Compliance testing tools
Introduction
Depending on the type of business, compliance with regulations and standards has a huge impact on daily activities. There are many tools can help you to test for compliance with HIPAA, PCI-DSS, SOC 2, and others.
Usage
Compliance testing tools are typically used for IT audit and compliance testing.
Users for these tools include auditors, security professionals, system administrators.
Tools
Highlighted tools
Some of the compliance testing tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.
Popular compliance testing tools
Anchore Engine (container analysis and inspection)
system hardening
Anchore is a tool to help with discovering, analyzing and certifying container images. These images can be stored both on-premises or in the cloud. The tooling is mainly focused on developer so that perform analysis on their container images. Typical actions include running queries, creating reports, or set up policies for a continuous integration and deployment pipeline.
Lynis (security scanner and compliance auditing tool)
IT audit, penetration testing, security assessment, system hardening, vulnerability scanning
Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.
OpenSCAP (suite with tools and security data)
security assessment, vulnerability scanning
Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
Other related categories: Linux security audit tools, configuration audit tools
Missing a favorite tool in this list? Share a tool suggestion and we will review it.