Define the Scope of Your Compliance Audit
If a certain control in a framework is not part of your compliance audit, you can set it out of scope. Mondoo excludes out-of-scope controls when calculating your overall progress toward compliance with the framework and when generating your compliance report.
All controls in a framework are in scope by default. You set a control out of scope for a space. In all other spaces, the control remains in scope.
Setting a control out of scope hides it entirely from your auditor. To exclude a control from your compliance score but include it in the report to your auditor with a justification, disable or snooze the control.
Set a control out of scope
Only team members with Editor or Owner access can perform this task.
-
In the Mondoo Console, navigate to the space you want to customize.
-
In the side navigation bar, under Compliance, select Frameworks.
-
Select the framework you want to customize and scroll down to the list of controls.
-
Check the box beside the control you want to set out of scope.
-
Select the SET OUT OF SCOPE button. Mondoo removes the control from the scope of your compliance framework for the space.
Set an out-of-scope control back in scope
Only team members with Editor or Owner access can perform this task.
-
In the Mondoo Console, navigate to the space you want to customize.
-
In the side navigation bar, under Compliance, select Frameworks.
-
Select the framework you want to customize and scroll down to the list of controls.
-
Check the box beside the out-of-scope control you want to set in scope.
-
Select the SET IN SCOPE button. Mondoo restores the control to the scope of your compliance framework for the space.