Compliance Assessments

Update to NIST 800-171 Assessment Template (Rev3 – May 2024)

CIS compliance against M365/Entra ID

Add the ability to have a custom compliance assessment

I have clients that customize benchmarks for internal use (they use combinations of CIS, PCI and NIST). Having one assessment that covers all the options without false positives would be a great to share with clients. Nessus has an audit language for their testing, maybe something similar?

Add NIS2 For Compliance Standards/Assessments

Add CJIS as an Assessment Type

Ability to Skip Compliance Sections in Assesment

The move past specific compliance sections that are not applicable would be very helpful. For example, section 16 in the CIS assessment applies to software development. Being able to skip this full section if a client does not develop their own software.

Ability to choose IG1,2,3 for CIS Assessment

Powered by Canny