In this article:
Compliance is available to all users, but issue mapping to industry frameworks for other domains' Scorecards is available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Use SecurityScorecard’s Compliance feature to leverage our robust data set to see where you stand against industry best practices as detailed in the controls of known Compliance frameworks. With a paid SecurityScorecard plan, you can also view the status of other Scorecards to monitor their vendors, and inform conversations about regulatory compliance.
It is even possible to connect your cloud accounts to SecurityScorecard to pull in configuration data to combine with our outside-in view to provide a 360-degree view of your compliance status. Learn more.
Add compliance frameworks
To get started with the Compliance feature, choose which compliance frameworks you’re interested in:
- Go to a Scorecard and then select the Compliance tab on the left.
- Click + Choose Framework button on the right side.
- Select each compliance framework you want by clicking Add. Then click the x in the upper-left corner of the selection panel to close it.
As you select frameworks, they appear on the Compliance page. To remove a selected framework at any time, click Choose Frameworks on the Compliance page and then click Remove for that framework in the selection panel.
View compliance status
Rows of boxes that represent controls appear under each selected framework. Each box has a color that represents one of three states:
- Reviewed (purple) status indicates that evidence related to that control was collected, and no issues were found. Find out out to see details about evidence.
- Conflicts (red) status indicates that evidence related to that control was collected, and issues were identified. Find out out to see details about conflicts.
- No evidence (white) status indicates that no evidence related to that control has been collected yet.
See details about evidence and conflicts
In order to dig deeper into the issues discovered for a given framework, you can click on the name of the compliance framework, and get additional information
- Click on the name of a framework that you are monitoring.
- In the detailed view of the framework, view the information about evidence related to conflicts.
- Click any control with a triangular icon, which indicates a conflict.
- In the side panel that appears, view the evidence related to the control. Click the evidence link to see more specific information in the issue type that we discovered in our scans.
- View the issue summary, findings, and recommendation for addressing the issue.
Pull in data from inside your organization
While SecurityScorecard's continuous scanning provides a robust set of “outside-in” data , we want to give you a full 360° view of your organization’s compliance. We are enabling you to integrate with your existing cloud accounts, and pull in relevant configuration data. Learn more.
If you need help or have questions, submit a Support request.