Compliance Assessments

Ability to Skip Compliance Sections in Assesment

The move past specific compliance sections that are not applicable would be very helpful. For example, section 16 in the CIS assessment applies to software development. Being able to skip this full section if a client does not develop their own software.

Add the ability to have a custom compliance assessment

I have clients that customize benchmarks for internal use (they use combinations of CIS, PCI and NIST). Having one assessment that covers all the options without false positives would be a great to share with clients. Nessus has an audit language for their testing, maybe something similar?

Ability to choose IG1,2,3 for CIS Assessment

Add ISO 27001 for Compliance Scanning/Assessments

Add CJIS as an Assessment Type

Add Multicast DNS (mDNS) for Compliance Assessment Scan Results and Compliance Report Card

Add Multicast DNS (mDNS) for Compliance Assessment Scan Results and Compliance Report Card, which inherently does not support more secure features, such as DNSSEC. https://www.kb.cert.org/vuls/id/550620

CIS compliance against M365/Entra ID

Add NIS2 For Compliance Standards/Assessments

Add SOC2 Compliance Standard

Assessment specifically only be for IG1 of CIS Controls v8

Load More

→

Powered by Canny