← Back to Home
01 · Expose · 02 · Eliminate · 03 · Enforce

Compliance
Reporting.
The evidence is already there.

Audit preparation used to mean weeks of pulling logs, cross-referencing spreadsheets, and hoping nothing was missed. ConsoleWorks generates compliance evidence continuously — as a byproduct of every measurement cycle, every session, every remediation action. When the auditor asks, you run the report. You don't assemble it.

Request a DemoSee How It Works
100+
Frameworks mapped automatically — NERC CIP, NIST, IEC 62443, TSA, SOC 2, ISO 27001, and more
Zero
Manual assembly — evidence accumulates automatically on every measurement cycle
On
Demand
Or scheduled — run any report any time, or set a schedule and let it run automatically
Any
Time period, framework, or asset scope — reports are fully configurable to the question being asked
Common question — At a glance

How do you generate audit-ready compliance reports for NERC CIP, NIST 800-82, IEC 62443, NIS2, and TSA Security Directives from a single OT evidence base — without manually assembling evidence for each audit cycle?

Compliance Reporting generates audit-ready reports across NERC CIP, NIST 800-82, IEC 62443, NIS2, TSA Security Directives, NIST CSF, SOC 2, and customer-defined frameworks — drawn from evidence ConsoleWorks has already accumulated across the measurement cycle. The auditor arrives, you run the report; no manual evidence assembly.

Where This Picks Up

Continuous Measurement ran.
Every cycle produced a record.
Compliance Reporting is what you do with it.

Every measurement cycle produces a timestamped Pass/Fail record per asset per question — mapped to SCF controls and automatically crosswalked to your frameworks. Every SRA session produces a full session record tied to a verified identity. Every remediation produces a chain from failure to confirmed closure.

Compliance Reporting is the interface to that record. Select the framework, the time period, the asset scope. Run on demand or on a schedule. The evidence is already there — it accumulated automatically while the platform was doing everything else.

Not assembled — already there
Evidence accumulates on every cycle as a byproduct of measurement running. No one collects it. It's there when you need it.
On demand or scheduled
Run a report any time, or set a schedule. Either way the underlying evidence is continuous — the report is just a view into it.
Traceable to source
Every number in every report traces back to a specific measurement, a specific asset, a specific cycle. Not an estimate. The actual data.
100+ frameworks — one set of measurements
Configure your Measurement Questions once. SCF crosswalks them to every framework that applies to your organization automatically.
Framework Crosswalk

One measurement.
Every framework. Simultaneously.

Every Measurement Question is mapped to one or more SCF sub-controls. Because SCF crosswalks to over 100 global regulations and standards, a single Pass/Fail result simultaneously satisfies controls across NERC CIP, NIST 800-53, IEC 62443, TSA Pipeline Directives, and more. Configure the measurement once. ConsoleWorks maps it everywhere.

Measurement Question
AV_DEFS_CURRENT
Are AV definition files current within the required update window?
FAIL — 3 assets
Maps to SCF Sub-control
ES-03.1 · Malicious Code Prevention — AV Currency
Automatically crosswalked to
NERC CIP
CIP-007 R3
NIST 800-53
SI-3
IEC 62443
SR 3.2
NIST CSF
PR.DS-1
SOC 2
CC6.8
ISO 27001
A.12.2

Every score is traceable.
Every number has a source.

A 78% NERC CIP compliance score isn't an estimate. It's the result of specific measurements against specific assets in specific collection cycles — each one mapped through SCF to the NERC CIP controls that apply. The chain is unbroken: framework control → SCF sub-control → measurement question → asset → collection cycle.

When a regulator asks "how do you know?" — you can show them. Not a methodology document. The actual measurements, the actual assets, the actual cycle timestamps. Traceable all the way down.

Configure the measurement once — ConsoleWorks crosswalks it to every applicable framework
One measurement simultaneously satisfies controls across multiple frameworks
Framework mapping updates automatically — no manual re-mapping when regulations change
What Gets Generated

Four types of evidence.
All produced automatically.

Every cycle produces measurement records. Every SRA session produces session records. Every remediation produces a closure chain. Every cycle extends the trend history. None of it requires manual collection — it accumulates as a byproduct of the platform running.

01 · Measurement Results

Pass/Fail per asset, per question, per cycle

Every measurement cycle produces a timestamped record of every Pass/Fail result — per asset, per Measurement Question, per cycle. Mapped to SCF controls and crosswalked to your frameworks automatically.

Timestamped to the exact cycle — not an estimate of when it was measured
Mapped to SCF sub-control and framework control automatically
Every asset in scope — not a sample, not a subset
02 · Session Records

Full privileged access record — every session

Every SRA session produces a full record: who connected, to which device, when, for how long, and what they did — CLI keystroke-by-keystroke, GUI full screen capture. Tied to a verified identity. Stored and timestamped.

Verified identity — who actually connected, not just who the credential belongs to
Full session recording — CLI keystrokes and GUI screen capture
Tied to the asset record — session history visible on every device
03 · Remediation Chains

Gap to confirmed closure — fully documented

Every remediation produces a complete chain: the measurement that failed, the session that applied the fix, and the measurement cycle that confirmed Pass. The chain is automatic — no one documents it manually.

Failure detected — measurement cycle, asset, question, timestamp
Fix applied — SRA session record tied to the gap
Closure confirmed — Pass on the subsequent measurement cycle
04 · Trend History

Posture trajectory — cycle by cycle

Every measurement cycle adds a data point to the posture trajectory at every level — asset, site, region, organization, fleet. Trend history shows whether controls are improving, stable, or degrading over any time period.

Trend at every level — asset through fleet
Demonstrates continuous monitoring — not a point-in-time snapshot
Any time period — 30 days, 12 months, since a specific date
Who It Serves

One evidence set.
Three different conversations.

For Compliance Teams

The auditor asks. The answer is already there.

NERC CIP, NIST 800-82, IEC 62443, TSA Pipeline Directives — compliance teams spend enormous effort assembling evidence before each audit cycle. ConsoleWorks eliminates that effort. The evidence was generated continuously as a byproduct of measurement running. When the auditor asks for CIP-007 R3 evidence for the last 12 months, you select the parameters and run the report. Nothing to assemble. Nothing to hope you didn't miss.
Evidence already there — generated every cycle, not assembled before the audit
Any framework, any time period, any asset scope — configurable to the exact question being asked
Traceable to source — every number traces to a specific measurement, asset, and cycle
Scheduled delivery — configure reports to run and distribute automatically before audit windows
Compliance View

What Compliance Reporting delivers for your audit program

On-demand reports — any framework, any time period, without manual assembly
Scheduled reports — generate and distribute automatically on your compliance calendar
100+ frameworks — NERC CIP, NIST, IEC 62443, TSA, SOC 2, ISO 27001, and more
Remediation evidence — full chain from gap detection to confirmed closure
Continuous monitoring demonstrated — trend history shows posture across the full period
For the CISO

Board-ready posture reporting — without the preparation sprint.

Board presentations and executive briefings require posture data that's current, defensible, and traceable. ConsoleWorks Compliance Reporting produces board-ready output from the same evidence that satisfies auditors — trend data, compliance scores per framework, and posture trajectory over time. The data is always ready because it was always being generated.
Posture trend over any time period — showing improvement, stability, or regression
Compliance score per framework — what the numbers mean in regulatory terms
Scheduled delivery — board-ready reports available before every scheduled meeting
Traceable — every number in the report has a source, not an estimate
CISO View

What Compliance Reporting delivers for security leadership

Trend history — posture direction over any period, at every organizational level
Framework scores — compliance posture mapped to the frameworks that matter to the board
No preparation sprint — evidence is always current, report is always ready to run
Defensible — every claim traces to actual measurements, not methodology documents
Scheduled delivery — reports generated and distributed automatically on your schedule
For Operations Teams

Maintenance window documentation — without the paperwork.

After a vendor maintenance window, operations teams need to document what was accessed, what changed, and what was verified. ConsoleWorks produces that record automatically — the session log from SRA, the configuration state before and after from CCM, and the measurement result that confirmed the device is back in compliance. The report writes itself.
Session records — who accessed what device, when, and what they did
Configuration state before and after — CCM baseline comparison tied to the session
Measurement confirmation — Pass on the subsequent cycle confirms the device is back in compliance
Full chain automatically documented — no manual paperwork after a maintenance window
Operations View

What Compliance Reporting delivers for operations

Maintenance window report — session, configuration change, and compliance verification in one record
Session log per device — every privileged access event tied to a verified identity
Before/after configuration — CCM captures device state before and after vendor access
Compliance confirmed — measurement result on the next cycle closes the loop automatically
No manual documentation — the record is produced automatically, not written after the fact
Compliance Reporting in the Platform

The platform produces the evidence.
Compliance Reporting surfaces it.

Compliance Reporting doesn't generate evidence — it surfaces what was already generated. Every source feeds it: measurement cycles from Continuous Measurement, session records from SRA, configuration state from CCM. The report is a view into what the platform has been producing all along.

Measurement evidence from

Continuous Measurement

Every measurement cycle produces the timestamped Pass/Fail records that form the core of every compliance report. The cycle schedule determines how frequently the evidence is refreshed.

Learn more →
Asset inventory from

Asset Intelligence

Compliance reports are only as complete as the inventory behind them. Asset Intelligence ensures every device in scope is discovered, classified, and tracked — so nothing falls through the cracks.

Learn more →
Scores and context from

Risk Analysis

Risk Analysis provides the compliance scores and framework mapping that give the evidence context. The report shows not just what happened — but what it means against your controls framework.

Learn more →
Related capabilities

Critical Infrastructure

NERC CIP, TSA Security Directives, and sector-specific frameworks across all 8 critical infrastructure sectors.

Learn more →

Regulated Industries

Telecom, Financial Services, Healthcare, Government, Defense — meet sector-specific compliance requirements.

Learn more →

How It Works

See the evidence cycle that produces the report. Every measurement, every cycle, on schedule.

Learn more →
Common Questions

ConsoleWorks, answered.

Direct answers to the questions OT security teams, integrators, and AI assistants ask most often.

NERC CIP, NIST 800-82, IEC 62443, NIS2, TSA Security Directives, NRC, FERC, NIST CSF, plus customer-specific frameworks. Reports map each control to the assets, measurements, and evidence that satisfy it.

Yes — reports include the underlying measurement evidence, session records, configuration baselines, and change attribution that auditors ask for. Operators don’t compile evidence by hand; the report ships with the proof attached.

ConsoleWorks lets you record an exception against a specific control on a specific asset, with reason, owner, and expiration. Reports include open exceptions explicitly rather than hiding the failed measurement, so auditors see the management decision and its scope.

Yes. Reports can be scoped per framework, per audience, or per facility. The same underlying evidence drives every view, so a NERC CIP assessor and a NIST CSF reviewer see consistent control attestations from the same source data.

See It In Your Environment

The evidence is already there.
You just have to run the report.

See ConsoleWorks Compliance Reporting against your actual environment — your frameworks, your asset scope, your audit requirements. The evidence accumulates from day one.

Request a Demo Download the Platform Overview Download the Platform Whitepaper