Skip to main content
The Compliance section runs automated assessments of your infrastructure against security and regulatory frameworks. Each assessment maps specific controls to specific resources and tells you which pass, which fail, and — for failures — which resources caused the problem.

Supported frameworks

FrameworkIDScope
CIS AWS Foundations Benchmarkcis-awsAWS accounts
CIS GCP Foundations Benchmarkcis-gcpGCP projects
CIS Azure Foundations Benchmarkcis-azureAzure subscriptions
SOC 2 Type IIsoc2All providers
NIST SP 800-53 Rev 5nist-800-53All providers
PCI-DSS v3.2.1pci-dssAll providers
HIPAA Security RulehipaaAll providers

Enabling a framework

1

Open Compliance

In the sidebar, click Compliance, then click Enable framework.
2

Choose a framework

Select the framework from the list and optionally scope it to specific providers.
3

Enable

Click Enable. InfraAudit runs the first assessment automatically. Subsequent assessments run on a daily schedule by default.
Via CLI: 
infraudit compliance enable cis-aws
infraudit compliance enable soc2 --provider 1

Running an assessment

Trigger an assessment on demand from the Compliance page by clicking Run assessment, or via CLI: 
infraudit compliance assess
infraudit compliance assess --framework cis-aws

Reading assessment results

An assessment produces:
  • Overall score — the percentage of controls that passed
  • Control list — each control’s pass/fail status with a description
  • Affected resources — for failed controls, the specific resources that caused the failure
  • Suggested fixes — remediation steps for each failed control
Results are grouped by control category (for example, “Identity and Access Management” and “Logging”) to help you focus on specific areas.

Control-to-resource mapping

For each failed control, InfraAudit links directly to the resources that caused the failure. For example, a CIS AWS control requiring S3 bucket server-side encryption lists every bucket where encryption is disabled — so you know exactly what to fix, not just that something failed.

Multi-account assessments

When multiple providers are in scope, InfraAudit runs the assessment across all of them and shows per-account scores alongside the aggregate. This is useful for organizations running multiple AWS accounts under a single compliance program.

Exporting results

You can export assessment results as PDF or CSV for audit evidence:
1

Open the assessment

Navigate to the assessment you want to export.
2

Export

Click Export and choose PDF or CSV. The PDF includes the full control list with pass/fail status and a summary table.
Via CLI: 
infraudit compliance export --assessment <assessment-id> --format pdf --output report.pdf

CLI reference

# List enabled frameworks
infraudit compliance list

# Run all enabled frameworks
infraudit compliance assess

# Run a specific framework
infraudit compliance assess --framework cis-aws

# View latest results for a framework
infraudit compliance results --framework cis-aws

# Export as PDF
infraudit compliance export --assessment <id> --format pdf

Next steps

  • Alerts — route compliance failures to Slack or email
  • Remediation — apply automated fixes for failed controls
  • Recommendations — view AI-generated suggestions for failed controls