CMMC Compliance Report

Generated October 13, 2025 at 4:55 PM | Account: 1234567890123-1234567890123
80%

Automated Check Score

17
Total Controls
4
Passed
1
Failed

Important: Automated Technical Checks Only

This report shows 5 automated technical checks out of 17 total controls. The 80.0% score represents automated infrastructure checks only.

Automated Checks (5 controls)

  • Infrastructure configurations
  • Access control policies
  • Encryption settings
  • Network security rules
  • Logging and monitoring

Manual Documentation Required (12 controls)

  • Organizational policies
  • Training records
  • Incident response plans
  • Third-party assessments
  • Business processes

Full compliance requires:

THIS TOOL DOES NOT PROVIDE CERTIFICATION. Formal assessment by qualified auditor is required.

Executive Summary

Your AZURE environment is in good standing with a compliance score of 80.0%. Out of 17 controls evaluated, 4 passed and 1 failed. Immediate action is required on 0 critical issues to achieve compliance.

Top Priority Actions

1. Enable continuous compliance monitoring
2. Document your security policies and procedures
3. Set up automated alerting for security events
4. Schedule quarterly access reviews

Control Details

1. [IA.L1-3.5.1] Security Control
FAIL
Issue: Unable to verify Azure AD users: Insufficient privileges to complete the operation.
$ Ensure Azure AD is configured with unique user identities
Evidence Collection Guide
  • Azure Portal → Azure AD → Users → Screenshot user list
Open Console →
1. [AC.L1-3.1.1] Security Control
PASS
Azure RBAC configured with 3 role assignments
2. [AC.L1-3.1.2] Security Control
PASS
RBAC configured with appropriate role assignments (0 Owner roles)
3. [SC.L1-3.13.1] Security Control
PASS
All 0 NSGs have restricted access rules
4. [SC.L1-3.13.16] Security Control
PASS
All 2 storage accounts have encryption enabled
1. [IA.L1-3.5.2] Security Control
MANUAL
Documentation Required: MANUAL: Verify Azure AD MFA is enabled for all users via Conditional Access
Evidence Collection Guide
  • Azure Portal → Azure AD → Security → MFA → Screenshot MFA status | Conditional Access → Screenshot MFA policies
View in Console →
2. [MP.L1-3.8.3] Security Control
MANUAL
Documentation Required: MANUAL: Document media sanitization procedures for Azure Storage and compute resources
Evidence Collection Guide
  • Documentation → Screenshot sanitization procedures | Azure Storage → Lifecycle → Screenshot
View in Console →
3. [PE.L1-3.10.1] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft data centers limit physical access (documented in SOC 2)
Evidence Collection Guide
  • Azure Trust Center → Compliance → Screenshot physical security documentation
View in Console →
4. [PE.L1-3.10.2] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft data centers have physical protection
Evidence Collection Guide
  • Azure Trust Center → Screenshot physical protection controls
View in Console →
5. [PE.L1-3.10.3] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft data centers escort all visitors
Evidence Collection Guide
  • Azure Trust Center → Screenshot visitor procedures
View in Console →
6. [PE.L1-3.10.4] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft maintains physical access logs
Evidence Collection Guide
  • Azure Trust Center → Screenshot access logging
View in Console →
7. [PE.L1-3.10.5] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft controls physical access devices
Evidence Collection Guide
  • Azure Trust Center → Screenshot device controls
View in Console →
8. [PE.L1-3.10.6] Security Control
MANUAL
Documentation Required: Azure inherited: Microsoft enforces physical safeguards
Evidence Collection Guide
  • Azure Trust Center → Screenshot safeguarding controls
View in Console →
9. [SC.L1-3.13.5] Security Control
MANUAL
Documentation Required: MANUAL: Verify Azure VNet subnets separate public and private systems
Evidence Collection Guide
  • Azure Portal → Virtual networks → Subnets → Screenshot subnet separation
View in Console →
10. [SI.L1-3.14.1] Security Control
MANUAL
Documentation Required: MANUAL: Verify Azure Update Management identifies system flaws
Evidence Collection Guide
  • Azure Portal → Update Management → Screenshot compliance | Defender → Screenshot vulnerabilities
View in Console →
11. [SI.L1-3.14.2] Security Control
MANUAL
Documentation Required: MANUAL: Verify malicious code protection via Defender for Cloud
Evidence Collection Guide
  • Azure Portal → Defender for Cloud → Screenshot malware protection
View in Console →
12. [SI.L1-3.14.4] Security Control
MANUAL
Documentation Required: MANUAL: Verify automatic updates for malicious code protection
Evidence Collection Guide
  • Azure Portal → Defender → Settings → Screenshot automatic updates
View in Console →

Generated by AuditKit - Multi-Cloud Compliance Scanner

Learn More