CloudSploit compliance scans work by defining the security controls required by the program and then mapping CloudSploit plugins to that control. For example, the PCI control that requires the use of encryption would be mapped to numerous CloudSploit plugins that check for the use of encryption across cloud services. The PCI compliance report then summarizes the results of these plugins under the encryption control.