A walk-through of NSAuditor AI Enterprise Edition 0.19.4 running against fictional
AWS, Azure, and GCP accounts. EE 0.19.4 is the "Routing-Integrity
Hardening" cycle — no real finding or evidence-gap routes to zero
compliance controls. A build-time routing guard fails the build on
any marked gap that maps to zero controls; GuardDuty findings are de-duplicated; a
deferred-scope unmark across 8 plugins keeps in-scope verdicts honest; the
AWS-default VPC-endpoint full-access policy is down-rated CRITICAL → MEDIUM
with cross-framework routing (PCI 1.4.1 /
ISO A.8.22 /
CIS 12.2); and
SQS/SNS alarm-independence means alarm posture survives a
Get*Attributes deny.
PCI DSS Req 7.2.2 is honestly down-rated covered → partial — a QSA-flagged
overclaim — so the PCI matrix is now 19 covered / 9 partial / 39 OOS, backed
by IAM over-privilege detection.
Plugin count is UNCHANGED at 28; all six coverage matrices are UNCHANGED at
the count level. Paired CE 0.2.9 +
agent-skill 0.2.9. Still
shown live from the prior GCP false-negative hardening work: the GCS legacy-ACL public-exposure
surface the IAM-only check missed (plugin 1024), project-scope
serviceAccountKeyAdmin offline-impersonation
and custom-role actAs impersonation-path
detection (plugin 1025), and the 0.0.0.0/0
default-allow-ssh/rdp/icmp firewall lane (plugin 1021) — with
GCP IAM auditing now running under pure ADC (Application Default Credentials).
The page also shows per-account scanning (--env /
--aws-profile + sentinel-host auto-scoping),
the EE 0.17.0 --aws-region region scoping, and a
paired Azure scan with the plugin 1221 Azure NSG perimeter auditor.
Findings routed across six compliance framework control spaces —
SOC 2 AICPA TSC 2017 + HIPAA Security Rule §164.312 + NIST CSF 2.0 + PCI DSS v4.0.1 +
ISO/IEC 27001:2022 + CIS Critical Security Controls v8. Signed evidence artifacts per scan with
RFC 3161 trusted timestamps and SHA-256 chain-of-custody.
No real customer data was used — every account, resource, and finding on this page is synthetic.
Acme Corp's security engineer points NSAuditor at their AWS production account to get one hexa-framework evidence pack covering SOC 2 Type II readiness, HIPAA Security Rule §164.312 Technical Safeguards, NIST CSF 2.0 Subcategory coverage, PCI DSS v4.0.1 sub-requirements (MVP-67 density), ISO/IEC 27001:2022 Annex A across all 93 controls, AND CIS Critical Security Controls v8 across all 153 Safeguards (17 covered + 22 partial + 114 OOS across 18 Controls / 3 cumulative Implementation Groups) — in a single 4-minute scan. Each plugin emits findings once; the compliance engine routes them across all six framework control spaces.
# Acme audit engineer runs the full hexa-framework scan against AWS # EE 0.16.0 adds per-account scanning: --env <path> dotenv file, --aws-profile <name> named profile # and sentinel-host auto-scoping (--host aws + --plugins all → AWS-only plugins). Matrices UNCHANGED. # (EE 0.15.6 deepened plugin 1020 S3 with non-current-version ACL sampling + public WRITE-class grants.) $ export AWS_PROFILE=acme-prod-audit $ nsauditor-ai license --status ✓ Enterprise license active Org: audit@acmecorp.example Seats: 5 · Expires: 2027-05-07 nsauditor-ai (CE): 0.1.85 @nsasoft/nsauditor-ai-ee (EE): 0.16.0 (loaded) $ nsauditor-ai scan --host aws \ --plugins 1020,1023,1030,1040,1050,1060,1070,1080,1090,1100,1110 \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 \ --out ./acme-audit-evidence [plugin] AWS S3 Security Auditor (1020) ........... 6 findings [plugin] Zero Trust Assessment (1023) ............. 3 findings [plugin] AWS IAM Deep Auditor (1030) .............. 14 findings [plugin] AWS CloudTrail + CloudWatch (1040) ....... 5 findings [plugin] AWS API Gateway Assurance (1050) ......... 0 findings [plugin] AWS DynamoDB Audit Integrity (1060) ...... 12 findings [plugin] AWS KMS Auditor (1070) ................... 7 findings [plugin] AWS Lambda Security Auditor (1080) ....... 19 findings [plugin] AWS Secrets Exposure & Credentials (1090) 8 findings [plugin] AWS CodePipeline + CodeBuild (1100) ...... 0 findings [plugin] AWS IAM Effective Decrypt-Path (1110) .... 4 findings ✓ 78 findings emitted across 11 plugins (4m31s wall-clock) [compliance] routing 78 findings → 6 framework control spaces… ✓ SOC 2 AICPA TSC 2017 · 47 controls (10 covered + 4 partial + 33 OOS) ✓ HIPAA §164.312 · 55 controls (7 covered + 3 partial + 45 OOS) ✓ NIST CSF 2.0 · 106 Subcategories (13 covered + 10 partial + 83 OOS) ✓ PCI DSS v4.0.1 MVP-67 · 67 sub-requirements (19 covered + 9 partial + 39 OOS) ✓ ISO/IEC 27001:2022 · 93 Annex A controls (17 covered + 14 partial + 62 OOS) ✓ CIS Controls v8 · 153 Safeguards (17 covered + 22 partial + 114 OOS · IG1 23/56 · IG2 37/130 · IG3 39/153) [evidence] writing 62 artifacts (6 frameworks × 10 surfaces) + raw conclusions… ✓ ./acme-audit-evidence/aws_20260524_091331/ (62 files + RFC 3161 + SHA-256 sidecars)
# EE 0.14.0 adds the NEW dedicated Azure NSG perimeter auditor (plugin 1221) — the Azure analog of AWS 1170 (CC6.6) # EE 0.14.1 extends 1221 with a public-internet UDP restricted-port lane (SNMP/CLDAP/NTP/rpcbind/IPMI/Memcached — not just TCP) # alongside the storage auditor (1220); both orthogonal to the multi-purpose Azure scanner (1022) — no double-emission $ export CLOUD_PROVIDER=azure # + AZURE_TENANT_ID / AZURE_CLIENT_ID / AZURE_CLIENT_SECRET / AZURE_SUBSCRIPTION_ID $ nsauditor-ai scan --host azure \ --plugins 1022,1220,1221 \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 \ --out ./acme-azure-evidence [plugin] Azure Security Audit (1022) .................. 5 findings [plugin] Azure Storage Account Data-Protection (1220) 9 findings [plugin] Azure NSG Perimeter Auditor (1221) .......... 3 findings ✓ plugin 1221 (NEW): inbound rules evaluated in Azure priority order (first-match-wins; DenyAllInbound default) — all-protocol · public→restricted-port · ::/0 IPv6-wildcard · attachment-aware (attached → CRITICAL effective / orphaned → MEDIUM latent); non-overlapping-by-depth with 1022's flat NSG lint ✓ all six framework matrices UNCHANGED — substrate-depth uplift on already-covered perimeter controls (1221 → CC6.6)
Below are thirteen findings — nine from the AWS scan above plus four from the paired Azure scan:
three from the storage auditor (plugin 1220) and one from the Azure NSG perimeter auditor (plugin 1221).
The AWS set includes a NEW EE 0.15.6 S3 finding — a public ACL on a
non-current (overwritten) object version with a public WRITE-class grant —
picked to span the severity range and showcase the multi-framework routing. The
CC / §164.312 / PR.DS / 3.5 control badges show
which controls each finding routes to under each framework.
acme-legacy-assets/customer-export.csv is private on its current version, but a NON-CURRENT (overwritten) version carries a public AllUsers ACL — still downloadable at ?versionId=… — and the grant includes WRITE (world-writable)
ListObjectVersions path the current-object scan
never reaches. The current version of customer-export.csv is private — a current-object-only
scanner calls it clean. But someone once published it public-read-write, then "fixed" it
with a private overwrite; S3 keeps the old version, and it still serves to the anonymous internet at
?versionId=…. The auditor samples non-current versions on versioning-Enabled
AND Suspended buckets (Suspended still retains old versions — the exact silent-overwrite case),
skips delete-markers, and reads each with GetObjectAcl({Key, VersionId}); a public
AllUsers/AuthenticatedUsers grant emits CRITICAL riding the same
"publicly accessible" anchor as the bucket/object-ACL dims — so it routes to the identical
controls with zero new framework mappings. NEW in 0.15.4: the grant here is
WRITE-class (WRITE/WRITE_ACP/FULL_CONTROL), so the
finding adds "public WRITE-class access … – anyone can overwrite contents" — distinguishing
anyone-can-overwrite (defacement / supply-chain / malware-staging) from
anyone-can-download. Honoring the conservative-classifier principle, if the scanner role lacks
s3:ListBucketVersions or s3:GetBucketVersioning the version surface is NOT a
silent PASS — it degrades to a routed LOW evidence-gap (CC7.1 / §164.312(b)). Remediate: delete or
re-private the offending version, then enable Object Ownership BucketOwnerEnforced to make
ACL-based public access structurally impossible. All six coverage matrices UNCHANGED.
acmeprodsa01 allows plaintext HTTP (enableHttpsTrafficOnly=false) — data in transit is not encrypted
minimumTlsVersion=TLS1_0 (downgrade-attackable — MEDIUM,
CC6.7), allowSharedKeyAccess=true (bypasses Azure AD identity — MEDIUM, CC6.1), and
no infrastructure double-encryption (LOW, C1.1). Azure field-default discipline: an absent
allowSharedKeyAccess is treated as ENABLED, never a silent PASS. Remediate with
HTTPS-only + a TLS1_2 floor + Azure AD-only authorization. EE 0.13.3 deepened this auditor to seven dims,
adding blob recoverability (soft-delete + versioning — A1.2) and per-container anonymous
public-access detection (account-toggle-aware — a public container under allowBlobPublicAccess=true
is the Azure analog of a public S3 bucket; C1.1) via the secondary blob-service / container API paths.
acmepublicsa01 has 1 blob container (public-assets) with anonymous public access AND account-level allowBlobPublicAccess=true — EFFECTIVE exposure
blobContainers.list path the
account-level checks never reach. This account is hardened on every encryption / transit / auth dim,
so an account-level scan would call it clean — but the public-assets container is set to
publicAccess=Blob while the account toggle allowBlobPublicAccess=true is on,
making its blobs anonymous-internet-readable (the Azure analog of a public S3 bucket). The dim is
account-toggle-aware: had the toggle been false, Azure would override the
container to private and the finding would downgrade to MEDIUM (latent). Remediate: set the container
to publicAccess=None (or disable allowBlobPublicAccess account-wide).
acmeprodsa01 has blob soft-delete DISABLED (deleteRetentionPolicy.enabled=false) — deleted blobs are unrecoverable
blobServices.getServiceProperties
surface: this account has no blob soft-delete window, so an accidental, ransomware, or insider
Remove-AzStorageBlob is permanent — and blob versioning is off too, so an overwrite has no
prior-version recovery. An account fully hardened on the five encryption / transit / auth dims is still
one delete from data loss. A denied getServiceProperties read degrades to a LOW evidence-gap,
never a silent recoverability PASS. Remediate: enable blob soft-delete (≥7-day retention) + versioning.
(No PCI DSS routing — PCI v4.0.1 has no covered backup/recoverability sub-requirement in the engine's scope.)
acme-app-nsg permits TCP inbound from a public source (Internet) to restricted port(s) 22 (SSH), 3389 (RDP) — EFFECTIVE exposure (attached to 1 subnet)
DenyAllInBound default at priority 65500) per restricted
management/data-tier port — so a higher-priority Deny that actually neutralizes a permissive
Allow is resolved correctly, not blindly flagged. Here acme-app-nsg allows SSH (22)
and RDP (3389) from the Internet service tag with no overriding deny, and the NSG is
attached to acme-app-subnet — so this is an EFFECTIVE exposure
(CRITICAL). Had the NSG been orphaned (attached to no subnet/NIC), the same rule would downgrade to
MEDIUM (latent) — it applies to nothing until associated. The auditor also catches the
dimensions a flat per-rule lint misses: ::/0 IPv6-wildcard sources, all-protocol (*)
rules, and the 0.0.0.0/1 split-range internet-evasion. It is non-overlapping-by-depth with the
multi-purpose scanner's coarse NSG check — distinct source, distinct control (CC6.6), no double-emission.
Remediate: scope the source to the operator's bastion / VPN CIDR.
EE 0.14.1 adds a public-internet UDP restricted-port lane (Dim 2u/3u) to this same plugin — so public-source UDP management/amplification services (SNMP 161, CLDAP 389, NTP 123, rpcbind 111, IPMI 623, IKE 500, Memcached 11211) are no longer silently treated as benign, not just TCP. EE 0.15.2 further extends this plugin with +10 restricted UDP ports (RADIUS/L2TP/SIP/mDNS/RIP/XDMCP/chargen); all six coverage matrices unchanged. (The current build is EE 0.19.4 / 28 enterprise plugins — EE 0.15.0 added the NEW Azure Key Vault deep auditor, plugin 1222, taking the count 27 → 28; EE 0.16.0 adds per-account scanning via --env / --aws-profile; EE 0.17.0 makes the CloudTrail multi-region audit complete fast and fail closed over unreachable regions, plus --aws-region region scoping; EE 0.18.0 was a GCP false-negative hardening cycle — legacy-ACL public buckets, serviceAccountKeyAdmin + actAs impersonation paths, and the 0.0.0.0/0 firewall lane, all under pure ADC; EE 0.18.1 was GCP false-negative hardening II — split-range firewall full-IPv4 coverage, IAM impersonation-graph completeness, default-object-ACL public exposure, plus a fleet-wide CI guarantee the tool cannot issue a mutating cloud call across all 28 plugins; EE 0.18.2 makes those no-false-clean evidence-gaps visible end-to-end through the Claude Desktop / MCP transport across AWS, Azure, and GCP, plus a read-only-security hardening and the proprietary LICENSE/EULA now shipped in the package; EE 0.18.3 was GCP IAM + Azure Key Vault false-negative hardening III — an Azure Key Vault custom role granting only a narrow data-plane crypto/extraction verb (plugin 1222), the GCP IAM impersonation BFS fail-closing on depth-cap truncation (plugin 1025 H3), and the googleapis-SDK-absent path fail-closing the GCP IAM dims to compliance-routed evidence-gaps (plugin 1025 M2); EE 0.19.0 is "No silent false-clean" — a per-region evidence-gap across the forEachRegion fan-out with class-O routing to each source's native attested controls (208 additive anchors), four swallow→gap retrofits (AWS SQS/SNS, Azure Storage, GuardDuty, CloudTrail delivery-failure), two air-gapped / IAM criticals (offline CVE matcher distro/epoch fail-close + KMS root-delegation HIGH), and AI-enrichment target redaction through the content-scrubber; EE 0.19.1 is the "Confirmed false-negative batch" — seven gauntlet-confirmed cloud-auditor silent misses each closed test-first (RED→GREEN): IAM prefix-glob privilege-escalation + access-key hygiene (plugin 1030), wildcard-Principal SQS queue-policy at SNS parity (plugin 1150), air-gapped KMS CreateGrant/GenerateDataKey effective-decrypt (plugin 1130), versioned-bucket noncurrent-version disposal via read-only GetBucketVersioning (plugin 1120), deprecated + unknown Lambda runtime currency with no allowlist-by-exclusion fail-open (plugin 1080), GCP OIDC-impersonation + Workload-Identity-Federation-provider admin-equivalence parity (plugin 1025), and VPC-endpoint sensitive-action service-namespace matching (plugin 1160); EE 0.19.2 is the "Confirmed false-negative tail" — six more gauntlet-confirmed silent misses closed (the Tier-B continuation of 0.19.1), each TDD'd: an Azure Key Vault legacy access-policy 2-verb decrypt+unwrapKey envelope-decryption grant plus two titlePattern anchor-drifts that routed findings to zero controls and the closure of the drift detector (plugin 1222), a broad-but-not-full PUBLIC GCP firewall source range (e.g. 0.0.0.0/1) on SSH flagging HIGH with RFC1918/reserved discounted (plugin 1021), AWS KMS PendingDeletion keys now policy-audited because the deletion is reversible via kms:CancelKeyDeletion (plugin 1070), a CodePipeline sticky approval-latch requiring a per-production-stage gate (plugin 1100), a GCP Cloud Storage bucket-enumeration page-cap truncation evidence-gap class-O-routed to the source's native controls (plugin 1024), and a CloudTrail WriteOnly-selector data-events read-coverage caveat that no longer reads "data events enabled" (plugin 1040); EE 0.19.3 is the "MCP affordance + class-O truncation sweep" — the scan_cloud MCP tool description now enumerates the real per-service coverage so AI agents route service-named audit asks to the scanner instead of improvising shell commands, evidence-gap lines lead with the gap clause and carry the first actionable clause as a companion, truncation/AccessDenied evidence-gaps across eight AWS auditors fail-close their sources' native controls in all six frameworks (incl. the 1110 P-16 grant-bypass that previously failed no control), a new Azure NSG dimension flags restricted-port exposure to the tenant-rentable AzureCloud service tags (plugin 1221), Lambda inline-credential env-var names and the AWS_LAMBDA_ exclusion-prefix evasion bypass are closed (plugin 1080), and public-subnet Redis replication groups no longer silently downgrade (plugin 1180) — count UNCHANGED at 28, all six matrices unchanged at the count level; EE 0.19.4 is the "Routing-Integrity Hardening" cycle — no real finding or evidence-gap routes to zero compliance controls: a build-time routing guard fails the build on any marked gap that maps to zero controls, GuardDuty findings are de-duplicated, a deferred-scope unmark across eight plugins keeps in-scope verdicts honest, the AWS-default VPC-endpoint full-access policy is down-rated CRITICAL → MEDIUM with cross-framework routing (PCI 1.4.1 / ISO A.8.22 / CIS 12.2), and SQS/SNS alarm-independence means alarm posture survives a Get*Attributes deny, plus PCI DSS Req 7.2.2 honestly down-rated covered → partial (a QSA-flagged overclaim) so the PCI matrix is now 19 covered / 9 partial / 39 OOS backed by IAM over-privilege detection — count UNCHANGED at 28, all six matrices unchanged at the count level.)
acme-audit-store has neither PITR nor deletion protection enabled
DeleteTable API call vaporizes the table AND no continuous backup
exists to recover. Worst-case audit-the-auditor failure: the audit record itself is
not survivable. Enable both Point-in-Time Recovery (PI1.5 substrate) AND deletion
protection (C1.1 recoverability). Same finding routes to HIPAA §164.312(c)(1) Integrity
(ePHI must not be improperly altered or destroyed) and PCI DSS 3.5 (stored cardholder
data protection from loss).
bob (user) has effective kms:Decrypt on Resource:* via inline policy
Action:[*] on Resource:[*].
CC6.1 / C1.1 / CC6.3 blast-radius: principal can decrypt EVERY KMS key whose key policy
permits the principal — confidentiality blast-radius is account-wide for any
wildcard-permissive key policy. Replace Resource:* with specific key ARNs
+ apply a Permissions Boundary capping the effective key set. Routes to HIPAA §164.312(a)(1)
Access Control (ePHI encryption-key access boundary) and PCI DSS 7.2.1 (access control
by job function with least privilege).
acme-audit-store uses AWS-owned default encryption (no SSE-KMS customer-managed key)
acme-export-fn has public function URL with AuthType=NONE and resource-policy Principal:"*"
DB_PASSWORD and API_KEY in the runtime environment
variables, this is an exfiltration channel. CC6.6 (external-perimeter access controls)
and HIPAA §164.312(e)(1) (transmission security boundary) both fail. PCI DSS 1.4.2 (NSC
between trusted and untrusted networks) + 8.6.1 (interactive use restriction on accounts
used by systems) route the same finding. Apply IAM auth or VPC-private function URL.
aabbccdd-1111-2222-3333-444455556666 has a grant authorizing Decrypt to a principal with NO identity-policy grant for kms:Decrypt (Pacu P-16 stealth path)
arn:aws:sts::111122223333:assumed-role/acme-fixture-exec-role/acme-export-fn
— but that principal has NO identity-policy grant for kms:Decrypt. The grant
bypasses identity-policy enforcement entirely. The principal can recover plaintext from
data encrypted under this key without any IAM policy mentioning kms:Decrypt.
Pacu P-16 stealth path — auditor-detectable. Verify the grant is intentional + revoke
if the principal should not have decrypt capability on this key.
acme-db-creds has rotation DISABLED
secretsmanager:RotateSecret with a 30-day schedule.
aabbccdd-1111-2222-3333-444455556666 has automatic key rotation DISABLED
kms:EnableKeyRotation, or document the manual rotation procedure for auditor
walkthrough. PCI DSS 3.6.4 explicitly requires cryptographic key rotation at the end of
defined cryptoperiods + when key integrity is weakened — auditors require evidence of
rotation events, not just configuration.
acme-compliant-store has Point-in-Time Recovery (PITR) enabled
pass findings on COMPLIANT resources — these are the auditor's positive
evidence that the control IS operating, not just an absence of failures. A SOC 2 Type II
audit specifically requires evidence the control WAS in operation across the observation
period; pass-findings populate that evidence stream.
Each finding above appears in all six framework reports automatically. The plugin
emits the finding once; the compliance engine routes it across SOC 2 + HIPAA +
NIST CSF 2.0 + PCI DSS + ISO/IEC 27001:2022 + CIS Controls v8 control spaces in a single pass. This is the
one scan, six frameworks contract — no double-scanning, no double-billing
for AWS API calls, no risk of cross-framework drift.
The framework-routing rules live in data/compliance/{soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8}.json
and inherit from soc2.json's grep-verified plugin-emission pattern set per
the institutional inheritance-contract discipline. A finding pattern that doesn't appear
in soc2.json cannot leak through to the other five framework JSONs —
defended by automated anchor-drift tests at every release (including sharp doesNotMatch
cross-framework citation-leak regex defense; the CIS v8 mapping added 31 such tests in EE 0.13.0).
EE 0.18.1 closes five GCP false-negatives — exposures a previous build called clean (still live under EE 0.19.4). Acme's engineer
points NSAuditor at the GCP project acme-prod-3f8a1c and the same compliance engine routes
every GCP finding across all six framework control spaces. The headline misses now caught: a GCS bucket
public via a legacy ACL while uniform bucket-level access (UBLA) is
disabled — the surface the IAM-only check never read (plugin 1024); a project-scope
roles/iam.serviceAccountKeyAdmin binding that lets a principal
mint long-lived keys for ANY service account (offline impersonation,
plugin 1025); a custom role granting iam.serviceAccounts.actAs reached through a
serviceAccountTokenCreator edge — a transitive impersonation
path (plugin 1025); and the classic 0.0.0.0/0 default-allow-ssh/rdp/icmp firewall rules
(plugin 1021).
The 0.18.x client/auth fixes let the GCP IAM Project-Level Auditor (plugin 1025) read the
project IAM policy and run its service-account / impersonation dimensions (Dim 4-6) under
pure Application Default Credentials — no
GOOGLE_APPLICATION_CREDENTIALS key file and no
GOOGLE_IMPERSONATE_SERVICE_ACCOUNT required. A prior build failed the project-IAM read
(getIamPolicy is not a function) and silently skipped the impersonation graph; the
1021-client + 1025-adc fixes make
that surface real, and an API denial now degrades to an explicit evidence-gap verdict — never a silent
clean. All six coverage matrices are UNCHANGED — this is substrate-depth uplift on perimeter, access-control,
and data-protection controls already in scope.
# EE 0.18.1 hardens three GCP plugins against false-negatives — pure ADC, no key file # 1024 _auditLegacyAcls = the GCS legacy-ACL public surface the IAM-only check missed # 1025 K1 = project-scope serviceAccountKeyAdmin (offline impersonation) · K2 = actAs impersonation PATH # 1021 = 0.0.0.0/0 default-allow-ssh/rdp/icmp firewall rules. Matrices UNCHANGED. $ export CLOUD_PROVIDER=gcp # + GOOGLE_CLOUD_PROJECT_ID=acme-prod-3f8a1c (ADC: gcloud auth application-default login) $ nsauditor-ai scan --host gcp \ --plugins 1021,1024,1025 \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 \ --out ./acme-gcp-evidence [plugin] GCP Security Audit (1021) ................... 4 findings [plugin] GCP Cloud Storage Auditor (1024) ........... 1 finding [plugin] GCP IAM Project-Level Auditor (1025) ....... 2 findings ✓ 1025 ran Dim 4-6 under pure ADC — project-IAM read OK (no getIamPolicy error); impersonation graph built (BFS depth cap 4) ✓ 1024 walked the legacy-ACL surface (UBLA-disabled buckets) the account-level IAM check never reaches ✓ all six framework matrices UNCHANGED — substrate-depth uplift on perimeter (CC6.6) / access-control (CC6.1) / data-protection controls
The four GCP findings below span the severity range and showcase the EE 0.18.1 hardening. Each routes
across all six frameworks; the CC / §164.312 / PR / 3.3
control badges show the per-framework destination.
acme-public-assets is public via a LEGACY object ACL (allUsers:READER) while uniform bucket-level access (UBLA) is DISABLED — anonymous-internet readable
_auditLegacyAcls dimension walks the per-object / bucket legacy-ACL
surface the IAM-only check never read. With uniform bucket-level access disabled, GCS
still honors fine-grained legacy ACLs — and this bucket carries an allUsers (and
allAuthenticatedUsers-class) READER grant, making its objects
anonymous-internet readable (the GCP analog of a public S3 bucket). A scanner that only reads the
bucket's IAM policy (which here grants nothing public) calls it clean — a false negative. The fix is
UBLA-state-aware: had UBLA been enabled, legacy ACLs would be ignored by GCS and the
finding would not fire. Remediate: remove the allUsers/allAuthenticatedUsers
ACL grants, then enable uniform bucket-level access to make ACL-based public access structurally
impossible. Routes to CC6.6 (external-perimeter access) + CC6.1 + C1.1 and HIPAA §164.312(a)(1) Access
Control. All six coverage matrices UNCHANGED.
roles/iam.serviceAccountKeyAdmin to ci-deploy-sa — can mint long-lived keys for ANY service account in acme-prod-3f8a1c (offline impersonation)
roles/iam.serviceAccountKeyAdmin binding. That role can
create user-managed keys for every service account in the project — including the
privileged ones — and a downloaded key is a credential that works offline, indefinitely,
outside any session or Conditional-access boundary. So this binding is effectively
impersonate-anyone: the holder mints a key for a high-privilege SA and acts as it with no further
authorization step. The auditor treats project-scope key-admin as a CRITICAL privilege-escalation
primitive distinct from a direct sensitive-role grant (Dim 2). Remediate: remove the project-level
serviceAccountKeyAdmin binding, scope key administration to specific SAs only if truly
required, and prefer short-lived credentials (workload identity / impersonation with conditions) over
downloadable keys. Routes to CC6.1 + CC6.3 and HIPAA §164.312(a)(1) Access Control.
acme.batchOperator grants iam.serviceAccounts.actAs, reached by data-export-sa via a serviceAccountTokenCreator edge → impersonation PATH to backup-runner-sa
acme.batchOperator includes the bare permission
iam.serviceAccounts.actAs (not the named roles/iam.serviceAccountUser, so a
role-name-only check misses it), and data-export-sa reaches the privileged
backup-runner-sa through a roles/iam.serviceAccountTokenCreator edge — a
transitive impersonation path, not a direct grant. The finding emits the resolved path
so an auditor can trace the escalation hop-by-hop. The graph is built only because the project-IAM read
now succeeds under pure ADC (a prior build skipped it). Remediate: remove
iam.serviceAccounts.actAs from the custom role or break the
tokenCreator edge; prefer scoped, conditioned impersonation. Routes to CC6.1 + CC6.3 and
HIPAA §164.312(a)(1).
default-allow-ssh / default-allow-rdp / default-allow-icmp permit ingress from 0.0.0.0/0 to tcp:22, tcp:3389, and icmp:all
default-allow-ssh opens
tcp:22 (credential brute-force + lateral-movement pathway), default-allow-rdp
opens tcp:3389 (a primary ransomware / credential-attack vector), and
default-allow-icmp opens icmp:all (reconnaissance + DoS). Each is rated
CRITICAL. These bypass network-segmentation principles and expose management surfaces
to the entire internet. Remediate: delete the default-allow rules (or scope their source ranges to the
operator's bastion / VPN CIDR) and replace with least-privilege ingress. Routes to CC6.6
(external-perimeter access controls) + HIPAA §164.312(a)(1) + PCI DSS 1.2.1/1.3.1/1.4.1.
A false positive wastes an analyst's time; a false negative ships a "you're secure" verdict over a
live hole. EE 0.18.1's GCP cycle closes four such holes — the legacy-ACL public bucket (1024), the
project-scope key-admin impersonation primitive and the transitive actAs path (1025), and
the IAM read that previously failed shut (the 1021-client / 1025-adc fixes) — and routes each to the
producing source's own native controls, never a mirror. The one scan, six frameworks
contract holds for GCP exactly as it does for AWS and Azure: each plugin emits once; the compliance
engine fans the finding across SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS + ISO/IEC 27001:2022 +
CIS Controls v8. All six matrix counts are UNCHANGED.
Each framework defines its own control universe + sub-categorization + audit discipline. The matrix counts below show how the same 76 plugin-emitted findings populate each framework's in-scope control set, with the remainder explicitly labeled out-of-scope (architecturally not addressable by infrastructure scanning, paired with the named non-engine evidence streams operators need).
CC6.1 · CC6.3 · CC6.6 · CC7.1 · CC7.2 · CC8.1 · C1.1 · PI1.5. OOS architectural: physical-datacenter controls, vendor management, change-management process evidence. Pair with operator-side change-management trail.
§164.312(a)(1) · §164.312(a)(2)(iv) · §164.312(b) · §164.312(c)(1) · §164.312(d) · §164.312(e)(1). 45 OOS = entire §164.308 Administrative + §164.310 Physical Safeguards (architecturally OOS for any cloud-tenant scanner). Pair with HRIS + facility access logs.
PR.AA-01 · PR.AA-05 · PR.DS-01 · PR.DS-11 · PR.IR-01 · DE.CM-01 · DE.CM-09. 83 OOS by-design: entire Govern function (policy/strategy) + entire Respond function (IR runbook execution) + Implementation Tiers 1-4 (organizational maturity). Pair with TPRM + IR platform.
1.2.1 · 3.5.1.2 · 3.6.4 · 7.2.1 · 7.2.4 · 8.3.10.1 · 8.6.1 · 10.2.1. 39 OOS: Req 3 stored-CHD attestation + Req 5 anti-malware + Req 9 physical + Req 11 ASV/pen-test + Req 12 governance. Pair with QSA-aware GRC + ASV.
A.5.15 · A.5.17 · A.5.18 · A.5.23 ⭐NEW · A.8.2 · A.8.5 · A.8.9 ⭐NEW · A.8.13 · A.8.16 ⭐NEW · A.8.20 · A.8.24. 62 OOS by-design: ISMS Clauses 4-10 entirely (7 Major Nonconformity classes — absence of Clause 9.2 internal audit or Clause 9.3 management review = auto-fail Stage 2) + Theme A.6 People (HR system) + Theme A.7 Physical (cloud-provider ISO 27001:2022 Certificate inheritance for cloud-hosted). Pair with ISO-aware GRC (Drata ISO 27001 / Vanta ISO 27001 / AuditBoard / OneTrust ISMS / Secureframe). Statement of Applicability per Clause 6.1.3.d discipline + 5-attribute taxonomy + 2013-to-2022 transition discipline (deadline October 31, 2025 passed).
2.2 · 3.3 · 3.10 · 3.11 · 4.4 · 5.1 · 5.4 · 6.3 · 6.5 · 7.5 · 8.2 · 11.2 · 11.3 · 11.4 · 12.2 · 13.1. Implementation Group cumulative discipline — engine substrate evidences IG1 23-of-56 (the cyber-insurance baseline; ~50-70% of mid-market policies require IG1 attestation) / IG2-cumulative 37-of-130 / IG3-cumulative 39-of-153; the remainder are operator-side process/endpoint artifacts. NEVER report IG2 as 74-of-74 in isolation — the IG1 base must be intact before any IG2/IG3 claim. 114 OOS by-design: Control 14 Security Awareness Training (LMS) + Control 17 Incident Response + Control 18 Penetration Testing + Control 10 Malware Defenses (endpoint EDR) entirely. No-certification-body attestation — this is INPUT to your CSAT / CIS-CAT Pro self-attestation or a SOC 2 auditor cross-validating CIS scope, never "CIS certified." Cloud Companion Guide v8 + CIS-Hardened-Image credit (4.1/4.2/4.6) + 5 Security Functions (NOT 6 — no Govern) + MS-ISAC/EI-ISAC/H-ISAC sector baselines.
The fourth framework, introduced in EE 0.11.0 and now joined by ISO/IEC 27001:2022 as the
fifth in EE 0.12.0, ships sub-requirement-level mapping per the PCI SSC RoC Reporting Template
Appendix B (NOT Requirement-level, which would hide gap structure). Every covered + partial
control carries four institutional schema enrichments designed to defend against the
QSA-detectable overclaim patterns surfaced by the audit-pci-dss-qsa-perspective
adversarial-audit skill.
Per Appendix E of PCI DSS v4.0.1, fifteen sub-requirements explicitly disallow the Customized
Approach. The engine carries approachEligibility: 'defined-only' +
customizedApproachObjective: null on each, with positive-defense tests asserting
every Appendix-E ID appears in the framework JSON. Misclassifying a Defined-only sub-req as
Customized-eligible is the PCI analog of HIPAA's "Addressable as Required" overclaim — block.
# 15 Defined-only sub-requirements — Customized Approach not permitted 3.2.1 PAN retention limited 3.3.1 SAD not retained after authorization (full track data) 3.3.2 SAD not retained — CAV2/CVC2/CVV2/CID 3.3.3 SAD not retained — PIN/PIN block 4.2.1.1 Trusted keys/certificates inventory 4.2.2 PAN secured via end-user messaging technologies 4.2.2.1 PAN-via-end-user-messaging policy 8.2.1 Unique user IDs 8.2.5 Terminated user access immediately revoked 11.3.2 External vulnerability scans by ASV 11.5.2 Payment-page tamper detection (Magecart) 11.6.1 Payment-page script integrity / change-detection 12.3.1 Targeted Risk Analysis methodology 12.3.2 Customized Approach Documentation 12.8.5 TPSP Responsibility Matrix 12.10.4 Incident-response personnel training
The engine cannot determine Cardholder Data Environment scope from infrastructure
scanning alone. Requirements 3 + 4 + 5 + 9 + 12 all gate on operator's CDE Data Flow
Diagram per Req 1.2.4 + Req 12.5.1. The rendered PCI DSS report surfaces this as a
cover-page disclaimer; per-control findings carry cdeScopeCaveat when the
operator has not tagged the in-scope resources.
Pair the engine with a QSA-aware GRC (Drata PCI / Vanta PCI / AuditBoard PCI / OneTrust GRC / ServiceNow IRM) that handles the CDE Data Flow Diagram, vendor TPSP Responsibility Matrices (Req 12.8.5), and the PCI DSS RoC Reporting Template assembly. The engine produces the substrate-evidence package; the GRC + QSA produce the RoC.
Every hexa-framework scan emits 62 evidence files plus the raw scan-conclusion artifacts. Each framework gets the same six surfaces — three report formats (Markdown + HTML + JSON) plus three integrity surfaces (TSA-signed attestation + chain-of-custody manifest + SHA-256 sidecar). All cryptographically bound so an auditor can verify the artifact set hasn't drifted from the scan event that produced it.
scan_compliance_{soc2,hipaa,nist-csf,pci-dss,iso-27001}.{md,html,json} — 15 files
total. Markdown for human review + check-in to evidence repo. HTML for sharing with
auditors + executive summary. JSON for GRC ingestion + machine-readable diffing.
scan_attestation_{framework}.json — RFC 3161 timestamp signature from
DigiCert (or operator-configured TSA via COMPLIANCE_TSA_URL) proving the
scan output existed at a specific point in time. Air-gappable for high-security
deployments per [[hipaa_air_gap_attestation]].
scan_chain_of_custody_{framework}.json — tamper-evident lineage from the
AWS event that produced each finding, through the scanner, to the evidence file. Each
step carries a timestamp + hash so an auditor can trace any single finding back to its
source system event.
.sha256 per evidence artifact (25 across all 5 frameworks plus raw conclusions).
Allows downstream consumers to verify file integrity without re-running the scan.
scan_conclusion_raw.{json,html} — network-scan substrate.
Used by the continuous-monitoring mode (--watch) to surface only new
findings since the prior scan.
# Install the trio (CE is the free runtime; EE adds the 28 plugins + 6 frameworks) $ npm install -g nsauditor-ai@latest nsauditor-ai-agent-skill@latest \ @nsasoft/nsauditor-ai-ee@latest # Activate Enterprise license (purchase at https://www.nsauditor.com/ai/pricing/) $ nsauditor-ai license install enterprise_eyJhbGciOiJFUzI1NiIs... ✓ Enterprise license active — 5 seats — expires 2027-05-07 # Run the same hexa-framework scan against your own AWS account $ nsauditor-ai scan --host aws \ --plugins 1020,1023,1030,1040,1050,1060,1070,1080,1090,1100,1110 \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 \ --out ./my-audit-evidence # Or just the newest framework, if you only care about CIS Controls v8 $ nsauditor-ai scan --host aws --plugins all --compliance cis-v8
--env and --aws-profile (NEW in EE 0.16.0)
EE 0.16.0 adds two CLI flags for per-scan account selection — no shell re-export or wrapper script needed.
Pass a dotenv credentials file with --env <path>, or select a named AWS profile with
--aws-profile <name>. License is resolved independently of --env.
A missing --env file is a hard error (fail-fast, never a silent skip). Passing an INI-format
file (e.g., ~/.aws/credentials) to --env is detected and redirected to
--aws-profile with a clear diagnostic. When --host aws|gcp|azure is combined
with --plugins all, only that cloud's plugins run — other clouds are skipped and logged
(sentinel-host auto-scoping; explicit --plugins lists are unaffected).
# ── Option A: dotenv credentials file (KEY=VALUE) ────────────────────────────── # --env loads the file for this scan only; credentials are NOT written to shell env # A missing file is a hard error. INI/~/.aws/credentials format → redirected to --aws-profile $ nsauditor-ai scan --host aws \ --env ~/envs/prod.env \ --compliance soc2 # ── Option B: named AWS profile from ~/.aws/credentials ──────────────────────── # --aws-profile clears any stale explicit keys; AWS_SDK_LOAD_CONFIG=1; implies CLOUD_PROVIDER=aws $ nsauditor-ai scan --host aws \ --aws-profile prod \ --compliance soc2 # ── GCP example: ADC via dotenv (GOOGLE_APPLICATION_CREDENTIALS path) ────────── $ nsauditor-ai scan --host gcp \ --env ~/envs/gcp-prod.env \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 # ── Sentinel-host auto-scoping: --host aws + --plugins all → AWS-only plugins ── # GCP / Azure plugins are skipped + logged; explicit --plugins lists are unaffected $ nsauditor-ai scan --host aws \ --aws-profile prod \ --plugins all \ --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 \ --out ./prod-evidence Cloud host 'aws' → running 20 AWS plugin(s); skipping 35 non-aws plugin(s) (other clouds + non-cloud). ✓ 20 plugins · 76 findings (4m12s) — GCP/Azure + non-cloud plugins not loaded (sentinel-host auto-scope) # ── Scope by AWS region: --aws-region <one|csv|all> (new in EE 0.17.0) ───────── # Regional auditors fan out across every in-scope region; S3 resolves each bucket's own region. $ nsauditor-ai scan --host aws --plugins all \ --aws-region us-east-1,eu-west-1,ap-southeast-2 \ --compliance soc2 # --aws-region all = every account-enabled region. No flag = one region (unscanned regions disclosed). # Precedence: --aws-region › AWS_REGION › single-region default. Unknown region code fails fast.
An audit scanner has two failure surfaces: what it misses, and what it finds but routes to
zero controls — the newest cycle closes the second class structurally, and it adds no new framework.
(1) a build-time routing guard now fails the build on any marked finding or evidence-gap that
maps to zero compliance controls — so a real exposure can never again be surfaced yet routed nowhere;
(2) GuardDuty findings are de-duplicated so the same detector hit is not double-counted across
controls; (3) a deferred-scope unmark across eight plugins keeps in-scope verdicts honest
instead of stranding them as deferred; (4) the AWS-default VPC-endpoint full-access policy is
down-rated CRITICAL → MEDIUM — the default is permissive but not an active exposure — with
cross-framework routing to PCI 1.4.1 / ISO A.8.22 / CIS 12.2;
(5) SQS/SNS alarm-independence means alarm posture survives a Get*Attributes
deny instead of false-cleaning; and (6) PCI DSS Req 7.2.2 is honestly down-rated covered →
partial — a QSA-flagged overclaim corrected — backed by IAM over-privilege detection.
Each finding and gap routes to its producing source's own native controls — no
mirror, no overclaim — via additive class-O routing anchors on already-covered controls. The plugin count
is UNCHANGED at 28 and all six coverage matrices are UNCHANGED at the count level (10/4/33 SOC 2 ·
7/3/45 HIPAA · 13/10/83 NIST CSF · 19/9/39 PCI DSS · 17/14/62 ISO 27001 · 17/22/114 CIS v8). It builds on
the prior EE 0.19.3 "MCP affordance + class-O truncation sweep" cycle (the scan_cloud MCP tool
description made a routing surface, evidence-gap lines leading with the gap clause, truncation/AccessDenied
evidence-gaps across eight AWS auditors fail-closing their native controls incl. the 1110 P-16 grant-bypass,
a new Azure NSG AzureCloud service-tag dimension, Lambda inline-credential env-var names + the AWS_LAMBDA_
exclusion-prefix evasion bypass closed, and a public-subnet Redis replication group no longer silently
downgraded)
and the EE 0.18.1 GCP false-negative hardening II depth pass, whose fixes are still live:
plugin 1024 _auditLegacyAcls reads the GCS legacy-ACL public surface a UBLA-disabled
bucket still honors; plugin 1025 K1/K2 flag the project-scope
roles/iam.serviceAccountKeyAdmin offline-impersonation primitive and transitive
iam.serviceAccounts.actAs paths via serviceAccountTokenCreator edges; and the
1021-client / 1025-adc fixes keep GCP IAM auditing running under pure ADC with a denial degrading
to an explicit evidence-gap verdict, never a silent clean.
soaApplicability
(always-applicable / risk-based-applicable / excludable-with-justification) — engine
produces substrate for INCLUDED controls; SoA inclusion/exclusion is operator-side per
Clause 6.1.3.d. Renderer surfaces a SoA-pairing prompt + ISMS Management-System Clauses
4-10 OOS-by-design disclaimer with the 7 Major Nonconformity classes enumerated
(absence of internal audit per Clause 9.2 or management review per Clause 9.3 = auto-fail
Stage 2 — the most-frequent first-time certification failure mode).
cloudProviderAttestation
referencing current AWS / Azure / GCP ISO/IEC 27001:2022 Certificates. The renderer
aggregates this per-control field into a Cloud-Provider Certificate Inheritance Matrix
surfacing on the cover page (markdown + HTML parity) — same data-shape as the PCI DSS
Req 12.8.5 TPSP matrix from the EE 0.11.1 cycle but with ISO-canonical framing per
Clause 4.3 ISMS scope + A.5.23 Cloud services + A.5.19-A.5.22 supplier relationships.
audit-iso-27001-2022-statement-of-applicability
(705 lines / 5 files) via /skill-creator — the 6th adversarial-audit skill in the
Phase-4 chain. 17 ship-blocker classes surfaced at P0 synthesis + closed PRE-author
via schema/renderer/test/doc enrichments. Pattern now validated through 5 successful
framework-cycle applications (SOC 2 EE 0.9.3 + HIPAA EE 0.9.4 + NIST CSF EE 0.10.0
retroactive + PCI DSS EE 0.11.0 + ISO 27001 EE 0.12.0).
(source, titlePattern) pair in iso-27001.json /
pci-dss.json / hipaa.json / nist-csf.json MUST
also exist in soc2.json (defended by
tests/*_mapping_anchor_drift.test.mjs). EE 0.12.0 P5 reviewer pass added
sharp doesNotMatch regex defense across 4 non-ISO frameworks × 7 standard
slots = 28 paired assertions — closes the reverse-leak gap and structurally prevents
ISO Annex A codes from leaking into any non-ISO framework report.