Documentation > Professional+ > Compliance Engine
⭐ PRO+

Compliance Engine Module

Automated compliance assessments against industry frameworks with detailed reporting and remediation guidance for regulatory requirements.

Overview

The Compliance Engine automates the assessment of your infrastructure against industry-standard security frameworks. It evaluates system configurations, identifies compliance gaps, and provides actionable remediation steps to help you meet regulatory requirements.

78%
Compliance
CIS L1

Supported Frameworks

Assess your infrastructure against multiple compliance frameworks:

🛡

CIS Benchmarks

Center for Internet Security benchmarks for operating systems, including Level 1 and Level 2 profiles.

🏢

NIST 800-53

Security and privacy controls for federal information systems and organizations.

💳

PCI DSS

Payment Card Industry Data Security Standard for organizations handling cardholder data.

🏥

HIPAA

Health Insurance Portability and Accountability Act security requirements for healthcare data.

🌍

SOC 2

Service Organization Control 2 trust service criteria for security, availability, and confidentiality.

🔒

Custom Policies

Define custom compliance policies tailored to your organization's specific requirements.

Compliance Checks

The compliance engine evaluates numerous configuration aspects:

👤

Access Control

  • User account policies
  • Password requirements
  • File and directory permissions
  • Privileged access controls
🔐

Network Security

  • Firewall configuration
  • Open ports and services
  • Network protocols
  • Encryption in transit
📋

Audit & Logging

  • Audit configuration
  • Log retention policies
  • Log integrity protection
  • System monitoring
💻

System Hardening

  • Unnecessary services
  • Kernel parameters
  • Boot configuration
  • Package integrity

Compliance Status

Each compliance check returns one of the following statuses:

Pass System configuration meets the compliance requirement
Fail Configuration does not meet the requirement - remediation needed
Warning Partially compliant or manual verification required
Skipped Check not applicable to this system or platform

Compliance Reporting

Generate detailed compliance reports in multiple formats:

  • PDF reports for executive summaries and auditors
  • CSV exports for data analysis and tracking
  • JSON format for integration with other tools
  • Scheduled report generation (daily, weekly, monthly)
  • Automatic distribution via email

Report Contents

  • Executive summary with compliance percentage
  • Detailed check results by category
  • Remediation steps for failed checks
  • Historical compliance trends
  • Evidence collection for audit trails

Using Compliance Engine

Running an Assessment

To run a compliance assessment:

  1. Navigate to the host detail page
  2. Select the Compliance tab
  3. Choose the compliance framework
  4. Click "Run Assessment"

Viewing Results

Assessment results show:

  • Overall compliance score percentage
  • Breakdown by check category
  • List of failed checks with remediation steps
  • Evidence collected during the assessment

Bulk Assessments

Run compliance assessments across multiple hosts at once from the Compliance dashboard. Filter by tags to assess specific groups of hosts.

API Access

The Compliance Engine is accessible via the REST API:

# Run compliance assessment
POST /api/v1/compliance/assess/{host_id}
{
  "framework": "cis_l1",
  "categories": ["access_control", "network_security"]
}

# Get assessment results
GET /api/v1/compliance/results/{host_id}

# Get assessment history
GET /api/v1/compliance/history/{host_id}

# List available frameworks
GET /api/v1/compliance/frameworks

# Generate compliance report
POST /api/v1/compliance/report
{
  "host_ids": ["..."],
  "framework": "cis_l1",
  "format": "pdf"
}

Remediation Guidance

Each failed check includes detailed remediation guidance:

  • Step-by-step remediation instructions
  • Platform-specific commands to apply fixes
  • Impact assessment of the change
  • References to official documentation
# Example remediation for SSH root login disabled check
# CIS Benchmark: 5.2.8 Ensure SSH root login is disabled

# Current setting (non-compliant):
PermitRootLogin yes

# Required setting:
PermitRootLogin no

# Remediation command:
sudo sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

Requirements

  • Enterprise license with compliance_engine module
  • Network connectivity to license server for module download
  • SysManage agent with privileged execution for system inspection
  • PostgreSQL database for assessment storage