There are fundamental data and knowledge that shouldn't be missed when representing compliance control;
- The name of the control
- Generic knowledge defining the compliance control category in detail
- Current status of the control, is it Failed, Passed or Inconclusive or in a status of Recheck?
- The asset that has the compliance control
- Specific details of the compliance control
- Helpful mitigation techniques
- Current status of the vulnerability.
- Standard references
- Which other assets have this same control category
With the data comes the knowledge and it's important to show it eminently. All these details, as shown in the figure above and more can be seen clicking Compliance Control Details icons listed next to every listed compliance control.