Skip to main content

Compliance Overview

Guardian Pro provides continuous, automated compliance monitoring across your AWS environment. Rather than point-in-time assessments that go stale within days, Guardian Pro evaluates your infrastructure against industry frameworks after every scan, giving you a living compliance posture that stays current as your environment evolves.

How Compliance Works

Guardian Pro's compliance engine maps hundreds of automated security and best-practice checks to the specific controls defined by each compliance framework. Every time a scan completes, each control is re-evaluated and your compliance score is recalculated.

The process works in three stages:

  1. Framework subscription -- You choose which compliance frameworks are relevant to your organisation from Settings. See Subscribing to Frameworks for details.
  2. Automated evaluation -- Guardian Pro maps its automated checks to framework controls and evaluates each control based on real findings in your environment.
  3. Scoring and reporting -- Each framework receives a compliance score (percentage of passing controls), and you can drill into individual controls, attach evidence, create exceptions, and export audit-ready reports.
tip

Compliance evaluation happens automatically after every scan. You do not need to trigger a separate compliance assessment -- your scores update as soon as new scan results are available.

Supported Frameworks

Guardian Pro currently supports four industry-standard compliance frameworks:

FrameworkCoverageTypical Use Case
CIS AWS Foundations Benchmark 5.0Identity, logging, monitoring, networking, storageSecurity hardening baseline for any AWS environment
SOC 2Security, availability, confidentiality controlsSaaS companies and service providers undergoing SOC 2 audits
GDPRData protection, encryption, access control, loggingOrganisations handling EU personal data
AWS Well-ArchitectedSecurity, reliability, performance, cost, operational excellenceArchitecture reviews and best-practice alignment

Each framework page provides detailed information about the controls covered, how Guardian Pro evaluates them, and guidance for addressing gaps.

The Compliance Dashboard

The Compliance Dashboard is your central hub for understanding your compliance posture. It provides:

Framework Score Cards

At the top of the dashboard, you see a score card for each subscribed framework showing:

  • Overall score -- The percentage of controls currently passing (0-100%)
  • Controls passed vs. controls failed -- A clear count of your current status
  • Trend indicator -- Whether your score has improved or declined since the last evaluation

Control Breakdown

Below the score cards, the controls list shows every control in your subscribed frameworks with its current status:

  • PASS -- All automated checks for this control are passing across your environment
  • FAIL -- One or more checks for this control have detected issues
  • NOT APPLICABLE -- The control does not apply to your current environment (for example, a control about a service you do not use)

You can filter controls by status, severity, service, and framework. For more detail, see Understanding Controls.

The trends chart shows how your compliance score has changed over time, helping you demonstrate continuous improvement to auditors. You can view trends for a single framework or compare multiple frameworks side by side. See Compliance Trends for more information.

Key Concepts

Controls

A control is a specific requirement defined by a compliance framework. For example, a CIS benchmark control might require that "MFA is enabled for the root account." Each control maps to one or more automated checks that Guardian Pro runs during every scan.

A control passes only when all of its mapped checks pass across your environment. If any check fails, the control is marked as failed. Learn more in Understanding Controls.

Exceptions

Sometimes a control failure is acceptable -- perhaps you have a compensating control, an accepted risk, or a technical constraint. Guardian Pro allows you to create exceptions that document why a control is failing and mark it as an accepted deviation. Excepted controls are tracked separately and do not count against your compliance score. See Managing Exceptions.

Evidence

For audit readiness, you can attach evidence documents to any control. This is especially useful for controls that require manual verification or for documenting compensating controls. See Attaching Evidence.

Reports

Guardian Pro can export compliance reports in PDF, CSV, and JSON formats. These reports provide a point-in-time snapshot of your compliance posture suitable for sharing with auditors, leadership, or compliance teams. See Compliance Reports.

From Compliance to Remediation

One of Guardian Pro's most powerful features is the direct link between compliance failures and remediation. When a control is failing:

  1. Click on the failed control to see which checks are failing and which resources are affected.
  2. Click through to the Action Centre to see the underlying findings.
  3. From the Action Centre, you can remediate the issues -- either manually following step-by-step guidance or with automated one-click fixes where available.
  4. After remediation, the next scan re-evaluates the control, and your compliance score updates automatically.
info

Guardian Pro does not just identify compliance gaps -- it gives you a direct path to closing them. Every failed control is linked to actionable findings with clear remediation guidance.

Multi-Account Compliance

If you manage multiple AWS accounts, Guardian Pro evaluates compliance across your entire organisation. You can:

  • View compliance scores per account or aggregated across all accounts
  • Identify which accounts are dragging down your overall score
  • Filter controls to see account-specific pass/fail status

For details on managing multiple accounts, see Multi-Account Management.

Getting Started

To start monitoring compliance:

  1. Subscribe to frameworks -- Go to Settings > Frameworks and enable the frameworks relevant to your organisation. See Subscribing to Frameworks.
  2. Run a scan -- If you haven't already, run a scan to generate the findings that feed compliance evaluation.
  3. Review your dashboard -- Open the Compliance Dashboard to see your scores and drill into failing controls.
  4. Remediate gaps -- Use the Action Centre to fix failing checks and improve your score.
  5. Set up reporting -- Export reports or configure scheduled compliance summaries for stakeholders.
tip

Not sure which frameworks to start with? The CIS AWS Foundations Benchmark is the most widely adopted baseline for AWS security and is a good starting point for any organisation. If you handle EU personal data, add GDPR. If you are a SaaS provider, add SOC 2.