Compliance Frameworks
Open Security > Compliance to review framework-level posture and control details.
What the page shows
- Framework score.
- Passing and failing checks.
- Account context.
- Last scan time.
- Control details and related findings.
Active frameworks
Admins can choose active frameworks from Settings > General. Active frameworks drive what the organization focuses on in dashboards and reports.
Acknowledged vs accepted risk
| State | What it means for compliance |
|---|---|
| Acknowledged | The finding has been reviewed but still counts as failing. |
| Accepted risk | The organization has accepted the risk. Active accepted-risk items are treated as passing for compliance scoring. |
| Resolved | The finding is no longer active after scanning. |
Review workflow
- Start with the lowest-scoring framework.
- Open failing controls.
- Review related findings and resources.
- Decide whether each issue should be fixed, acknowledged, or accepted as risk.
- Re-scan after changes.