AuditKit - Multi-Cloud Compliance Scanner

4 min read Original article ↗

Stop paying $50K per framework. One scanner, five frameworks, four cloud providers.

SOC2 PCI-DSS CMMC L1 HIPAA NIST 800-53

The Problem

Compliance is Expensive

Consultants charge $50K+ per framework. SOC2, PCI, HIPAA, CMMC? That's $200K just to understand what you're missing.

Tools Don't Tell You What to Fix

Cloud security scanners find issues but don't explain how to fix them or what evidence auditors need.

Manual Evidence Collection Sucks

Spending weeks taking screenshots and compiling evidence packages for auditors is mind-numbing work.

The Solution

$ auditkit scan -provider aws -framework soc2 -verbose

✗ FAIL | CC6.6 | MFA Not Enforced Evidence: 3 IAM users without MFA: admin-user, deploy-bot, john.doe Remediation: aws iam enable-mfa-device --user-name admin-user Screenshot Guide: IAM → Users → Security credentials → Show MFA enabled Console URL: https://console.aws.amazon.com/iam/home#/users

✓ PASS | CC6.1 | CloudTrail Logging Enabled Evidence: CloudTrail enabled in all regions, logs encrypted Frameworks: SOC2 (CC6.1), PCI-DSS (10.2.2), CMMC (AU.L2-3.3.1)

Multi-Cloud Coverage

One tool. Four cloud providers. Stop juggling separate scanners.

AWS

64+

IAM, S3, EC2, CloudTrail, KMS, RDS, VPC

Azure

64+

Entra ID, Storage, NSGs, SQL, Key Vault

GCP

170+

Cloud Storage, IAM, Compute, SQL, KMS, Logging

Microsoft 365

29+

Entra ID via ScubaGear integration

Azure Arc (On-Premises)

PRO ONLY

Extend compliance scanning to your on-premises servers connected via Azure Arc. AuditKit Pro pulls security assessments from Microsoft Defender for Cloud and Guest Configuration policies—bringing hybrid environments into your compliance posture.

Defender Assessments

Updates, encryption, vulnerabilities, endpoint protection

Guest Configuration

Azure Policy compliance for Windows/Linux baselines

Agent Health

Monitor Arc agent connectivity status

Free Version

  • SOC2 complete (64 controls)
  • PCI-DSS v4.0 (30+ controls)
  • CMMC Level 1 (17 practices)
  • AWS, Azure, GCP, M365
  • PDF/HTML/JSON reports
  • Evidence collection guides

Pro Version ($297/mo)

  • CMMC Level 2 (110 practices)
  • GCP Advanced (GKE + Vertex AI)
  • Multi-account scanning
  • Evidence package generator
  • Continuous monitoring daemon
  • Drift detection
  • Priority support

Installation

# Quick install (Go required) go install github.com/guardian-nexus/auditkit/scanner/cmd/auditkit@latest
# Or build from source git clone https://github.com/guardian-nexus/auditkit.git cd auditkit/scanner && go build ./cmd/auditkit
# Run your first scan ./auditkit scan -framework soc2 -format pdf -output report.pdf
# Multi-framework scan ./auditkit scan -framework all -format pdf
# Azure scan az login export AZURE_SUBSCRIPTION_ID="your-subscription-id" ./auditkit scan -provider azure -framework soc2
# GCP scan gcloud auth application-default login export GOOGLE_CLOUD_PROJECT="your-project-id" ./auditkit scan -provider gcp -framework soc2

See It In Action

Real scan outputs and reports from actual customer environments

What a PASS Looks Like

Controls that meet compliance requirements show specific evidence of what's configured correctly.

✓ PASS | CC6.6 - Authentication Controls Root account has MFA enabled → Meets SOC2 CC6.6, PCI DSS 8.3.1, HIPAA 164.312(a)(2)(i)
✓ PASS | CC6.3 - Encryption at Rest All 15 S3 buckets have encryption enabled → Meets SOC2 CC6.3, PCI DSS 3.4, HIPAA 164.312(a)(2)(iv)

What a FAIL Looks Like

Failed controls show exactly what's wrong, how to fix it, and what evidence you'll need for auditors.

✗ FAIL | CC6.1 - Access Controls Issue: SSH open to 0.0.0.0/0 Security Group: sg-0ab56571076bcff37 (port 22) → Violates PCI DSS 1.2.1
Fix: aws ec2 revoke-security-group-ingress \ --group-id sg-0ab56571076bcff37 \ --protocol tcp --port 22 --cidr 0.0.0.0/0
Evidence needed: 1. Go to EC2 → Security Groups 2. Screenshot 'Inbound rules' tab 3. Show NO rules with 0.0.0.0/0 for port 22

Interactive HTML Reports

Generate professional compliance reports with scores, failed controls, remediation steps, and direct console links.

Want to see more examples?

Browse terminal scan outputs, PDF reports, console screenshots, and more evidence samples.

Browse All Examples →

Who Should Use This

Perfect For

  • Defense contractors needing CMMC compliance
  • Startups facing SOC2 + PCI + HIPAA simultaneously
  • Companies quoted $50K+ per framework
  • Engineers who prefer fixing things themselves
  • Multi-cloud organizations
  • Teams tired of running 5 different scanners

NOT For You If

  • You need someone to do compliance for you
  • You want a magic "pass audit" button
  • You need vendor certifications
  • You require hand-holding

Need CMMC Level 2?

DoD contractors handling CUI must comply. Identify all 110 gaps in 30 minutes vs 30 days.

110

CMMC Level 2 Practices

30 min

To Identify All Gaps

$50K+

Savings vs Consultants