Files
carmanagement/results/summaries/COMPLIANCE_SUMMARY.md
T
2026-05-21 12:35:49 -04:00

68 lines
1.4 KiB
Markdown

# Compliance Framework Summary
**Total Findings:** 712
**Findings with Compliance Mappings:** 712 (100.0%)
## Framework Coverage
| Framework | Coverage |
|-----------|----------|
| **OWASP Top 10 2021** | 4/10 categories |
| **CWE Top 25 2024** | 6/25 weaknesses |
| **CIS Controls v8.1** | 7 controls |
| **NIST CSF 2.0** | 1427 mappings across 4 functions |
| **PCI DSS 4.0** | 5 requirements |
| **MITRE ATT&CK** | 4 techniques |
## OWASP Top 10 2021
| Category | Findings |
|----------|----------|
| A01:2021 | 4 |
| A02:2021 | 42 |
| A03:2021 | 6 |
| A10:2021 | 2 |
## CWE Top 25 2024 (Top 10 Most Frequent)
| CWE ID | Rank | Findings |
|--------|------|----------|
| CWE-798 | 18 | 41 |
| CWE-863 | 24 | 3 |
| CWE-79 | 1 | 3 |
| CWE-918 | 19 | 2 |
| CWE-20 | 4 | 1 |
| CWE-362 | 21 | 1 |
## NIST Cybersecurity Framework 2.0
| Function | Findings |
|----------|----------|
| GOVERN | 671 |
| IDENTIFY | 671 |
| PROTECT | 82 |
| DETECT | 3 |
## PCI DSS 4.0
**Requirements with Findings:** 5
See `PCI_DSS_COMPLIANCE.md` for detailed PCI DSS compliance report.
## MITRE ATT&CK
**Techniques Detected:** 4
See `attack-navigator.json` for interactive ATT&CK Navigator visualization.
**Top 5 Techniques:**
1. **T1195** - Supply Chain Compromise (671 findings)
2. **T1552** - Unsecured Credentials (41 findings)
3. **T1078** - Valid Accounts (41 findings)
4. **T1190** - Exploit Public-Facing Application (3 findings)
---
*Generated by JMo Security Audit Tool Suite*