each detection rule is mapped to MITRE ATT&CK techniques with sub-technique granularity.
Enterprise Expectation
Sub-technique granularity with current MITRE version.
Detection Method
- Per-rule MITRE field
- MITRE coverage UI
Actionability
- Risk-based prioritization
Evidence Required
- Per-rule MITRE example
Automation Level
- automated
TGS-SEC-T-04Behavioral Analytics (UEBA)weight 2⚫
User / entity behavioral anomaly detection.
Requirement
Tool builds behavioral baselines per user and entity, detects deviations, and surfaces them with confidence scores.
Enterprise Expectation
Multi-entity baselining, configurable sensitivity.
Detection Method
- UEBA dashboard
- Per-entity baselines
Actionability
- Catch insider threats
- Catch credential abuse
Evidence Required
- UEBA detection example
Automation Level
- automated
TGS-SEC-T-05Cross-Source Correlationweight 2⚫
Correlate signals across multiple data sources.
Requirement
Tool correlates detections across sources (endpoint + identity + network) into unified incidents.
Enterprise Expectation
Configurable correlation graphs with deduplication.
Detection Method
- Correlation rule editor
- Incident UI
Actionability
- Reduce alert volume
- Higher signal
Evidence Required
- Multi-source incident example
Automation Level
- automated
TGS-SEC-T-06MTTD / MTTR Trackingweight 1⚫
Mean time to detect / respond reporting.
Requirement
Tool reports MTTD/MTTR with breakdown by detection type and severity.
Enterprise Expectation
Auto-tracked, broken down by severity, exportable.
Detection Method
- SOC metrics dashboard
Actionability
- Track SOC performance
Evidence Required
- MTTD/MTTR report
Automation Level
- automated
TGS-SEC-T-07Auto-Response Playbooksweight 2⚫
SOAR-style automated response playbooks.
Requirement
Tool can execute multi-step response playbooks (isolate host, revoke session, notify) with approval gates.
Enterprise Expectation
50+ OOTB playbooks; visual editor; approval gates.
Detection Method
- Playbook library
- Execution log
Actionability
- Accelerate IR
Evidence Required
- Playbook + execution log
Automation Level
- automated
TGS-SEC-T-08Forensics Depthweight 2⚫
Deep historical telemetry and replayable timelines.
Requirement
Tool retains 90+ days of detailed telemetry and offers replayable, queryable incident timelines.
Enterprise Expectation
12-month retention with searchable timelines.
Detection Method
- Retention policy
- Timeline UI
Actionability
- Forensic investigation
Evidence Required
- Timeline replay screenshot
Automation Level
- automated
Cloud Posture · 6 items
TGS-SEC-C-01Misconfiguration Detectionweight 3⚫
Detect cloud misconfigurations against benchmarks.
Requirement
Tool detects misconfigurations against CIS, NIST, and vendor benchmarks across major cloud services.
Enterprise Expectation
Multi-benchmark coverage; auto-remediation workflows.
Detection Method
- Posture report
Actionability
- Drive remediation
Evidence Required
- Misconfiguration report
Automation Level
- automated
TGS-SEC-C-02Configuration Drift Detectionweight 2⚫
Detect drift from approved baselines.
Requirement
Tool detects drift from declared baselines and surfaces changes with attribution.
Enterprise Expectation
Real-time detection with attribution to the change source.
Detection Method
- Drift dashboard
Actionability
- Snap drift back
Evidence Required
- Drift event example
Automation Level
- automated
TGS-SEC-C-03Multi-Cloud Posture Coverageweight 3⚫
Single pane across AWS / Azure / GCP / OCI.
Requirement
Tool covers all four major hyperscalers with consistent posture rules.
Enterprise Expectation
Equal depth across AWS / Azure / GCP / OCI.
Detection Method
- Cloud connector list
Actionability
- Unified posture view
Evidence Required
- Multi-cloud connector screenshot
Automation Level
- automated
TGS-SEC-C-04IaC Scanningweight 2⚫
Pre-deploy scanning of Terraform / CloudFormation / Helm.
Requirement
Tool scans IaC pre-deployment with policy gating in CI/CD.
Enterprise Expectation
Major IaC tools covered; policy gating supported.
Detection Method
- CI plugin
- PR comment example
Actionability
- Shift-left security
Evidence Required
- IaC scan screenshot
Automation Level
- automated
TGS-SEC-C-05Compliance Frameworksweight 2⚫
Pre-built mappings to common compliance frameworks (CIS / NIST / PCI / HIPAA / FedRAMP).
Requirement
Tool ships pre-built compliance packs with current framework versions.
Enterprise Expectation
Auto-updated framework versions; gap reports.
Detection Method
- Compliance pack list
Actionability
- Audit prep
Evidence Required
- Compliance pack screenshot
Automation Level
- automated
TGS-SEC-C-06Risk-Based Prioritizationweight 2⚫
Surface findings by exploitability + asset criticality.
Requirement
Tool prioritizes findings using exploitability data + asset criticality + business context.
Enterprise Expectation
Multi-factor scoring with documented methodology.
Detection Method
- Prioritization scoring UI
Actionability
- Focus remediation
Evidence Required
- Prioritization rationale per finding
Automation Level
- automated
Identity & Access · 5 items
TGS-SEC-I-01SSO Breadthweight 2⚫
Number of integrated SaaS apps via SAML / OIDC / SCIM.
Requirement
Tool integrates with at least 5,000 SaaS apps via SAML/OIDC/SCIM.
Enterprise Expectation
7,000+ apps with template + custom support.
Detection Method
- Integration catalog
Actionability
- Reduce SSO gaps
Evidence Required
- Integration catalog screenshot
Automation Level
- automated
TGS-SEC-I-02MFA Enforcementweight 3⚫
Policy-driven MFA enforcement at scale.
Requirement
Tool enforces MFA via configurable policies (factor strength, location, risk-based).
Enterprise Expectation
Phishing-resistant factors (FIDO2) supported and prioritized.
Detection Method
- Policy editor
- Enforcement log
Actionability
- Drive MFA coverage
Evidence Required
- Policy + enforcement event
Automation Level
- automated
TGS-SEC-I-03Privileged Access Management (PAM)weight 3⚫
Vaulting, session recording, just-in-time elevation.
Requirement
Tool offers credential vaulting, session recording, and JIT elevation for privileged accounts.
Enterprise Expectation
Full session recording, replay, JIT, break-glass workflow.
Detection Method
- Vault UI
- Session recording examples
Actionability
- Reduce standing privilege
Evidence Required
- PAM deployment screenshot
Automation Level
- automated
TGS-SEC-I-04Identity Threat Detectionweight 2⚫
Detect identity-based attacks (token theft, OAuth abuse).
Requirement
Tool detects identity-specific threats: token theft, OAuth abuse, MFA fatigue, lateral movement.
Enterprise Expectation
Token replay, OAuth, MFA fatigue patterns covered.
Detection Method
- Identity threat detections
Actionability
- Stop identity attacks
Evidence Required
- ITD detection example
Automation Level
- automated
TGS-SEC-I-05Session Monitoringweight 1⚫
Live session telemetry for high-risk users / actions.
Requirement
Tool monitors sessions and captures anomalous behavior with attribution.
Enterprise Expectation
Live + retroactive session monitoring with replay.
Detection Method
- Session monitor UI
Actionability
- Catch live abuse
Evidence Required
- Session anomaly example
Automation Level
- automated
Vulnerability Management · 4 items
TGS-SEC-V-01Asset Coverageweight 2⚫
Breadth of asset types scanned (cloud, on-prem, OT, container).
Requirement
Tool scans cloud workloads, on-prem servers, containers, web apps, and APIs with documented coverage.
Enterprise Expectation
OT and IoT supported in addition to IT.
Detection Method
- Asset coverage report
Actionability
- Eliminate blind spots
Evidence Required
- Asset coverage screenshot
Automation Level
- automated
TGS-SEC-V-02Authenticated Scanningweight 2⚫
Authenticated / agent-based scanning depth.
Requirement
Tool supports authenticated scanning and agent-based scanning where appropriate.
Enterprise Expectation
Agent + agentless options with documented depth differences.
Detection Method
- Auth-scan config UI
Actionability
- Lower false positives
Evidence Required
- Authenticated scan example
Automation Level
- automated
TGS-SEC-V-03Patch Trackingweight 2⚫
Track patch state and SLAs across the fleet.
Requirement
Tool tracks patch deployment state, SLA compliance, and exception workflows.
Enterprise Expectation
SLA tracking with auto-escalation and exception workflow.
Detection Method
- Patch dashboard
Actionability
- Drive patch hygiene
Evidence Required
- Patch SLA report
Automation Level
- automated
TGS-SEC-V-04Risk-Based Vuln Prioritizationweight 2⚫
EPSS / CVSS / asset-criticality combined.
Requirement
Tool prioritizes vulns using EPSS + CVSS + asset-criticality + exploit intel.
Enterprise Expectation
Multi-source threat intel with documented model.
Detection Method
- Per-vuln rationale
Actionability
- Focus on what matters
Evidence Required
- Prioritization breakdown
Automation Level
- automated
SecFinOps · 7 items
TGS-SEC-SF-01Security Tool Cost Visibilityweight 2⚫
Cost of each security tool surfaced to FinOps view.
Requirement
Security tool consumption (ingest GB, EPS, seats) is surfaced with cost overlay.
Enterprise Expectation
Multi-tool consumption with budget alerts.
Detection Method
- Consumption dashboard
Actionability
- Right-size security spend
Evidence Required
- Consumption + cost report
Automation Level
- assisted
- automated
TGS-SEC-SF-02License Utilization (Security Tools)weight 1⚫
Track seat / capacity utilization for security platforms.
Requirement
Tool tracks license / seat utilization for security tools with reclamation workflow.
Enterprise Expectation
Auto-reclamation with dispute path.
Detection Method
- Utilization report
Actionability
- Reclaim unused seats
Evidence Required
- Utilization screenshot
Automation Level
- automated
TGS-SEC-SF-03Alert Volume vs Costweight 1⚫
Cost-per-alert / cost-per-true-positive metrics.
Requirement
Tool reports cost-per-alert and cost-per-true-positive at the SOC level.
Enterprise Expectation
Trend tracking with anomaly detection.
Detection Method
- SOC efficiency metric
Actionability
- Demonstrate SOC ROI
Evidence Required
- Alert-cost report
Automation Level
- assisted
TGS-SEC-SF-04Coverage vs Risk-Spend Ratioweight 1⚫
Coverage outcome divided by tool spend.
Requirement
Tool reports coverage outcome / dollar spent at the control category level.
Enterprise Expectation
Multi-control views; benchmarking against peers.
Detection Method
- Coverage / spend matrix
Actionability
- Reallocate tool budget
Evidence Required
- Coverage / spend report
Automation Level
- assisted
TGS-SEC-SF-05Tool Overlap Detectionweight 1⚫
Detect overlapping capabilities across security tools.
Requirement
Tool maps overlapping capabilities across security stack and surfaces consolidation opportunities.
Enterprise Expectation
Capability-level overlap with recommendation engine.
Detection Method
- Capability overlap report
Actionability
- Drive consolidation
Evidence Required
- Overlap report screenshot
Automation Level
- assisted
TGS-SEC-SF-06ROI Per Security Controlweight 1⚫
Quantified return per security control / category.
Requirement
Tool quantifies ROI per security control class (EDR, SIEM, IAM) using outcome metrics.
Enterprise Expectation
Outcome-bound ROI with audit defense.
Detection Method
- ROI dashboard
Actionability
- Defend security investment
Evidence Required
- ROI methodology + report
Automation Level
- assisted
TGS-SEC-SF-07Insurance Premium Impactweight 1⚫
Tools that demonstrably affect cyber-insurance premiums.
Requirement
Tool publishes insurance carrier acceptance and premium-impact data.
Enterprise Expectation
Direct insurer partnerships with documented premium credits.
Detection Method
- Insurance partnership disclosures
Actionability
- Quantify insurance ROI
Evidence Required
- Carrier acceptance docs
Automation Level
- manual