Mondoo
Docs
Compliance

Continuous Compliance

Use Mondoo to continuously assess and prove your compliance with major frameworks.

Mondoo automates compliance with standard frameworks like SOC 2 Type II, PCI DSS, HIPAA, ISO 27001, and many more. It collects evidence continuously, gives you a real-time compliance score, and produces auditor-ready PDF reports on demand. You spend less time gathering screenshots and more time meeting the bar.

Key concepts

Mondoo translates each published framework into automated checks that run against your infrastructure. Three terms describe the layers:

  • Framework. A published set of requirements your organization must meet (for example, SOC 2 Type II or CIS Controls).
  • Control. An individual requirement within a framework, such as "Establish and maintain a secure network architecture."
  • Check. A codified test Mondoo runs against an asset to collect evidence for a control. One control can map to many checks across different platforms.

Start here

  1. Enable frameworks. Pick the standards your space should be assessed against and enable the policies that back them.

  2. Gather evidence. View your compliance score, drill down into controls and assets, and generate auditor-ready PDF reports.

  3. Customize compliance. Set out-of-scope controls, file exceptions, and tailor what Mondoo evaluates to match your audit.

Configure Risk Dimensions

Adjust how much each risk dimension influences scores, disable dimensions, and add custom detections.

Enable Frameworks

Enable compliance frameworks in Mondoo so it monitors your infrastructure against SOC 2, HIPAA, PCI DSS, and other standards.

On this page

Key conceptsStart here