Mondoo
Docs
ComplianceCustomize Compliance

Define the Scope of Your Compliance Audit

Set controls out of scope to exclude them from your compliance score and from generated reports.

If a control in a framework isn't part of your audit, set it out of scope. Mondoo excludes out-of-scope controls from your compliance score and hides them from generated reports.

Every control is in scope by default. Scope changes apply per space; setting a control out of scope in one space doesn't affect other spaces.

Setting a control out of scope hides it from your reports entirely. If you want to exclude a control from your score but still show it to your auditor with a justification, set an exception instead.

Set a control out of scope

Only team members with Editor or Owner access can perform this task.

  1. From a space, select Compliance in the side navigation, then select the framework.

  2. Scroll to the list of controls. Check the box beside the control.

    Compliance framework with a control selected

  3. Select SET OUT OF SCOPE.

    Compliance framework with a control out of scope

The control is immediately removed from the compliance score and from new reports generated for this space.

Restore a control to scope

Only team members with Editor or Owner access can perform this task.

  1. Open the framework and scroll to the controls list.

  2. Check the box beside the out-of-scope control.

    Compliance framework with an out-of-scope control selected

  3. Select SET IN SCOPE. The control returns to the score and to reports for this space.

Overview

Tailor Mondoo's compliance assessment to your audit by setting scope, defining exceptions, and adjusting the approval workflow.

Set Exceptions on Controls

Add, approve, reject, and remove exceptions on compliance controls.

On this page

Set a control out of scopeRestore a control to scope