Skip to main content

Compliance

The Compliance page shows how your cloud environment maps against industry security frameworks and regulatory standards. Each scan automatically evaluates your resources against multiple frameworks, so you always have an up-to-date compliance picture without additional configuration.

Overview Page

The main Compliance page displays:

Summary Stats

Four cards at the top give you the big picture:

CardWhat It Shows
Frameworks ScannedNumber of compliance frameworks evaluated
Total ChecksTotal number of compliance checks across all frameworks
Passing ChecksCount and overall pass rate percentage
Failing ChecksCount of checks that did not pass

Framework Cards

Below the summary, each framework appears as a card showing:

  • Framework name and icon (e.g., CIS Benchmark, PCI-DSS, SOC 2)
  • Pass rate — color-coded: green (≥ 50%), amber (25–50%), red (< 25%)
  • Stacked bar — visual distribution of pass, fail, and manual checks
  • Pass / Fail / Manual counts

Filtering Frameworks

Use the category pills to filter by compliance category (e.g., standards, regulations) or the search bar to find a specific framework by name or key.

Framework Detail Page

Click on any framework card to see the full breakdown:

  • Donut chart showing the distribution of pass, fail, and manual evaluations
  • Overall pass rate for the framework
  • Requirements list — every section and requirement in the framework, with its evaluation status
  • Resource mapping — which specific resources pass or fail each requirement

This view helps you understand exactly where gaps exist within a particular framework and which resources need attention.

Supported Frameworks

Amnify evaluates against a wide range of compliance frameworks, including but not limited to:

  • CIS Benchmarks — Azure, AWS, GCP, M365
  • PCI-DSS — Payment Card Industry Data Security Standard
  • SOC 2 — Service Organization Control
  • HIPAA — Health Insurance Portability and Accountability Act
  • GDPR — General Data Protection Regulation
  • ISO 27001 — Information Security Management
  • NIST 800-53 — Security and Privacy Controls

The specific frameworks available depend on your connected cloud providers.

info

Compliance evaluation is automatic — you do not need to configure which frameworks to evaluate. Every scan checks all applicable frameworks for your connected providers.

Where to Go Next

  • Findings — investigate the individual checks that are failing
  • Dashboard — return to the high-level security overview
  • Integrations — connect additional providers to expand compliance coverage