Compliance Requirement Deep Dive
Actionable Deep Dives
Requirements needing action, ordered by severity and backed by source evidence.
Host Firewall Enforcement NonCompliant
A4.1 · Danzel-3.3-A4_1
Do you have firewalls at the boundaries between your organisation's internal networks, laptops, desktops, servers, and the internet?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.1.1 · Danzel-3.3-A4_1_1
Do you have software firewalls enabled on all of your computers, laptops and servers?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.1.2 · Danzel-3.3-A4_1_2
If you answered no to question A4.1.1, is this because software firewalls are not installed by default as part of the operating system you are using?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.2 · Danzel-3.3-A4_2
When you first receive an internet router or hardware firewall device, it may have had a default password on it. Have you changed all the default passwords on your boundary firewall devices?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.2.1 · Danzel-3.3-A4_2_1
Please describe the process for changing your firewall password.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.3 · Danzel-3.3-A4_3
How is your firewall password configured?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.4 · Danzel-3.3-A4_4
Do you change your firewall password when you know or suspect it has been compromised?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.5 · Danzel-3.3-A4_5
Do you have a process to manage your firewall?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.6 · Danzel-3.3-A4_6
Have you reviewed your firewall rules in the last 12 months?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.7 · Danzel-3.3-FW-1
Are host firewalls enabled and configured to block unauthorized inbound network connections on supported endpoints?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.8 · Danzel-3.3-A4_8
Please describe how you approve and document your allowed inbound connections.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.9 · Danzel-3.3-A4_9
Are your boundary firewalls configured to allow access to their configuration settings over the internet?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.10 · Danzel-3.3-A4_10
If you answered yes in question A4.9, is there a documented business requirement for this access?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Host Firewall Enforcement NonCompliant
A4.11 · Danzel-3.3-A4_11
If you answered yes in question A4.9, is the access to your firewall settings protected by either multi-factor authentication or by only allowing trusted IP addresses combined with managed authentication to access the settings?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Device Group: Ceres Service Desks | Host firewall profile consistency | Firewall is enabled fleet-wide, but profile lock policy is not yet enforced on 4 legacy terminals. | 06/07/2026 19:58:58 +00:00 |
Unnecessary Software Remediation NonCompliant
A5.1 · Danzel-3.3-SC-2
Is unnecessary or unauthorized software identified and remediated in line with policy?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.2 · Danzel-3.3-SC-1
Are systems and identities configured to an approved secure baseline with unnecessary features disabled?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.3 · Danzel-3.3-A5_3
Have you changed the default password for all user and administrator accounts on all your desktop computers, laptops, thin clients, servers, tablets and mobile phones?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.4 · Danzel-3.3-A5_4
Do you run or host external services that provide access to data (that should not be made public) to users across the internet?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.5 · Danzel-3.3-A5_5
If yes to question A5.4, which authentication option do you use?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.6 · Danzel-3.3-A5_6
Describe the process in place for changing passwords on your external services when you believe they have been compromised.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.7 · Danzel-3.3-A5_7
When not using multi-factor authentication, which option are you using to protect your external service from brute force attacks?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.8 · Danzel-3.3-A5_8
Have you disabled any feature which allows automatic file execution of downloaded or imported files without user authorisation?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Secure Configuration Baseline NonCompliant
A5.9 · Danzel-3.3-A5_9
When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Unnecessary Software Remediation NonCompliant
A5.10 · Danzel-3.3-A5_10
Which method do you use to unlock the devices?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.1 · Danzel-3.3-A6_1
Are all operating systems on your devices supported by a vendor that produces regular security updates and vulnerability fixes?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.2 · Danzel-3.3-A6_2
Is all the software on your devices supported by a supplier that produces regular vulnerability fixes for any security problems?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.2.1 · Danzel-3.3-A6_2_1
Please list your internet browser(s).
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.2.2 · Danzel-3.3-A6_2_2
Please list your malware protection software.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.2.3 · Danzel-3.3-A6_2_3
Please list your email applications installed on end user devices and servers.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.2.4 · Danzel-3.3-A6_2_4
Please list all office applications that are used to create organisational data.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Unsupported Software Remediation NonCompliant
A6.3 · Danzel-3.3-A6_3
Are any of the in-scope software or cloud services unlicensed or unsupported?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Unsupported Software Remediation NonCompliant
A6.3.1/A6.6/A6.7 · Danzel-3.3-SUM-2
Is unsupported or end-of-life software identified and remediated with accountable ownership?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.4/A6.5 · Danzel-3.3-SUM-1
Are security updates applied within policy timelines for operating systems and applications?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.4.1 · Danzel-3.3-A6_4_1
Are all updates applied for operating systems by enabling auto updates?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.4.2 · Danzel-3.3-A6_4_2
Where auto updates are not being used, how do you ensure all high-risk or critical security updates and vulnerability fixes of all operating systems and firmware on firewalls and routers are applied within 14 days of release?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.5.1 · Danzel-3.3-A6_5_1
Are all updates applied on your applications by enabling auto updates?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Security Update Currency NonCompliant
A6.5.2 · Danzel-3.3-A6_5_2
Where auto updates are not being used, how do you ensure all high-risk or critical security updates of all applications are applied within 14 days of release?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.1 · Danzel-3.3-A7_1
Are your users only provided with user accounts after a process has been followed to approve their creation? Describe the process.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.2 · Danzel-3.3-A7_2
Are all your user and administrative accounts accessed by entering unique credentials?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.3 · Danzel-3.3-A7_3
How do you ensure you have deleted, or disabled, any accounts for staff who are no longer with your organisation?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.4 · Danzel-3.3-A7_4
Do you ensure that staff only have the access privileges that they need to do their current job? How do you do this?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.5 · Danzel-3.3-A7_5
Do you have a formal process for giving someone access to systems at an administrator level and can you describe this process?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.6 · Danzel-3.3-UAC-1
Are administrative accounts separate from standard user accounts and used only for administrative tasks?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.7 · Danzel-3.3-A7_7
How does your organisation prevent administrator accounts from being used to carry out everyday tasks like browsing the web or accessing email?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.8 · Danzel-3.3-A7_8
Do you formally track which users have administrator accounts in your organisation?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.9 · Danzel-3.3-A7_9
Do you review who should have administrative access on a regular basis?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.10 · Danzel-3.3-A7_10
Where you have systems that require passwords (or where passwords are a backup for a passwordless system), how are they protected from brute-force attacks?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.11 · Danzel-3.3-A7_11
Which technical controls are used to manage the quality of your passwords within your organisation?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.12 · Danzel-3.3-A7_12
Please explain how you encourage people to use unique and strong passwords.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Privileged Account Separation NonCompliant
A7.13 · Danzel-3.3-A7_13
Do you have a process for when you believe the passwords or accounts have been compromised?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
MFA for Privileged and Cloud Access NonCompliant
A7.14 · Danzel-3.3-UAC-2
Is multi-factor authentication enforced for privileged users and cloud service access?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
MFA for Privileged and Cloud Access NonCompliant
A7.15 · Danzel-3.3-A7_15
If you have answered no to question A7.14, please provide a list of your cloud services that do not provide any option for MFA.
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
MFA for Privileged and Cloud Access NonCompliant
A7.16 · Danzel-3.3-A7_16
Has MFA been applied to all administrators of your cloud services, excluding any listed in A7.15 that do not provide it?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
MFA for Privileged and Cloud Access NonCompliant
A7.17 · Danzel-3.3-A7_17
Has MFA been applied to all users of your cloud services, excluding any listed in A7.15 that do not provide it?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
No direct evidence records were returned for this requirement.
Endpoint Malware Protection NonCompliant
A8.1 · Danzel-3.3-MP-1
Is anti-malware protection enabled on supported devices with current signatures and active monitoring?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | NonCompliant | Devices: Ceres Cargo Terminals (7) | Endpoint AV signature currency | Signatures are outside policy freshness threshold. | 06/07/2026 20:04:58 +00:00 |
| M365-Demo | Compliant | Tenant: Ceres Support | Defender endpoint protection policy | Endpoint anti-malware protection healthy with no stale signatures. | 06/07/2026 19:10:58 +00:00 |
Malware Incident Handling NonCompliant
A8.2/A8.3 · Danzel-3.3-MP-2
Are malware detections investigated and resolved through a documented incident workflow?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | Partial | Endpoint Detection Queue: Cargo Terminals | Malware investigation workflow | Two detections are triaged but awaiting final closure notes. | 06/07/2026 19:53:58 +00:00 |
| HaloPSA-Demo | Partial | Incident Queue: Docking Kiosks | Malware triage and closure workflow | Three incidents remain open without closure evidence attachments. | 06/07/2026 19:35:58 +00:00 |
Endpoint Malware Protection NonCompliant
A8.4 · Danzel-3.3-A8_4
If Option B has been selected: where you use an app-store or application signing, are users restricted from installing unsigned applications?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | NonCompliant | Devices: Ceres Cargo Terminals (7) | Endpoint AV signature currency | Signatures are outside policy freshness threshold. | 06/07/2026 20:04:58 +00:00 |
| M365-Demo | Compliant | Tenant: Ceres Support | Defender endpoint protection policy | Endpoint anti-malware protection healthy with no stale signatures. | 06/07/2026 19:10:58 +00:00 |
Endpoint Malware Protection NonCompliant
A8.5 · Danzel-3.3-A8_5
If Option B has been selected: where you use an app-store or application signing, do you ensure users only install applications approved by your organisation and maintain that approved list?
Why this status: Demo profile shaping: this client is configured as fully non-compliant for scenario contrast.
Action hint: Prioritize remediation on failing controls and close associated incidents before the next reporting cycle.
| Source | Status | Device/System | Control | Reason | Observed |
|---|---|---|---|---|---|
| NinjaOne-Demo | NonCompliant | Devices: Ceres Cargo Terminals (7) | Endpoint AV signature currency | Signatures are outside policy freshness threshold. | 06/07/2026 20:04:58 +00:00 |
| M365-Demo | Compliant | Tenant: Ceres Support | Defender endpoint protection policy | Endpoint anti-malware protection healthy with no stale signatures. | 06/07/2026 19:10:58 +00:00 |
Informational Deep Dives
These controls are compliant or not applicable, but you can still expand each one for the evidence trail and open the related evidence view.