ComplianceMonitor Compliance

Enable Compliance Frameworks

Enable compliance frameworks in Mondoo so it monitors your infrastructure against SOC 2, HIPAA, PCI DSS, and other standards.

To monitor compliance, you pick the frameworks your space should be assessed against and enable the policies that back them. A framework is a published set of requirements your organization must meet.

Some frameworks are mandatory in particular contexts:

  • BSI C5 is required for public cloud services provided to German federal agencies.
  • HIPAA is required for health care organizations in the USA.

Others are voluntary but important to your customers or partners:

  • SOC 2 is required by many American businesses for their partners and vendors.
  • PCI DSS is globally accepted for protecting cardholders against misuse of personal information.

How frameworks map to checks

Mondoo's security team translates each published framework into automated tests. Three layers connect a written requirement to the assets it's evaluated on:

  • Control. A broad requirement in the framework, such as "Implement and manage a firewall on end-user devices."
  • Check. A specific test that runs against an asset, such as "Windows Firewall blocks incoming connections by default."
  • Policy. A bundle of checks that target a particular platform (Ubuntu, Windows, macOS, AWS, and so on).

Controls and checks

A single control typically maps to many checks across many policies. For the CIS firewall control above, Mondoo runs checks for Ubuntu (UFW installed, iptables denying inbound), Windows 11 (firewall logging dropped packets), macOS 12 (stealth mode enabled), and more. For the framework to score accurately, every relevant policy must be enabled in your space.

Controls, checks, and policies

Enable a framework

A framework you haven't turned on yet sits under Available Frameworks. Enabling it adds the framework to your space and turns on scoring, which tells your team you're working toward an audit. You can also set a framework to Preview to collect data without scoring while you explore it.

Only team members with Editor or Owner access can perform this task.
  1. In the Mondoo App, navigate to the space.

  2. In the side navigation, select Compliance. Frameworks you've turned on appear under Active Frameworks and Preview; the rest are under Available Frameworks.

    Compliance in the Mondoo App

  3. Select Enable Framework and, in the dialog, find the framework you want and select Enable. (You can also select Enable directly on any framework under Available Frameworks.) The framework moves to Active Frameworks and Mondoo begins scoring your space against it.

    Enable a compliance framework

  4. To change a framework's status later, open the framework and use the status menu in the top-right corner:

    • Active. Mondoo scores your space against the framework as you work toward an audit.
    • Preview. Mondoo shows preliminary progress without counting the framework toward your score.
    • Disabled. Removes the framework from the space.

    Set a compliance framework's status

You can also enable a framework from the command line. See cnspec framework active.

Enable the framework's policies

Every Mondoo policy contributes to compliance, so Mondoo recommends the specific policies that give a framework full coverage. Open the framework and select the Policies tab to see those recommended policies, then select + ENABLE next to each one you want to turn on.

Recommended policies for a compliance framework

Only team members with Editor or Owner access can perform this task.

Once the framework and its policies are enabled, Mondoo runs the relevant checks against every asset in the space on every scan. To see results, read Gather Evidence of Compliance.

On this page