# Compliance Framework Summary **Total Findings:** 712 **Findings with Compliance Mappings:** 712 (100.0%) ## Framework Coverage | Framework | Coverage | |-----------|----------| | **OWASP Top 10 2021** | 4/10 categories | | **CWE Top 25 2024** | 6/25 weaknesses | | **CIS Controls v8.1** | 7 controls | | **NIST CSF 2.0** | 1427 mappings across 4 functions | | **PCI DSS 4.0** | 5 requirements | | **MITRE ATT&CK** | 4 techniques | ## OWASP Top 10 2021 | Category | Findings | |----------|----------| | A01:2021 | 4 | | A02:2021 | 42 | | A03:2021 | 6 | | A10:2021 | 2 | ## CWE Top 25 2024 (Top 10 Most Frequent) | CWE ID | Rank | Findings | |--------|------|----------| | CWE-798 | 18 | 41 | | CWE-863 | 24 | 3 | | CWE-79 | 1 | 3 | | CWE-918 | 19 | 2 | | CWE-20 | 4 | 1 | | CWE-362 | 21 | 1 | ## NIST Cybersecurity Framework 2.0 | Function | Findings | |----------|----------| | GOVERN | 671 | | IDENTIFY | 671 | | PROTECT | 82 | | DETECT | 3 | ## PCI DSS 4.0 **Requirements with Findings:** 5 See `PCI_DSS_COMPLIANCE.md` for detailed PCI DSS compliance report. ## MITRE ATT&CK **Techniques Detected:** 4 See `attack-navigator.json` for interactive ATT&CK Navigator visualization. **Top 5 Techniques:** 1. **T1195** - Supply Chain Compromise (671 findings) 2. **T1552** - Unsecured Credentials (41 findings) 3. **T1078** - Valid Accounts (41 findings) 4. **T1190** - Exploit Public-Facing Application (3 findings) --- *Generated by JMo Security Audit Tool Suite*