⚠️ JavaScript Required

Hey, you NEED JavaScript for this application to work properly.

RiskTape is a modern web application that requires JavaScript to deliver secure, real-time compliance management features. Please enable JavaScript in your browser settings and reload the page.

‹ Back to Diagnose

Compliance / detail

ACME Corp

FedRAMP Moderate

No authorization, no federal business.

Maturity score

52 D

Controls implemented

162/ 325

Open gaps

2

Last assessed

11 days ago

Control families

4

Access Control AC

49

17/35

At risk

Identification & Auth IA

44

8/18

At risk

Audit & Accountability AU

68

11/16

Watch

System & Comms Protection SC

57

20/35

At risk

Control status

325controls

Implemented 162

In progress 41

Not started 122

Recent activity

IA-2(1)

MFA for privileged accounts

Blocks ATO — finding f-mfa

2d

AC-2(3)

Disable inactive accounts

Open — finding f-access

7d

Open gaps affecting this framework

MFA not enforced for privileged cloud access

A single phished admin = card-data + PHI access. This is the control PCI and FedRAMP assessors test first.

Quarterly access reviews are 9 months overdue

Stale access is the finding that fails a SOC 2 audit and undermines every other attestation you sign.