Skip to content

Compliance Issues Report

The Compliance Issues Report provides a comprehensive overview of Nanitor's compliance with industry-standard frameworks, such as CIS Critical Security Controls, ISO27001, NCA ECC-1, NIST SP 800-53, PCI-DSS, and SAMA CSF. It lists the top-level controls of the selected compliance framework and breaks down the issues into P0 (Critical), P1 (Imminent), and P2 (Project) categories. This enables the compliance and security teams to prepare for audits by prioritizing and addressing the most critical issues first.

The report can be customized to show compliance issues specific to a particular industry or organization by selecting the appropriate compliance framework. The information provided includes the number of P0/P1/P2 issues per control, enabling organizations to track their progress in meeting compliance requirements.

The following image shows the Compliance Issues Report. The given framework here is the PCI-DSS v3.2.1. The top-level requirements are shown by default, along with the number of issues in the P0, P1, and P2 priority groups.

Screenshot of the Compliance Issues report

Further, each top-level requirement can be expanded to see the status of more granular sub-requirements which shows in more detail the distribution of the issues for those sub-requirements.

Screenshot of expanded subcontrols in the Compliance Issues report

This works similarly for other frameworks. To change the framework, go to the Actions menu and select "Change framework" which brings up the "Change framework" dialog as shown below. Once a framework has been selected and the "Change framework" button clicked the report will be shown for the selected framework.

Actions menu for Compliance Issues report

Compliance framework selection dialog for the Compliance Issues report

As shown in the picture above Nanitor supports numerous compliance frameworks.