Compliance

Connected

Compliance Mapping

Findings auto-mapped to control frameworks · Apex-Corp Q2 Pentest

Framework

SOC 2 Type II

5 trust service criteria

Coverage

67 %

Mapped findings

66 of 181

across 24 controls

Untested controls

12 gaps

no finding coverage

CC1

Control Environment

72%

18 / 25 controls covered

CC6

Logical & Physical Access

41%

11 / 27 controls · gaps

CC7

System Operations

85%

17 / 20 controls covered

CC8

Change Management

22%

4 / 18 controls · major gaps

CC9

Risk Mitigation

58%

14 / 24 controls covered

Control Mappings

Control	Description	Findings	Status	Severity Mix
CC6.1	Logical access security controls	14	Non-compliant	3c4h7m
CC6.6	Logical access protection from external threats	8	Partial	2h6m
CC6.7	Transmission and movement of information	5	Compliant	3m2l
CC6.8	Prevent / detect unauthorized software	0	Untested	—
CC7.1	System monitoring for security events	11	Compliant	4m7l
CC8.1	Authorization of changes to infrastructure	3	Non-compliant	1c2m