Continuous Compliance - Overview

Mondoo eases your path to compliance with standard frameworks like SOC 2 Type II, PCI DSS, HIPAA, ISO 27001, and many more. It automates the time-consuming labor of evidence collection and continuously monitors your progress toward 100% compliance. With Mondoo, you always have a real-time evaluation of your compliance — from a high-level view of overall success to detailed evidence for your auditor.

Key concepts

Mondoo translates published compliance framework documentation into automated checks that run against your infrastructure:

• Frameworks are sets of published requirements (or guidelines) your organization must meet, such as SOC 2 Type II or CIS Controls. You enable the frameworks relevant to your business.
• Controls are the individual requirements within a framework, such as "Establish and maintain a secure network architecture."
• Checks are the specific, codified tests that Mondoo runs against your assets to determine whether a control is met. A single control can map to many checks across different platforms.

Monitor compliance

Mondoo continuously assesses all of your assets against the controls in each enabled framework. To get started:

1. Enable frameworks: Choose the compliance frameworks your organization needs and enable the policies they require.
2. Gather evidence: View your compliance progress, drill down into controls and assets to identify gaps, and generate PDF reports for your auditors.

Customize compliance

Because every organization is different, Mondoo lets you tailor your compliance evaluation:

• Define scope: Set controls that aren't part of your audit out of scope so they don't affect your compliance score.
• Set exceptions: Temporarily snooze or permanently disable controls or individual checks and provide a justification for your team and auditors.

To learn more, read Customize Compliance.

---