Compliance Reports

Available Reports

The compliance reports help assess your infrastructure against industry security frameworks. The following reports are available:


CIS AWS Foundations

The CIS AWS Foundations Benchmark provides a high-level compliance standard for securing Amazon Web Services resources. The benchmark offers prescriptive instructions for configuring AWS services in accordance with industry best practices


System and Organization Controls (SOC) 2 is an auditing procedure that ensures a company's data is securely managed It's intended for use by service organizations (organizations that provide information systems as a service to other organizations) to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories known as Trust Service Principles

NIST 800-53

NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems.

These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability


NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices.[1]taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes",[2] in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context.[3] It has been translated into many languages and is used by several governments[4] and a wide range of businesses and organizations


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge

PCI DSS v3.2.1

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process, or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions

FedRAMP (Moderate)

FedRAMP (Federal Risk and Authorization Management Program) is the US federal government’s approach to securing the cloud services that its agencies use internally.

Canada GC Guardrails

A preliminary set of baseline controls is provided through the GC Cloud Guardrails, which help to ensure that cloud-based environments are protected upon receipt of enrolment under the GC Cloud Services Framework Agreement

Canada Protected B Medium Integrity Medium Availability (PBMM)

PBMM controls identify the baseline security controls that must be implemented by CSPs and GC departments and agencies in order to appropriately protect cloud-based GC services and related information having a security category of Protected B, medium integrity, and medium availability (PBMM)

Reserve Bank India (RBI) Cyber Security Framework

A comprehensive cyber security framework by RBI for Urban Cooperative Banks, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them, and assessment of cyber security risk.

Report Details

List of Controls

Each compliance report contains a list of controls as defined by the security standard or framework. Each control shows a quick pass/fail icon.

Click on each control item to expand it and display the Control Description (as defined by the standard or framework), and the Assessment Checks that were evaluated as part of this control. Each assessment check also displays an icon to indicate whether it passed, failed, or was not applicable in this environment.

Assessment Rules

Along with the list of controls, each report includes all the assessment rules that are applicable to the evaluation of this report. This view provides more details on the specific AWS resources that were evaluated, including whether they passed or failed, and resource details such as region, resource Arn, and more.

PDF Export

Use the Export PDF button to generate a PDF document based on the data included in the report

Last updated