search

Compliance Mapping

hashtag
Purpose

This report adds a compliance lens to scan data:

  • PCI-focused metrics (when PCI Vuln is present in the export)

  • deterministic mapping to control domains (program prioritization)

  • optional crosswalk into other frameworks via LLM (suggested mappings)

hashtag
Output

  • Per scan: output/<scan_name>/compliance.html

Optional model artifact (only when metadata export is enabled):

  • output/<scan_name>/compliance_model.json

Model JSON is written when notifications.include_run_metadata: true.

hashtag
How to generate

CLI
miyabi-qualys-ai-triage-pack run --config config/config.yaml

hashtag
Configuration

Enable/disable:

  • reports.compliance.enabled: true|false

UI options:

  • reports.compliance.ui.enable_filters

  • reports.compliance.ui.default_sort

  • reports.compliance.ui.expand_sections_by_default

  • reports.compliance.ui.max_rows_render

LLM crosswalk (guardrailed / JSON-only):

  • reports.compliance.llm.enabled

  • reports.compliance.llm.frameworks_enabled

  • reports.compliance.llm.strict_json_only

  • reports.compliance.llm.model

  • reports.compliance.llm.max_items_for_llm

hashtag
Data sources (Qualys CSV fields)

Primary:

  • PCI Vuln (for PCI lens)

  • Category, Title, Solution, CVE ID (for deterministic control-domain heuristics)

  • Severity, asset scope via host identifiers (FQDN/DNS/NetBIOS/IP)

circle-info

LLM behavior (when enabled)

  • Generates suggested framework mappings (not a certification verdict).

  • Output must be interpreted as recommendations requiring validation by compliance owners.

circle-exclamation

Limitations

  • If the export does not include PCI Vuln, the “PCI lens” becomes limited or unavailable.

  • The crosswalk is a convenience layer; it does not replace a formal audit.

PreviousLifecycle & ObsolescenceNextTrend Dashboard