Skip to main content
Panguard Report maps your scan findings to recognized compliance frameworks and generates assessment reports. These reports evaluate your current readiness — they do not constitute certification.
Compliance reports assess your system’s alignment with framework controls. They are readiness assessments, not certifications. Use them to identify gaps before a formal audit.
1

Choose a framework

Panguard supports 3 compliance frameworks:
FrameworkControlsFocus
Taiwan TCSA10 controlsTaiwan Cyber Security Act compliance for government and critical infrastructure
ISO 2700130 controlsInternational information security management standard
SOC 210 controlsService organization controls for data security, availability, and privacy
Covers access control, network security monitoring, incident response procedures, data protection, system backup and recovery, vulnerability management, security awareness training, physical security, audit logging, and third-party risk management.
Comprehensive coverage including information security policies, asset management, access control, cryptography, physical security, operations security, communications security, system acquisition/development, supplier relationships, incident management, business continuity, and compliance.
Trust service criteria covering security, availability, processing integrity, confidentiality, and privacy. Includes logical and physical access controls, system operations, change management, and risk mitigation.
2

Generate a report

Run a scan and map the results to your chosen framework:
panguard report generate --framework iso27001

  PANGUARD AI - Compliance Report

  Framework:  ISO 27001
  Date:       2026-03-07
  Machine:    prod-web-01

  -- Control Assessment ---------------------

  A.5   Information Security Policies    PASS
  A.6   Organization of InfoSec          PASS
  A.7   Human Resource Security          N/A
  A.8   Asset Management                 PARTIAL
  A.9   Access Control                   FAIL
  A.10  Cryptography                     PASS
  ...

  -- Summary --------------------------------

  Total:    30 controls
  Pass:     18 (60%)
  Partial:  7 (23%)
  Fail:     3 (10%)
  N/A:      2 (7%)

  Readiness Score: 72% (Fair)

panguard report generate --framework tcsa
3

Choose output format

Reports can be exported as PDF or JSON:
panguard report generate --framework iso27001 --output report.pdf
The JSON format is useful for integrating compliance data into dashboards or CI/CD pipelines.
4

Set report language

Generate reports in English or Traditional Chinese:
panguard report generate --framework tcsa --lang en --output report.pdf
Taiwan TCSA reports default to zh-TW. ISO 27001 and SOC 2 reports default to en. Use --lang to override.
5

Review and remediate

For each FAIL or PARTIAL control, the report includes:
  • Finding: What the scan detected
  • Expected: What the framework requires
  • Remediation: Specific steps to achieve compliance
Example remediation output:
  Control A.9: Access Control                 FAIL

  Finding:     Root SSH login enabled, no key-only auth
  Expected:    Privileged access restricted, MFA or key-based auth
  Remediation:
    1. Set PermitRootLogin to 'no' in /etc/ssh/sshd_config
    2. Set PasswordAuthentication to 'no'
    3. Restart sshd: systemctl restart sshd
After applying fixes, re-run the report to confirm improvements:
panguard report generate --framework iso27001 --output updated-report.pdf

What to do next

Frameworks reference

Detailed documentation of all controls assessed per framework.

Output formats

PDF and JSON schema details, customization options.

Run your first scan

Reports are built on scan data. Make sure you understand the scan output first.

CLI report reference

Complete list of flags and options for the report command.