Compliance testing tools

Introduction

Depending on the type of business, compliance with regulations and standards has a huge impact on daily activities. There are many tools can help you to test for compliance with HIPAA, PCI-DSS, SOC 2, and others.

Usage

Compliance testing tools are typically used for compliance testing and IT audit.

Users for these tools include auditors, security professionals, system administrators.

Tools

Anchore (container analysis and inspection)

system hardening

Anchore is a tool to help with discovering, analyzing and certifying container images. These images can be stored both on-premises or in the cloud. The tooling is mainly focused on developer so that perform analysis on their container images. Typical actions include running queries, creating reports, or set up policies for a continuous integration and deployment pipeline.

Lynis (security scanner and compliance auditing tool)

IT audit, penetration testing, security assessment, system hardening, vulnerability scanning

Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for continuous improvement. For this reason, it requires to be executed on the host system itself and providing more details than the average vulnerability scanner.

Highlighted tools based on their strenghts

Some of the compliance testing tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.

» Easy to use = Lynis
» Low on requirements = Lynis

Other related categories: configuration audit tools, Linux security audit tools

Missing a favorite tool in this list? Share a tool suggestion and we will review it.