generated: '2026-06-20' method: derived source: >- Derived from openapi/amazon-comprehend-openapi.yml (securitySchemes, servers, protocol) and AWS Comprehend documentation compliance claims. standards: - id: aws-sigv4 conforms: true evidence: >- securitySchemes.hmac x-amazon-apigateway-authtype awsSigv4; all requests signed with AWS Signature Version 4. - id: oauth2 conforms: false evidence: Authentication is AWS SigV4, not OAuth 2.0. - id: oidc conforms: false - id: rfc9457-problem-details conforms: false evidence: >- Errors use the AWS JSON 1.1 protocol modeled-exception format (__type + message), not application/problem+json. - id: json-api conforms: false - id: odata conforms: false - id: fhir-r4 conforms: false - id: scim2 conforms: false - id: fapi conforms: false - id: psd2 conforms: false - id: pagination conforms: true evidence: >- List* operations accept MaxResults and NextToken parameters for token-based pagination. - id: idempotency conforms: false evidence: No client idempotency-key mechanism documented for write operations. - id: gdpr conforms: true evidence: >- AWS Comprehend is covered by the AWS GDPR Data Processing Addendum; service supports PII detection/redaction to aid compliance workflows. - id: hipaa-eligible conforms: true evidence: Amazon Comprehend is a HIPAA-eligible AWS service. - id: soc-iso-pci conforms: true evidence: >- Amazon Comprehend is in scope for AWS SOC 1/2/3, ISO 27001/27017/27018, and PCI DSS attestations (AWS compliance programs).