Overview: Compliance Page

Last updated: June 8, 2026

Hello! We are here to help you navigate the Compliance page, which serves as your organization’s centralized hub for monitoring and managing security standards across all your targets. This page provides a clear view of how your digital assets align with major frameworks like SOC 2, PCI-DSS, ISO 27001, GDPR, HIPAA, and the OWASP 2021 Standard, highlighting the specific vulnerabilities that currently impact your status.

Summary

The Compliance page offers an instant summary of your organization's posture against various global security standards. By automatically categorizing scan and pentest findings into compliance-specific requirements, it allows you to identify exactly which security gaps are preventing you from meeting your certification or regulatory goals.

Who Should Read This

  • Compliance Officers: To track real-time adherence to regulatory requirements and identify outstanding risks.

  • Security Leads: To prioritize remediation efforts based on the compliance standards that are most critical to the business.

  • Business Owners: To understand the organization's overall security readiness and readiness for third-party audits.

  • DevOps & Engineers: To identify the precise vulnerabilities requiring a fix to move the organization toward a compliant state.

Key Functions

  • Summary View: Provides a high-level look at your organization's compliance status across multiple standards simultaneously.

  • Impact Metrics: Displays the percentage of Fixed Vulnerabilities (those that have passed checks) versus Vulnerabilities Requiring Fixes (those blocking compliance).

  • Vulnerability Severity Graph: A visual breakdown of vulnerabilities by severity level (High, Medium, Low) within a specific timeframe.

  • Time Frame Selection: Allows you to adjust the data view to reflect the last month, 3 months, 6 months, or a custom date range.

  • Standard-Specific Categorization: The Vulnerabilities tab allows you to see a detailed list of findings grouped by the specific compliance standard they affect.

Compliance Table Breakdown

The main table on this page helps you decode your compliance risks through several key data points:

  • Vulnerability Name: The specific security issue identified.

  • Scan Name: The name of the automated scan or manual pentest that detected the issue.

  • Target: The specific system or application where the vulnerability resides.

  • Severity & Risk Score: Both the qualitative risk level (e.g., Critical, High) and the numerical score used to prioritize the finding.

Available Actions

  • Fix Vulnerabilities: Use the Fix Vulnerabilities button or the Vulnerabilities tab to jump directly into the list of issues requiring remediation.

  • Access Details: Click on any row in the compliance table to open a Vulnerability Details sheet for in-depth technical information and reproduction steps.

  • Filter and Sort: Efficiently organize findings by Risk Score, Status (Fix Needed or Already Fixed), Severity, or Type of Scan.

Best Practices

  • Focus on High-Impact Fixes: Prioritize vulnerabilities listed under Vulnerabilities Requiring Fix for critical standards like SOC 2 or PCI-DSS to maintain your security standing.

  • Utilize Vetted Scans: If your plan includes them, use Vetted Scans to ensure your compliance dashboard is free of false positives, allowing your team to focus only on genuine risks.

  • Continuous Monitoring: Compliance is not a one-time event; schedule regular scans to ensure that new code deployments do not introduce violations of your required standards.

Troubleshooting & FAQ

  • Direct Certification: Please note that Astra helps you meet the vulnerability management requirements for frameworks like SOC 2, but we do not provide the certification itself. You must work with a recognized auditor or platform (like Vanta or Drata) for final certification.

  • Compliance Reports: While standard scan reports are available, dedicated compliance-specific reports are currently under development and will be released soon.

  • Missing Data: If you don't see results for a target, ensure the Scanner Connectivity Check has passed and that our scanner IPs are whitelisted in your firewall.