Each finding is assigned a result of either "PASS", "FAIL", "WARN", or "UNKNOWN". Passing results indicate that the cloud security control being tested was not violated in the IaaS account, either becauase no resources of the target type existed, or because they all followed the required best practice. Warning results indicate that a security control is in danger of being violated but may not present an immediate risk. For example, SSL certificates that are expiring within the next 90 days or applications using a deprecated, but not insecure, runtime, may produce warning results. Failing results indicate that the control was violated and should be remediated. Unknown results indicate that CloudSploit was not able to ascertain the status of the resources, either due to API issues, cloud provider downtime, or missing permissions.