A compliance program (e.g. PCI or HIPAA) has controls (e.g. “Ensure encryption is enabled”) which contain mappings to CloudSploit plugins (e.g. “EBS Volume Encryption Enabled”) which produce findings.
What is the difference between a compliance program, control, mapping, and finding? Print
Created by: Matt Fuller
Modified on: Sun, 10 Nov, 2019 at 12:01 PM
Did you find it helpful?Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.