1. Configuration Compliance Scanners
   1. Software used to scan a system for compliance with a set of standardized rules and regulations, and report any shortcomings.
   2. Compliance is checked through an auditing system.
2. Common Compliance Regulations and Guides
   1. BASEL II
   2. Center for Internet Security Benchmarks (CIS)
   3. Control Objectives for Information and related Technology (COBIT)
   4. Defense Information Systems Agency (DISA) STIGs
   5. Federal Information Security Management Act (FISMA)
   6. Federal Desktop Core Configuration (FDCC)
   7. Gramm-Leach-Bliley Act (GLBA)
   8. Health Insurance Portability and Accountability Act (HIPAA)
   9. ISO 27002/17799 Security Standards
   10. Information Technology Information Library (ITIL)
   11. National Institute of Standards (NIST) configuration guidelines
   12. National Security Agency (NSA) configuration guidelines
   13. Payment Card Industry Data Security Standards (PCI DSS)
   14. Sarbanes-Oxley (SOX)
   15. Site Data Protection (SDP)
   16. United States Government Configuration Baseline (USGCB)
   17. Various State Laws (e.g., California’s Security Breach Notification Act - SB 1386)
3. Examples
   1. Nessus
   2. Tripwire
4. https://docs.tenable.com/nessus/compliancechecksreference/Content/Resources/PDF/NessusComplianceChecksReference.pdf