Key Terminology

This page defines key compliance terms.

Framework: A collection of compliance controls representing an overall standard (e.g., SOC 2, PCI DSS). Each Framework has a unique ID.
Control Group: A set of related controls within a framework (e.g., "Security" in SOC 2). Each Control Group has a unique ID.
Control (Rule): A specific check or requirement (e.g., "All systems must have multi-factor authentication enabled"). All Frameworks, Control Groups, and Controls have unique IDs.
Assessment: The process of evaluating resources against defined controls to determine compliance.
Findings and Incidents: A Finding is a result of an assessment, indicating whether a resource complies with a specific control. Problematic Findings (non-compliant resources) trigger Alarms, which are then treated as Incidents.
Scope Assignments: The association of resources (e.g., AWS accounts, Azure subscriptions) with a specific Compliance Framework for assessment.

Last updated 4 months ago