Compliance Posture & Scoring - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Compliance Posture & ScoringComplianceCompliance Posture & Scoring ================================ How posture scores are computed, how control assessments work, and how to track remediation velocity over time. What Is a Posture Score? ------------------------ Your compliance posture score is a percentage representing how well your tested applications align with a specific compliance framework. A score of 85% means 85% of the testable controls in that framework are passing based on your most recent pentest results. How Scores Are Computed ----------------------- For each framework, APVISO evaluates every testable control: 1. **Passing** — no open findings mapped to this control. The control is treated as passing for APVISO's technical scoring. 2. **Failing** — one or more open findings (severity Low or above) are mapped to this control. 3. **Not assessed** — no pentests have tested this control, or the control is administrative/procedural and outside the scope of automated testing. The posture score is calculated as: `score = passing_controls / (passing_controls + failing_controls) * 100` Controls marked `not_assessed` are excluded from the calculation to avoid penalizing you for controls that cannot be tested automatically. Control Assessment Details -------------------------- Click any control in the compliance dashboard to see: - The control description and requirement text. - All findings mapped to this control, with their current status. - Historical assessment results from previous pentests. History Tracking ---------------- APVISO records your posture score after every pentest. The compliance dashboard includes a timeline chart showing how each framework's score has changed over time. Use this to: - Demonstrate improvement to auditors and stakeholders. - Identify regressions — a dropping score indicates new vulnerabilities affecting previously passing controls. - Correlate score changes with specific pentests or deployments. Remediation Velocity -------------------- The compliance dashboard tracks your average time to remediate findings mapped to each framework. This metric — remediation velocity — shows how quickly your team addresses compliance-relevant vulnerabilities. Faster remediation velocity indicates a more mature security program. Improving Your Score -------------------- 1. Review failing controls and the findings mapped to them. 2. Prioritize findings that affect the most controls across multiple frameworks. 3. Fix the underlying vulnerabilities and run retests to confirm. 4. The posture score updates automatically when findings are marked as `fixed`. Exporting Posture Data ---------------------- Export compliance posture data as JSON or CSV from the compliance dashboard. You can also access it via the API at `GET /api/compliance/posture`. This is useful for feeding data into GRC platforms, executive dashboards, or audit documentation. ### Related Articles [Compliance Overview Supported compliance frameworks and how APVISO maps findings to framework controls automatically.](/docs/compliance-overview)[Trust Badges Create and embed public trust badges on your website to demonstrate your security posture to customers.](/docs/trust-badges)[Managing Finding Status Track remediation progress using the finding status workflow — from open through to fixed, accepted risk, or false positive.](/docs/managing-finding-status)[Retesting Findings How to verify that vulnerabilities have been fixed by running targeted retests against specific findings.](/docs/retesting-findings) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.