Compliance Overview - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Compliance OverviewComplianceCompliance Overview =================== Supported compliance frameworks and how APVISO maps findings to framework controls automatically. Supported Frameworks -------------------- APVISO maps pentest findings to controls in the following compliance frameworks: - **OWASP Top 10** — the standard for web application security risks. - **NIST Cybersecurity Framework (CSF)** — a comprehensive framework for managing cybersecurity risk. - **ISO 27001** — international standard for information security management systems. - **PCI-DSS 4.0** — payment card industry data security standard. - **SOC 2** — service organization controls for security, availability, and confidentiality. - **GDPR** — European data protection regulation. - **CIS Controls** — prioritized security actions for cyber defense. - **NIS2** — EU directive on network and information security. - **DORA** — Digital Operational Resilience Act for financial entities. - **Czech ZOKB** — Czech law on cybersecurity (Zakon o kyberneticke bezpecnosti). How Mapping Works ----------------- When a finding is created, APVISO's reporter agent automatically maps it to relevant framework controls. For example, an SQL injection finding (CWE-89) maps to: - OWASP Top 10: A03 Injection. - PCI-DSS 4.0: Requirement 6.2.4 (software development security). - NIST CSF: PR.DS-5 (data leak protection). - ISO 27001: A.8.26 (application security). These mappings appear on the finding detail page and are included in reports. Compliance Dashboard -------------------- The compliance dashboard is available on sales-managed Enterprise or custom governance terms and provides: - **Framework view** — select a framework to see all its controls and which ones have associated findings. - **Control status** — each control is rated as passing, failing, or not assessed based on pentest results. - **Posture score** — an overall compliance posture percentage for each framework. - **History** — track how your posture score changes over time. Using Compliance Data --------------------- - Share compliance reports with auditors or customers as technical testing evidence. - Use the framework view to identify gaps — controls with no assessment may need manual review. - Track posture scores over time to demonstrate continuous improvement. - Export compliance data via the API for inclusion in GRC platforms. Limitations ----------- APVISO's compliance mappings cover technical controls that can be validated through penetration testing. Administrative, physical, and procedural controls (e.g., security policies, employee training) are outside the scope of automated testing and are marked as `not_assessed`. APVISO does not certify compliance or promise auditor acceptance. ### Related Articles [Compliance Posture & Scoring How posture scores are computed, how control assessments work, and how to track remediation velocity over time.](/docs/compliance-posture)[Trust Badges Create and embed public trust badges on your website to demonstrate your security posture to customers.](/docs/trust-badges)[Understanding Findings What severity levels mean, how findings are structured, and how to interpret CWE/CVE references and compliance mappings.](/docs/understanding-findings) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.