Page cover image

Key Terminology

This page defines key compliance terms.

  • Framework: A collection of compliance controls representing an overall standard (e.g., SOC 2, PCI DSS). Each Framework has a unique ID.

  • Control Group: A set of related controls within a framework (e.g., "Security" in SOC 2). Each Control Group has a unique ID.

  • Control (Rule): A specific check or requirement (e.g., "All systems must have multi-factor authentication enabled"). All Frameworks, Control Groups, and Controls have unique IDs.

  • Assessment: The process of evaluating resources against defined controls to determine compliance.

  • Findings and Incidents: A Finding is a result of an assessment, indicating whether a resource complies with a specific control. Problematic Findings (non-compliant resources) trigger Alarms, which are then treated as Incidents.

  • Scope Assignments: The association of resources (e.g., AWS accounts, Azure subscriptions) with a specific Compliance Framework for assessment.

Last updated