LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  1. Guide

Key Terminology

This page defines key compliance terms.

  • Framework: A collection of compliance controls representing an overall standard (e.g., SOC 2, PCI DSS). Each Framework has a unique ID.

  • Control Group: A set of related controls within a framework (e.g., "Security" in SOC 2). Each Control Group has a unique ID.

  • Control (Rule): A specific check or requirement (e.g., "All systems must have multi-factor authentication enabled"). All Frameworks, Control Groups, and Controls have unique IDs.

  • Assessment: The process of evaluating resources against defined controls to determine compliance.

  • Findings and Incidents: A Finding is a result of an assessment, indicating whether a resource complies with a specific control. Problematic Findings (non-compliant resources) trigger Alarms, which are then treated as Incidents.

  • Scope Assignments: The association of resources (e.g., AWS accounts, Azure subscriptions) with a specific Compliance Framework for assessment.

PreviousComplianceNextRunning Audits

Last updated 3 months ago

Page cover image