Regulatory
30 Day SLACompliance-critical findings that impact your ability to maintain PCI DSS, HIPAA, SOC 2, GDPR, and other certifications. Unaddressed findings lead to failed audits, lost certifications, and regulatory penalties.
Applicable Frameworks
Audit Readiness
Tier 2 findings are the leading cause of qualified audit opinions and failed certifications. Organizations with unaddressed Tier 2 findings face average remediation costs 4x higher when discovered during assessment.
Network
Network Segmentation Deficiencies
Failed auditCDE not isolated, flat networks, missing zones.
Insufficient Logging & Monitoring
Audit findingAudit logs not centralized, retention under requirements.
Missing IDS/IPS
Control gapNo intrusion detection on critical network boundaries.
Identity & Access Management
Non-Compliant Password Policies
Failed requirementBelow minimum complexity, no rotation, weak hashing.
Inadequate Access Reviews
Audit exceptionNo quarterly reviews, orphaned accounts, no termination process.
Service Account Governance
Control weaknessShared credentials, no rotation, excessive permissions.
Data Protection
Encryption Non-Compliance
Failed assessmentTLS 1.0/1.1 in use, weak ciphers, missing key management.
Data Retention Violations
Regulatory fineData kept beyond retention period, no disposal procedures.
Missing Data Classification
Compliance gapNo sensitivity labels, unknown data flows, no inventory.
Processing Protection
Vulnerability Management Gaps
Control deficiencyScan frequency below requirements, no remediation tracking.
Change Management Deficiencies
Audit findingNo change approvals, missing rollback procedures.
Incident Response Gaps
Failed assessmentNo documented IRP, untested procedures, missing contacts.
Compliance Impact Matrix
| Finding Type | PCI DSS | HIPAA | SOC 2 | GDPR |
|---|---|---|---|---|
| Network Segmentation | ● | ● | ● | ○ |
| Password Policies | ● | ● | ● | ● |
| Encryption Controls | ● | ● | ● | ● |
| Audit Logging | ● | ● | ● | ● |