Compliance

Monitor your AWS posture against industry compliance frameworks

Overview

qrie maps your launched policies to compliance framework controls and tracks your coverage in real time

The Compliance page shows how your active policies align with industry standards. Each framework is broken down into individual controls, and each control links to the policies that satisfy it — and any open findings that violate it.

•Compliance is read-only — you manage coverage by launching or adjusting policies on the Management page
•Scores update automatically as policies are launched, findings are resolved, or new resources are detected
•A control is compliant only when its mapped policy is active and has zero open findings for the resources in scope

How Compliance Scoring Works

Understanding the score shown for each framework

Each framework displays a compliance score (0–100 %) calculated as:

score = compliant_controls / total_controls × 100

A control is counted as compliant when:

The mapped policy is active (launched), and
There are no ACTIVE findings for that policy

A control is non-compliant when the policy is active but has open findings. A control is not monitored when the policy hasn't been launched yet.

Control State	Meaning
Compliant	Policy active, zero open findings
Non-Compliant	Policy active, one or more open findings
Not Monitored	Policy not yet launched

Supported Frameworks

Compliance frameworks currently available in qrie

CIS Benchmarks

Center for Internet Security benchmarks for AWS — hardening guidelines for IAM, S3, EC2, CloudTrail, and KMS configurations.

SOC 2

Service Organization Control 2 — controls mapped to the Trust Service Criteria (Security, Availability, Confidentiality).

HIPAA

Health Insurance Portability and Accountability Act — technical safeguards for protecting ePHI in AWS environments.

CMMC

Cybersecurity Maturity Model Certification — DoD supply chain requirements mapped to AWS security controls.

Navigating the Compliance Page

Framework overview

The Compliance page shows a card for each framework with its score gauge, total controls, and open finding count. Click a framework card to drill into its controls.

Framework detail

Each framework detail page lists all controls with their state, associated policy, service, and finding count. Use the state filter tabs (All / Compliant / Non-Compliant / Not Monitored) to focus on what needs attention.

Drilling into findings

Clicking a finding count on a control row navigates to the Findings page filtered by that policy — so you can immediately see what's causing the non-compliance.

Improving Compliance Coverage

How to increase your score

Coverage is driven by policies

Compliance scores can only improve if you launch the policies mapped to each control. Launching a policy from the Management page automatically makes its controls monitorable.

Steps to improve your score:

1Open the framework detail page and filter by Not Monitored
2Note the policies associated with unmonitored controls
3Go to Management and launch those policies with appropriate scope
4Review open findings for non-compliant controls and remediate the underlying resources

Next Steps

→ View Compliance page → Learn about Policy Management → Go to Management to launch policies