Network administrators often implement compliance checks within the networks they administer in order to ensure that certain measures, such as measures to improve security and/or to satisfy private and/or government regulations, are active. For example, if a particular software application includes a vulnerability that enables unauthorized access to files, administrators may implement a security measure within a network in order to block execution of the software application on network devices. In this example, the administrators may also implement a compliance check within the network in order to ensure that the security measure is active.
Similarly, administrators may implement various measures within the networks they administer in order to ensure compliance with public and/or private regulations, such as Sarbanes-Oxley regulations (SOX) (which require, among other things, maintenance of an audit trail that accurately records security events), Health Insurance Portability and Accountability Act (HIPAA) regulations (which limit the manner in which organizations can disclosure Protected Health Information), and/or the Payment Card Industry Data Security Standard (PCI DSS) (which places controls on the use of credit card information in order to prevent fraud). In these examples, administrators may also develop and implement various compliance checks in order to ensure that these measures are active.
As the number of compliance checks and compliance standards implemented within a network grows, management of the same may become increasingly difficult. In particular, separate groups within the same organization may diverge, over time, regarding the compliance checks and compliance standards that the different groups use. For example, an order-processing group may implement compliance checks to satisfy the PCI DSS, even when other groups within the organization fail to implement these checks. Similarly, one group within the organization may have identified a security breach, implemented a security measure to address the breach, and implemented a compliance check to ensure that the security measure is active. Other groups within the organization may, however, remain unaware of the security breach, the security measure, and/or the associated compliance check.