Compliance Dashboard
What is Compliance?
Compliance in cybersecurity refers to the practice of ensuring that an organization’s systems, processes, and data handling are aligned with internationally recognized standards, laws, and regulatory requirements. These standards exist to enforce best practices around confidentiality, integrity, and availability of information while reducing the risk of breaches, fines, or reputational damage.
In practical terms, compliance means:
Following security frameworks like ISO 27001, NIST, HIPAA, or PCI DSS to ensure your security controls meet industry expectations.
Demonstrating accountability to regulators, partners, and customers that your organization actively protects sensitive data.
Reducing business risk by closing security gaps before they become legal liabilities or financial penalties.
Driving continuous improvement through regular audits, reporting, and remediation of non-compliant assets.
Put simply, compliance bridges the gap between security operations and legal/regulatory obligations. While security alone is about defending systems, compliance ensures that defense is done in line with global standards proving to stakeholders that the organization is trustworthy, secure, and audit-ready.
The Compliance Dashboard is designed to be the ultimate checkpoint for measuring how well your external-facing assets align with global compliance frameworks. Instead of only listing vulnerabilities, this dashboard transforms them into compliance-driven insights — showing you exactly where your organization falls short against regulatory standards and what must be done to close the gaps.
At its core, this dashboard answers three critical questions for security and governance teams:
Are my assets compliant with international standards?
Which issues pose the highest risk of non-compliance?
What actions and timelines (SLA) are recommended to fix them?
What makes this system extremely powerful is its ability to:
Provide a customizable view — You can select up to 5 compliance standards at a time to summarize on the dashboard, switching them in or out at any moment to fit your unique business requirements.
Deliver granular analytics per compliance framework — including Remediation Difficulty, Exploitation Complexity, SLA Recommendations, Number of Issues, and Fix Progress.
Highlight urgent risks with SLA-driven deadlines (e.g., “74 issues require fixing within 7 days”), ensuring teams know what needs immediate attention.
Assign a Compliance Security Rating (A–F) based on the latest scan, giving executives a clear score that reflects the organization’s compliance posture.
Offer clickable, filterable data — every section (e.g., remediation difficulty, exploitation complexity, SLA breakdowns) can be drilled into, letting analysts jump straight from high-level compliance views to the underlying technical findings.
Supported Compliance Standards (16 total)
The system currently supports 16 international compliance frameworks, ensuring broad coverage for regulatory and industry-specific needs:
SAMA
ISO 27001
NESA
PCI DSS v4.0
NIST 800-53 Rev.5
NIST 800-53
NIST 800-171
CIS Controls v8
CSF
GDPR
SOC 2
HIPAA
SWIFT-CSCv1
ITSG-33
QCSC-v1
CSCv7
In short, the Compliance Dashboard is not just a passive reporting tool it is a decision-making engine. By unifying vulnerabilities, misconfigurations, and risks under compliance benchmarks, it empowers organizations to prove alignment with regulatory requirements, prioritize fixes by SLA urgency, and continuously track improvement over time.
Starting with the Compliance Dashboard
At the very top-right of the Compliance Dashboard, you will notice the Customize Dashboard button.
By clicking this option, the system opens a menu that lists all the compliance frameworks supported by our platform. Currently, the system supports 16 international compliance standards, including:
SAMA
ISO 27001
NESA
PCI DSS v4.0
NIST 800-53 (Rev 5 & legacy)
NIST 800-171
CIS Controls v8
CSF
GDPR
SOC 2
HIPAA
SWIFT-CSCv1
ITSG-33
QCSC-v1
CSCv7
From this list, you can choose up to 5 frameworks at a time. This limit ensures the dashboard remains focused and actionable, showing you only the most relevant compliance results for your organization.
Once you make your selection and click Save, the dashboard automatically refreshes to display summarized compliance insights for the chosen frameworks. These insights cover remediation difficulty, exploitation complexity, number of issues, SLA recommendations, and overall compliance security ratings all tailored to the specific standards you selected.
Selected Standards Overview - Compliance metric cards
When you select up to five compliance frameworks from the Customize Dashboard option (top-right), the system displays a consolidated summary of those standards in the Compliance Dashboard. For example, if you choose:
CSF
HIPAA
NESA
PCI DSS v4.0
SAMA CSF
They will appear as tabs at the top of the dashboard, and for each framework, the following key metrics are shown:
1. Remediation Difficulty
This metric shows how challenging it is to remediate the compliance-related issues detected within the selected framework. It helps security teams estimate the time, resources, and effort required to bring assets back into compliance.
The system classifies issues into three categories:
Easy → Quick fixes that require minimal effort or configuration changes.
Involved → Issues that need more technical adjustments, coordination, or multiple steps to resolve.
Planned → Complex gaps that may require scheduled remediation projects, architectural changes, or longer-term planning.
Example:
If for CSF the remediation difficulty is marked as Easy, it means most identified compliance gaps can be resolved quickly without requiring major system rework.
Interactive Functionality:
This field is clickable. When selected, it automatically filters the Issue Details Table to display only the issues belonging to the chosen difficulty level. This allows teams to focus remediation efforts based on effort level and available resources.
2. Exploitation Complexity
This metric indicates how difficult or straightforward it is for attackers to exploit the issues detected under a specific compliance framework. It reflects the real-world attack feasibility and helps prioritize which vulnerabilities pose the greatest immediate risk.
The system categorizes issues into three levels:
Easy → Vulnerabilities that attackers can exploit with minimal effort or widely available tools.
Medium → Exploits that require moderate skill, preparation, or specific conditions.
Hard → Complex exploits that demand advanced techniques, chaining multiple vulnerabilities, or privileged access.
Example:
If for HIPAA the exploitation complexity is Easy, it means attackers can quickly leverage these weaknesses with little sophistication. This raises urgency since even low-skilled attackers could cause damage.
📌 Interactive Functionality:
This field is clickable. When selected, it automatically filters the Issue Details Table to display only the issues with the chosen exploitation complexity. From there, analysts can drill down into each issue’s details to better understand the nature of the exposure, its context, and recommended remediation.
3. SLA Recommendation
This metric represents the best-practice Service Level Agreement (SLA) for resolving compliance-related issues. It tells you how many days are recommended to fix the identified issues in order to remain aligned with the selected compliance standard.
The number displayed (e.g., 24) indicates the maximum number of days allowed to remediate the issues before they are considered overdue from a compliance perspective.
These values are based on global best practices and compliance requirements (e.g., PCI DSS, HIPAA, ISO).
Example:
If PCI DSS v4.0 shows an SLA Recommendation of 24, it means all related vulnerabilities should be fixed within 24 days to maintain compliance and reduce risk exposure.
📌 Important Notes:
The smaller the SLA number, the more urgent the fix. For example, an SLA of 7 would highlight issues requiring immediate attention within a week.
4. Number of Issues
This metric displays the total number of issues identified for the selected compliance standard. It provides both the current count and a delta indicator that shows whether the number of issues has increased compared to the last scan.
Main Value (e.g., 150): Represents the total number of compliance-related findings detected in the most recent scan.
Delta Indicator (e.g., +14 / -14): Shows how many new issues have been added since the last scan.
+14 → 14 new issues were discovered.
14 → 14 issues were fixed or no longer detected.
This helps security teams quickly understand the trend: whether compliance posture is improving or deteriorating over time.
Example:
If NESA displays 150 issues with a +14 delta, it means there are now 150 open issues, and 14 of them are new compared to the previous scan.
📌 Interactive:
Clicking on this metric automatically redirects you to the Issue Details Table, where all issues tied to that compliance standard are listed with full context (e.g., subdomain, severity, SLA due, and remediation difficulty).
5. Fix Progress
Indicates the percentage of issues that have already been remediated under the selected compliance framework.
This provides a clear snapshot of progress towards achieving compliance.
A value of 0% means no issues have been fixed yet, while 100% indicates full compliance for that framework.
Example:
If SAMA CSF shows 0%, it means that none of the detected compliance gaps have been addressed so far. Conversely, if it shows 40%, then nearly half of the required fixes have already been implemented.
This metric is informational only.
6. Last Scan
Indicates the last date on which compliance checks were executed.
Example: 30/07/2025 shows that the last compliance scan for this standard was completed on that date.
7. Warning Banner
Located below the compliance metric cards (right under Fix Progress and Last Scan).
Displays urgent issues that must be remediated within a very short timeframe based on SLA requirements.
Example:
“Warning: 74 issues require fixing within 7 days”
means that 74 issues must be resolved within 7 days to avoid falling into non-compliance.
📌 Interactive:
Clicking this banner automatically redirects you to the Issue Details Table, pre-filtered to show only SLA-driven urgent issues.
1) Remediation Difficulty (bar chart)
Shows how many issues under each selected compliance standard fall into:
Easy (quick fixes),
Involved (moderate effort),
Planned (longer-term remediation).
Interpretation: If most findings appear under Easy, they can be remediated quickly with minimal disruption. A higher share of Planned indicates the need for scheduling, approvals, or architectural changes.
Colors: Each compliance standard is represented by its own color in the legend at the bottom.
2) Exploitation Complexity (stacked columns)
Measures how difficult it is for attackers to exploit findings tied to each compliance standard.
Color coding:
Green = Easy to exploit (high urgency),
Yellow = Medium,
Red = Hard (requires more advanced attacker skill).
Interpretation: If the green section dominates, it means many vulnerabilities are trivial to exploit, requiring urgent attention.
3) SLA Recommendation (pie chart)
Shows the timeframes recommended for fixing issues, based on global compliance best practices.
Color coding:
Red = Fix in Next Release (highest priority),
Orange = Fix within 30 Days,
Yellow = Fix within 60 Days,
Green = Fix within 90 Days.
Interpretation: A large red/orange portion means most gaps must be addressed urgently, while more green/yellow means you have longer remediation windows.
Together, these three visuals help teams answer:
How much work is it? (Remediation Difficulty)
How urgent is it from an attacker’s perspective? (Exploitation Complexity)
By when should it be fixed to remain compliant? (SLA Recommendation)
Issue Details
Located directly beneath the compliance charts, the Issue Details section provides a summary of all compliance-related findings in a set of compact, adjacent counters. These counters allow analysts to quickly assess the overall state of compliance gaps before diving into the detailed issue table below.
Here’s what each metric means:
Compliance
Shows how many compliance standards are currently being tracked in the dashboard.
Example: If you selected 5 frameworks in the Customize Dashboard, this counter confirms they are included in the analysis.
Controls
Displays the number of individual compliance controls being evaluated across the selected standards. Each control represents a specific requirement (e.g., secure configuration, encryption, logging).
Issues
The total number of issues identified across all selected compliance frameworks. This includes low, medium, high, and critical severities.
High Risk Issues
A subset of issues classified as high-risk or critical, meaning they pose the greatest threat to compliance and security.
📌 Interactive: Clicking this metric filters the Issue Table to show only high-risk findings.
Resolved
Shows how many issues have already been fixed and verified.
📌 Interactive: Clicking this number filters the table to display all resolved issues.
Open
Indicates how many issues remain unaddressed. These represent current gaps in compliance.
📌 Interactive: Clicking this number filters the table to show all open findings.
7 Days SLA Due
Highlights the number of issues that must be fixed within the next 7 days according to SLA deadlines.
📌 Interactive: Clicking this metric filters the table to show only these urgent SLA-driven issues.
Issue Details Table
The Issue Details Table is one of the most powerful components of the Compliance Dashboard. It consolidates all identified issues across your selected compliance frameworks into a single, structured, and interactive view. Positioned directly beneath the compliance summary and graphs, this section allows analysts to drill down from high-level metrics into granular issue-level details.
General Features
Search Bar → Quickly locate specific issues by typing keywords.
Filters → Multiple dropdown filters allow precise scoping of results, ensuring teams can prioritize the most relevant findings.
Export → Results can be exported (e.g., CSV) for reporting or offline analysis.
Navigation Arrows (>>) on Each Record → Clicking this opens the **Vulnerability Details Page (**already explained in the vulnerabilities section #يدس احط منشن للصفحة هان).
Columns in the Table
Each issue is broken down into well-defined columns for clarity:
Issue Title → The name/description of the vulnerability (e.g., Wildcard TLS Certificate on Port 8443).
Subdomain → The affected asset or subdomain where the issue was detected (e.g.,
www.example.ps).Compliance – Control → Shows which compliance control(s) this issue maps to (e.g., PCI DSS v4.0 – 6.5.2). Multiple controls may apply.
Severity → Indicates the risk level (e.g., Exploited, Critical, High, Medium, Low, Informational).
Status → Tracks whether the issue is Open, Closed, or Closed by AI.
SLA Due → Displays remediation deadlines (e.g., Next Release, 7 Days, 30 Days, 60 Days, 90 Days).
Navigation (>>) → Opens the full vulnerability details page with technical evidence, risk assessment, and compliance mappings.
Filters (Dropdowns)
The table provides a rich filtering system, allowing fine-tuned investigations:
Compliance Filter → Narrow down issues by compliance framework (e.g., NESA, HIPAA, PCI DSS v4.0).
Controls → Filter by specific compliance control references.
Severity → Focus only on critical, exploited, or informational issues.
Status → Show only open or closed findings.
SLA Due → Highlight issues based on deadlines (e.g., within 7 days or next release).
Exploit Complexity → Filter by how easy/hard the issue is to exploit (Easy, Medium, Hard).
Remediation Difficulty → Filter by how easy/difficult the fix is (Easy, Planned, Involved).
Last updated
Was this helpful?