It is really difficult to present compliance scan results to clients when there are known risks show as non-compliant when they are accepted or have compensating controls in place.

For example, we cannot disable laptop webcams for 99% of our clients or they will not be able to use videoconferencing software. Physical camera shutters are used to block the camera when not in use. It would be great to be able to mark this registry key detection within the assessment as manual compliant or a new accepted/compensated measure rather than 100% non-compliant.