Compliance

Compliance provides a structured view of the compliance posture of scanned environments by mapping detected issues to supported cybersecurity frameworks.

It helps users understand which compliance controls are affected by discovered vulnerabilities and allows them to prioritize remediation based on exposure, severity, and control coverage.

Compliance Framework Selection

Compliance Framework Selection allows users to choose a supported compliance document for the selected scan.

The available compliance frameworks may include:

ISO/IEC 27001: International information security management standard.

NCA Essential Cybersecurity Controls: Cybersecurity control framework published by the National Cybersecurity Authority.

SAMA Cybersecurity Framework: Cybersecurity framework used for organizations regulated by the Saudi Central Bank.

UAE Information Assurance Regulation: Information assurance regulation used to evaluate cybersecurity controls and requirements.

Compliance Summary

Compliance Summary provides an overview of the selected compliance framework based on the vulnerabilities detected in the scan.

Compliances: The number of compliance controls that are included in the selected framework.

Affected Controls: The number of controls that are impacted by detected vulnerabilities.

Compliance Ratio: The ratio of unaffected controls compared to the total number of controls.

Severities

Severities show the distribution of detected vulnerabilities that are mapped to the selected compliance framework.

Most and Least Compliant Controls

Most Compliant Controls

Controls with the lowest detected vulnerability ratio compared to the total number of vulnerabilities mapped to the control.

These controls have fewer detected vulnerabilities relative to their compliance coverage and therefore represent stronger compliance performance.

Least Compliant Controls

Controls with the highest detected vulnerability ratio compared to the total number of vulnerabilities mapped to the control.

These controls have a larger proportion of detected vulnerabilities within their mapped compliance coverage and therefore require greater remediation attention

Compliance Controls Table

Compliance Controls Table lists the controls in the selected compliance framework and shows how many mapped vulnerabilities are detected for each control.

Control ID: The unique identifier of the compliance control.

Control Name: The name or title of the compliance control.

Ratio: Shows the number of detected mapped vulnerabilities compared to the total number of mapped vulnerabilities for the control.

Total Exposure Point: The total exposure score calculated from detected vulnerabilities mapped to the control.

Users can click a control to view detailed information about related vulnerabilities and rationales.

Control Details

Control Details provides detailed information about a selected compliance control and the vulnerabilities associated with it.

The page displays the control identifier, control description, environment information, and the ratio of detected vulnerabilities compared to the total number of vulnerabilities mapped to the control.

Users can review all detected vulnerabilities related to the selected control, including their severity levels, MITRE ATT&CK tactics, and exposure points.

For each vulnerability, a dedicated View Rationale action is available within the table. Users can review the rationale explaining why the vulnerability is mapped to the selected compliance control without leaving the current page.