68 lines
1.4 KiB
Markdown
68 lines
1.4 KiB
Markdown
# Compliance Framework Summary
|
|
|
|
**Total Findings:** 712
|
|
**Findings with Compliance Mappings:** 712 (100.0%)
|
|
|
|
## Framework Coverage
|
|
|
|
| Framework | Coverage |
|
|
|-----------|----------|
|
|
| **OWASP Top 10 2021** | 4/10 categories |
|
|
| **CWE Top 25 2024** | 6/25 weaknesses |
|
|
| **CIS Controls v8.1** | 7 controls |
|
|
| **NIST CSF 2.0** | 1427 mappings across 4 functions |
|
|
| **PCI DSS 4.0** | 5 requirements |
|
|
| **MITRE ATT&CK** | 4 techniques |
|
|
|
|
## OWASP Top 10 2021
|
|
|
|
| Category | Findings |
|
|
|----------|----------|
|
|
| A01:2021 | 4 |
|
|
| A02:2021 | 42 |
|
|
| A03:2021 | 6 |
|
|
| A10:2021 | 2 |
|
|
|
|
## CWE Top 25 2024 (Top 10 Most Frequent)
|
|
|
|
| CWE ID | Rank | Findings |
|
|
|--------|------|----------|
|
|
| CWE-798 | 18 | 41 |
|
|
| CWE-863 | 24 | 3 |
|
|
| CWE-79 | 1 | 3 |
|
|
| CWE-918 | 19 | 2 |
|
|
| CWE-20 | 4 | 1 |
|
|
| CWE-362 | 21 | 1 |
|
|
|
|
## NIST Cybersecurity Framework 2.0
|
|
|
|
| Function | Findings |
|
|
|----------|----------|
|
|
| GOVERN | 671 |
|
|
| IDENTIFY | 671 |
|
|
| PROTECT | 82 |
|
|
| DETECT | 3 |
|
|
|
|
## PCI DSS 4.0
|
|
|
|
**Requirements with Findings:** 5
|
|
|
|
See `PCI_DSS_COMPLIANCE.md` for detailed PCI DSS compliance report.
|
|
|
|
## MITRE ATT&CK
|
|
|
|
**Techniques Detected:** 4
|
|
|
|
See `attack-navigator.json` for interactive ATT&CK Navigator visualization.
|
|
|
|
**Top 5 Techniques:**
|
|
|
|
1. **T1195** - Supply Chain Compromise (671 findings)
|
|
2. **T1552** - Unsecured Credentials (41 findings)
|
|
3. **T1078** - Valid Accounts (41 findings)
|
|
4. **T1190** - Exploit Public-Facing Application (3 findings)
|
|
|
|
---
|
|
|
|
*Generated by JMo Security Audit Tool Suite*
|