Skip to main content

What Cloud Compliance Provides

  • Multi-framework compliance assessment across SOC 2, ISO 27001-2022, and NIS2
  • Advanced cloud security scanning using industry-leading analysis engines
  • Framework-specific reporting with detailed requirement mapping and compliance scoring
  • AI-powered remediation suggestions for failed compliance controls
  • Professional PDF compliance reports for auditors and stakeholders
  • Severity-based finding prioritization (Critical, High, Medium, Low, Info)
  • Export capabilities for evidence collection and audit trails
  • Real-time compliance tracking with progress monitoring over time

Supported Compliance Frameworks

Cloudgeni supports major compliance frameworks for comprehensive security assessment:

SOC 2
SOC 2
Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) for service organizations

ISO 27001
ISO 27001:2022
International standard for information security management

NIS2
NIS2
EU-wide cybersecurity directive setting security and incident reporting requirements for essential and important entities across critical and key sectors

Getting Started

Step 1: Connect Your Cloud Account

Before running compliance scans, you need to connect your AWS or Azure account to Cloudgeni. Connect Cloud Account
  1. Navigate to SettingsIntegrationsCloud in your Cloudgeni dashboard
  2. Select the cloud provider you want to connect to and follow the quick setup procedure
Cloud Compliance uses advanced security scanning technology to perform comprehensive infrastructure analysis. Cloudgeni requires read-only access to your cloud resources and integrates and will never alter anything in your cloud environment!

Step 2: Run Your First Compliance Scan

Cloud Compliance Scan
  1. Navigate to ComplianceCloud Compliance and select your cloud account
  2. With your cloud account selected, click “Scan” to start the compliance analysis
  3. The system will initiate a comprehensive security scan of your cloud infrastructure (this usually takes between 1-5 minutes, depending on the cloud provider and the number of resources)

Understanding the Compliance Dashboard

Once your scan completes, you’ll see a comprehensive compliance dashboard with framework-specific analysis: Cloud Compliance Scan Result

Framework Overview Section

The dashboard provides detailed compliance metrics and controls:

Dashboard Elements

  • Framework Selector: Switch between SOC 2, ISO 27001-2022, and NIS2 analysis
  • Compliance Percentage: Overall framework compliance score with visual progress indicator
  • Requirement Breakdown: Detailed passed/failed counts for framework requirements
  • Export Options: Generate professional PDF compliance reports for auditors
  • Last Scan Information: Timestamp and status of most recent assessment

Compliance Requirements Hierarchy

The main interface displays a hierarchical view of compliance requirements with detailed finding analysis:
Only requirements for which there exist relevant findings in your current infrastructure are displayed. This focused view helps you concentrate on the compliance controls that actually apply to your cloud environment.

Framework Organization

  • Top-Level Sections: Major compliance domains (e.g., “CC6 - Logical and Physical Access Controls”)
  • Sub-Sections: Granular compliance categories within each domain (e.g., “CC6.1 - Logical Access Measures”)
  • Individual Controls: Specific requirements within each section with detailed descriptions
  • Status Indicators: Visual badges showing passed/failed/warning status for each control
  • Severity Assessment: Risk level indicators (Critical, High, Medium, Low, Info) based on finding analysis
  • Finding Counts: Precise numbers of security findings mapped to each control
  • Search and Filtering: Search and filtering by status, severity, regions, and resource types
  1. Expand Framework Sections: Click chevron arrows to explore compliance domains
  2. Review Control Details: Each control displays:
    • Control identifier and comprehensive description
    • Pass/fail status with specific finding counts
    • Worst severity level detected for findings within that control
    • Information tooltips explaining control requirements
  3. Drill Down to Findings: Click any control to view detailed security findings
  4. Access Remediation: Navigate to specific findings for AI-powered fix suggestions
Cloud Compliance Expanded Control

Search and Filtering

Cloud Compliance Filter The compliance analysis supports comprehensive filtering capabilities:
  • Text Search: Search across control names, descriptions, resource names, and finding details
  • Severity Filtering: Filter by Critical, High, Medium, Low, or Info severity levels
  • Status Filtering: Show only Failed, Passed, Warning, or Skipped controls
  • Resource Filtering: Focus on specific cloud regions or resource types

Individual Finding Analysis

Click on any security finding to access detailed information: Finding Detail Page

Finding Overview

Comprehensive Finding Information

  • Finding Title and Description: Clear explanation of the identified security issue
  • Severity Assessment: Risk level with detailed impact analysis
  • Resource Context: Detailed information about affected cloud resources
  • Check Result: Pass/Fail status with specific evaluation criteria
  • Discovery Date: When the issue was detected
  • Provider-Specific Details: Cloud provider context and metadata

AI-Powered Remediation Engine

Cloudgeni offers advanced AI-driven remediation capabilities through IaC:

Intelligent Fix Generation

Suggest Fix Button
  1. From any finding detail page, click “Suggest Fix” to access AI-powered remediation
  2. Select your target repository where infrastructure-as-code fixes should be applied
  3. Cloudgeni’s AI engine analyzes the finding context and generates:
    • Infrastructure as Code fixes (Terraform, Pulumi, Azure Bicep)
    • Policy and configuration updates for improved security posture
    • Automated Validation to validate and fix IaC errors against your cloud environment

Remediation Tracking and Management

Remediation List Navigate to the “Suggestions” tab to manage all remediation activities:

Comprehensive Remediation Management

  • Active Remediations: In-progress fixes with real-time status tracking
  • Completed Implementations: Successfully created fixes with validation results
  • Failed Attempts: Issues requiring attention with error analysis and retry options
  • Pull Request Integration: Direct links to generated infrastructure-as-code fixes
  • Validation Results: Automated validation outcomes for proposed changes
  • Impact Assessment: Business impact analysis for each remediation
Remediation Summary

Professional Compliance Reporting

PDF Report Generation

Cloud Compliance Export Overview Generate executive-level compliance reports for auditors, stakeholders, and regulatory requirements:
  1. Click the “Export” button in the framework overview section
  2. Configure detailed report parameters:
    • Framework Selection: Choose specific compliance frameworks to include
    • Finding Scope: Include/exclude findings by severity levels or status
    • Resource Filtering: Scope reports to specific regions or resource types
  3. Professional Report Components:
    • Executive Summary: High-level compliance scores and key findings for leadership
    • Detailed Framework Analysis: Control-by-control assessment with evidence
Cloud Compliance Exported PDF
Cloud Compliance continuously evolves with new framework mappings, enhanced security analysis, and expanded cloud provider coverage. Don’t hesitate to reach out to us if you want your use case to be supported!
I