Compliance Frameworks
Cloudgeni provides continuous compliance monitoring against major security frameworks. Track your compliance posture, generate audit-ready reports, and remediate violations with AI-powered assistance.What You'll Get
- 5 major frameworks - SOC2, ISO27001, NIS2, PCI DSS, CIS
- Multi-cloud coverage - AWS, Azure, GCP, OCI
- 1000+ security rules - Powered by Prowler
- PDF compliance reports - Audit-ready documentation
Supported Frameworks
SOC 2
Service Organization Control 2 - Trust Services Criteria for service organizations.| Category | Controls |
|---|---|
| Security | Access controls, encryption, network security |
| Availability | Disaster recovery, redundancy, monitoring |
| Processing Integrity | Data validation, error handling |
| Confidentiality | Data classification, encryption at rest |
| Privacy | Data handling, consent management |
ISO 27001:2022
International standard for information security management systems (ISMS).| Domain | Focus Areas |
|---|---|
| A.5 | Information security policies |
| A.6 | Organization of information security |
| A.7 | Human resource security |
| A.8 | Asset management |
| A.9 | Access control |
| A.10 | Cryptography |
| A.11-A.18 | Physical, operations, communications, development |
NIS 2
EU Network and Information Security Directive (2022/2555).| Requirement | Description |
|---|---|
| Risk Management | Security policies and risk assessments |
| Incident Handling | Detection, response, and reporting |
| Business Continuity | Backup, disaster recovery |
| Supply Chain | Third-party security |
| Encryption | Cryptography and key management |
PCI DSS 4.0
Payment Card Industry Data Security Standard version 4.0.| Requirement | Focus |
|---|---|
| 1-2 | Network security controls |
| 3-4 | Protect account data |
| 5-6 | Vulnerability management |
| 7-8 | Access control measures |
| 9-10 | Physical security, monitoring |
| 11-12 | Testing, policies |
CIS 3.0
Center for Internet Security Benchmarks version 3.0.| Section | Focus |
|---|---|
| Identity | IAM, MFA, access reviews |
| Logging | Audit trails, monitoring |
| Networking | VPCs, firewalls, encryption |
| Storage | Encryption, access controls |
| Compute | Instance security, patching |
Framework Coverage by Provider
| Framework | AWS | Azure | GCP | OCI |
|---|---|---|---|---|
| SOC 2 | Yes | Yes | Yes | - |
| ISO 27001 | Yes | Yes | Yes | - |
| NIS 2 | Yes | Yes | Yes | - |
| PCI DSS 4.0 | Yes | Yes | Yes | - |
| CIS 3.0 | - | - | - | Yes |
Compliance Scoring
How Scores Are Calculated
Compliance score is calculated based on finding status:| Finding Status | Counts As |
|---|---|
| PASSED | Compliant |
| SKIPPED | Not applicable (compliant) |
| FAILED | Non-compliant |
| MANUAL | Requires manual review |
Score Interpretation
| Score Range | Status | Action |
|---|---|---|
| 90-100% | Excellent | Maintain current controls |
| 75-89% | Good | Address high-priority gaps |
| 50-74% | Needs Work | Prioritize remediation |
| Below 50% | Critical | Immediate attention required |
Control-Level Scoring
Each framework control is scored individually:- Pass: All checks for the control pass
- Partial: Some checks pass, some fail
- Fail: Critical checks fail
Dashboard Features
Compliance Score Widget
The main dashboard displays:- Overall compliance score percentage
- Trend over time (7-day, 30-day)
- Score breakdown by framework
- Comparison to previous period
Framework Progress
For each framework:- Progress bar showing compliance percentage
- Count of passed/failed controls
- List of critical violations
- Quick links to findings
Control Breakdown
Drill down into specific controls:- Click on a framework
- View controls grouped by category
- See pass/fail status for each control
- Access related findings
PDF Compliance Reports
Generating Reports
- Go to Compliance in the dashboard
- Select the framework
- Click Generate Report
- Configure filters:
- Date range
- Severity levels
- Status (all, failed only)
- Regions
- Click Download PDF
Report Contents
| Section | Contents |
|---|---|
| Executive Summary | Overall score, trends, highlights |
| Framework Overview | Framework description, scope |
| Score Summary | Breakdown by category |
| Control Details | Per-control status and findings |
| Findings List | All findings with severity |
| Recommendations | Prioritized remediation steps |
Report Customization
| Option | Description |
|---|---|
| Include Passed | Show passing controls |
| Include Evidence | Attach finding details |
| Executive Only | Summary without details |
| Custom Logo | Add your organization logo |
Finding Management
Severity Levels
| Level | Description | SLA Recommendation |
|---|---|---|
| Critical | Immediate security risk | 24 hours |
| High | Significant vulnerability | 7 days |
| Medium | Moderate risk | 30 days |
| Low | Minor issue | 90 days |
| Info | Informational | As needed |
Finding Status
| Status | Meaning |
|---|---|
| Open | Finding detected, not addressed |
| In Progress | Remediation underway |
| Resolved | Finding fixed and verified |
| Suppressed | Accepted risk (documented) |
| False Positive | Incorrectly flagged |
Status Workflow
Remediation
AI-Powered Fixes
For each finding, Cloudgeni can:- Analyze the non-compliant configuration
- Generate IaC code to fix the issue
- Validate the fix against policies
- Create a pull request
Remediation Workflow
- Select a finding
- Click Remediate
- Review AI-generated fix
- Approve and create PR
- Merge to apply fix
Bulk Remediation
Address multiple findings at once:- Filter findings by type or control
- Select multiple findings
- Click Bulk Remediate
- Review consolidated fix
- Create single PR for all fixes
Framework-Specific Guidance
SOC 2 Best Practices
- Enable CloudTrail/Activity Log for all regions
- Implement MFA for all user accounts
- Encrypt data at rest and in transit
- Regular access reviews
- Incident response procedures
ISO 27001 Best Practices
- Document security policies
- Asset inventory maintenance
- Regular security assessments
- Change management controls
- Security awareness training
PCI DSS Best Practices
- Network segmentation for cardholder data
- Strong access control measures
- Regular vulnerability scans
- Security monitoring and alerting
- Encryption of card data
Integrations
Continuous Monitoring
Cloudgeni continuously monitors your cloud environments:- Real-time finding detection
- Automatic score updates
- Alert on compliance changes
- Drift detection
SIEM Integration
Export findings to your SIEM:- JSON export format
- Webhook notifications
- API access for automation
Troubleshooting
Common Issues
Common Issues
Score Not Updating:
- Run a new compliance scan
- Check cloud account connectivity
- Verify scan completed successfully
- Check cloud provider support
- Verify account is connected
- Some frameworks require specific regions
- Check for scan completion
- Verify data exists for date range
- Try smaller date range
- Remediation may not be applied yet
- Run new scan after applying fix
- Check fix was merged to main branch