⚠️ JavaScript Required

Hey, you NEED JavaScript for this application to work properly.

RiskTape is a modern web application that requires JavaScript to deliver secure, real-time compliance management features. Please enable JavaScript in your browser settings and reload the page.

‹ Back to Diagnose

Compliance / detail

ACME Corp

PCI-DSS v4.0

Fines + losing the ability to process cards.

Maturity score

68 C

Controls implemented

50/ 70

Open gaps

5

Last assessed

5 days ago

Requirement groups

4

Build & maintain secure networks R1–2

82

18/22

On track

Protect account data R3–4

71

9/13

Watch

Strong access control R7–9

58

11/19

At risk

Monitor & test networks R10–11

74

12/16

Watch

Control status

70controls

Implemented 50

In progress 14

Not started 6

Recent activity

R8.4

MFA for all access into the CDE

Open — finding f-mfa

1d

R1.3

Network segmentation evidence

Pending QSA review

4d

Open gaps affecting this framework

MFA not enforced for privileged cloud access

A single phished admin = card-data + PHI access. This is the control PCI and FedRAMP assessors test first.

Quarterly access reviews are 9 months overdue

Stale access is the finding that fails a SOC 2 audit and undermines every other attestation you sign.

Open →critical

Unpatched critical CVE-2026-3148

A CISA-KEV critical on a Kubernetes node, past the PCI 30-day patch window.

Dormant privileged account active

A privileged service account idle 207 days still holds directory rights — a lateral-movement path.

Open →moderate

TLS 1.0 enabled on edge firewall

Deprecated TLS negotiated for a legacy partner link; compensating control in place.