Mondoo
Docs
ComplianceCustomize Compliance

Set Exceptions on Checks

Set exceptions on individual checks within a compliance framework control

Check exceptions let you exclude individual checks from your compliance score while keeping the rest of the control active. This is useful when a control is mostly relevant to your organization but a specific check doesn't apply to your environment.

Like control exceptions, there are two types:

  • Risk acceptance: Temporarily exclude a check for a set time period while your team works toward meeting it.
  • Disable: Permanently exclude a check from your compliance score. A disabled check remains excluded unless you re-enable it.

When you set an exception on a check, the exception applies to the entire space. Because checks live in policies, a check exception impacts all compliance frameworks that use that check.

Set an exception on a check

Note: Only team members with Editor or Owner access can perform this task.

  1. In the Mondoo Console, navigate to the space you want to customize.

    Space in the Mondoo Console

  2. In the side navigation bar, select Compliance.

    Compliance in the Mondoo Console

  3. Select the framework you want to customize and scroll down to the list of controls.

    Controls in a compliance framework

  4. Select the control containing the check you want to set an exception for, then check the box beside that check.

    Select a check in a compliance control

  5. Select the SET EXCEPTION button.

    Set an exception on a compliance check

  6. Select the exception type and time period, then provide a justification. The approver will use this justification when reviewing the exception.

  7. Select the SAVE EXCEPTION button.

Approve or reject an exception

Exceptions take effect immediately. However, as an extra tracking step, a team member can approve or reject an exception:

  • Approve: The exception remains in place.
  • Reject: The exception is removed and the check is re-enabled.

Note: Only team members with Editor or Owner access can perform this task.

  1. In the Mondoo Console, navigate to the space you want to work in.

    Space in the Mondoo Console

  2. In the side navigation bar, select Compliance.

    Compliance in the Mondoo Console

  3. Select the framework you want to work in and scroll down to the list of controls.

    Compliance framework in the Mondoo Console

  4. Select the control containing the check exception you want to review, then select the Exceptions tab.

    Exception on a check in the Mondoo Console

  5. Select the Reject button to remove the exception, or select the Approve button to keep it.

Re-enable a check

Note: Only team members with Editor or Owner access can perform this task.

  1. In the Mondoo Console, navigate to the space you want to work in.

    Space in the Mondoo Console

  2. In the side navigation bar, select Compliance.

    Compliance in the Mondoo Console

  3. Select the framework you want to work in, then select the control containing the check you want to re-enable.

    Compliance framework showing checks with an exception

  4. Select the check with an exception that you want to re-enable.

    Compliance check with an exception

  5. Select the REMOVE EXCEPTION AND ENABLE button, then confirm by selecting YES, ENABLE THE CHECK.

Set Exceptions on Controls

Set exceptions on controls in a compliance framework and provide justification for your team and auditors

Click2Fix

Automate security fixes with one-click remediation pipelines for Terraform, Ansible, Intune, and other tools.

On this page

Set an exception on a checkApprove or reject an exceptionRe-enable a check