Compliance

Summary cnquery is an open-source tool from Mondoo for asking questions about the current state of your infrastructure. Using the Mondoo Query Language (MQL),

Summary cnspec is an open-source security and compliance scanner from Mondoo. It evaluates infrastructure against policies expressed as code—security

Summary The EU AI Act—Regulation (EU) 2024/1689—is the European Union's comprehensive law for regulating artificial intelligence. It takes a risk-based

Summary The EU Data Act—Regulation (EU) 2023/2854—is European legislation that governs who can access and share the data generated by connected products and

Summary GAIA-X is a European initiative aimed at establishing a federated and sovereign data infrastructure for Europe. Rather than building a single cloud, it

Summary An Access Control List (ACL) is an ordered set of rules attached to a resource that specifies which subjects (users, groups, source addresses, services)

Summary The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) is a 2018 US federal law. It clarifies that US authorities can compel US-based technology

Summary Device posture is the security state of an endpoint at the moment it tries to connect — patch level, OS version, disk encryption, EDR/MDM enrolment,

Summary On-premises (often shortened to "on-prem") means running software and infrastructure in facilities owned or operated by the using

Summary Schrems II is the 2020 judgment of the Court of Justice of the European Union (case C-311/18). It invalidated the EU–US Privacy Shield framework and

Summary A SIEM (Security Information and Event Management) platform ingests security events from across an environment, normalises and correlates them, and

Summary Zero Trust is a security model that grants access based on continuously verified identity, device posture, and policy. It explicitly drops the idea that

Summary CINC Auditor is an open-source, license-free rebuild of Chef InSpec that enables infrastructure compliance testing and auditing using the same profile

Summary CVE (Common Vulnerabilities and Exposures) is a publicly maintained dictionary of known security vulnerabilities and exposures, each assigned a unique

Summary DORA (Digital Operational Resilience Act) is an EU regulation that entered into force in January 2025, requiring financial institutions and their

Summary GDPR (General Data Protection Regulation) is the EU regulation that sets out rights for individuals over their personal data and obligations for

Summary HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that sets national standards for protecting sensitive patient health

Summary ISO 27001 is the leading international standard for information security management systems (ISMS), providing a systematic approach to managing

Summary Mondoo is a security posture management platform that enables organizations to continuously assess and enforce security policies across cloud

Summary The NIS2 Directive (Network and Information Security Directive 2) is an EU regulation that mandates minimum cybersecurity standards across critical and

A lot has happened in the eight months since we covered Mondoo's March 2025 release. If you're already using the platform, you've probably noticed some big

In today’s fast-paced digital world security isn’t optional, it’s a foundation. Whether you're running microservices in Kubernetes, managing cloud resources, or

Mondoo bills itself as a comprehensive exposure management platform – think a single pane for all your security needs, on-prem and in the cloud. In practice,

In the rapidly evolving world of software development, securing and managing the integrity of codebases is paramount, particularly for organizations subject to

Ensuring Access Control and Secrets Management with HashiCorp Boundary and Vault in HCP and AWS Ensuring access controls and secrets management is critical in

In today's fast-paced digital landscape, efficient case management is crucial for organizations to stay on top of security and compliance issues. Mondoo, a

In the previous posts of this blog series, we introduced the Mondoo platform, its Terraform provider resources, data sources, and imports, exploring how they

Introduction In today's fast-paced digital landscape, ensuring compliance with various frameworks is crucial for companies to maintain the security and

In the previous posts of this blog series, we introduced the Mondoo platform, its Terraform provider resources and data sources, exploring how they enhance

As organizations strive to safeguard their digital assets, innovative solutions like Mondoo have emerged to enhance security and compliance across various

In an era where information security management is more crucial than ever, organizations are seeking innovative solutions to safeguard their digital assets

In today's dynamic and complex cloud environments, organisations face significant challenges in managing costs while ensuring compliance and operational

This is the second post in a series about IT compliance with Mondoo. This post will focus on how to add your own custom policies to Mondoo. Make sure to

This is the first post in a series about IT compliance with Mondoo. This post will focus on the basics of Mondoo and how you can use it to get insights about

The first Infracoders/DevOps/CloudNative Meetup after the summer break took place on the 11th of September, 2018 in Graz. About 15 Infracoders were excited