Compliance and Security Audit
Compliance and Security Audit turns scan results into framework-level posture. Open Security > Compliance to review scores, failing controls, and related findings.
What it does
- Calculates framework scores from scan results.
- Shows control-level pass and fail status.
- Links failing controls back to affected findings and resources.
- Helps teams distinguish operational triage from accepted risk.
Requirements
- At least one connected and scanned cloud account.
- Active compliance frameworks configured in Settings > General when your organization wants to focus reporting on specific frameworks.
No DevOps Genie Agent is required.
Finding state impact
| Finding state | Compliance impact |
|---|---|
| Open | Failing when tied to a control. |
| Acknowledged | Still failing. Acknowledgment means reviewed, not accepted. |
| Accepted risk | Treated as an accepted exception while active. |
| Resolved | No longer active after scanning. |
Recommended workflow
- Open Security > Compliance.
- Start with the lowest-scoring framework.
- Open failing controls.
- Review related findings.
- Fix, acknowledge, or accept risk based on your process.
- Re-scan to confirm changes.