“In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.”
Bron: wiki compliance

Objective

The objectives for the compliance scan is to verify if systems and applications are configured according to the applicable security policies, regulations and adapted security best practices.

Compliance Scan Service

I’m running compliance scans for a number of customers on a daily basis against many different platforms, operating systems, middleware and (web)applications:

• Cloud: Azure and AWS
• Network devices: Cisco, Juniper, BlueCoat, HP, F5s etc.
• Virtualisation platforms: WMware and Hyper-V
• Operating Systems: Apple Mac OS X, Linux and Windows
• Databases: DB2, MySQL, MS SQL, Mongodb and Oracle.
• Middleware: WebSphere and Tibco
• Applications/Frameworks: IIS, Java, Apache, Tomcat, Lotus etc.

I offer this service with Tenable Nessus and custom created auditfiles, scripts and reporting tools. I’m working closely with the Subject Matter Experts (SME’s) to define default security settings (hardening) and methods to verify system and application compliance.

I provide custom reports tailored to the customer needs to streamline the change management proces and inform Asset Owners and Risk Management.

References:

• Critical Security Control #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
• Critical Security Control #10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches