v0.8.2

Release Date: February 17, 2026

What's Changed

Accuracy & Honesty Fixes

This release removes overclaimed features, fixes broken documentation, and ensures everything we advertise actually works.

• Removed stubbed report command - The auditkit report command printed a "not yet implemented" message. Removed from CLI. Use auditkit scan -format pdf to generate reports.
• Fixed website "Core Features" labeling - Six Pro-only features were listed under "Core Features" with no Pro indication. Relabeled as "Pro Features" with subscription note.
• Fixed "Both included" messaging - Desktop GUI section implied the GUI ships with the free edition. Clarified: "Both included with AuditKit Pro."
• Fixed drift-check command syntax - Website showed incorrect syntax. Updated to match actual CLI usage.
• Updated HIPAA control count - FAQ listed ~10 controls; actual count is ~15 across AWS, Azure, and GCP.

Documentation Cleanup

• Removed fictional Docker section - Installation docs advertised Docker support "Coming Soon" with no Dockerfile in the repo. Removed entirely.
• Removed overclaimed Pro report features - FAQ listed "Company branding" and "Custom evidence fields" as coming soon with no backing code. Removed.
• FedRAMP baseline filtering works - Docs labeled fedramp-low, fedramp-moderate, fedramp-high as "coming soon" but the feature was fully implemented. Updated docs to reflect this.
• Fixed sample report placeholder - Example SOC2 report contained "S3 logging check placeholder" text. Replaced with realistic evidence output.

Build Improvements

• Provider-specific binaries now included in releases - auditkit-aws, auditkit-azure, and auditkit-gcp are now built and published alongside the universal binary. Smaller downloads for single-cloud environments and faster CI/CD pipelines.

Code Cleanup

• Removed unused NotImplemented constant from Azure checks
• Fixed misleading "placeholder" comment in Azure identity check (it's a legitimate manual review check)

Downloads

Universal Scanner (all providers)

Platform	File	Size
Linux amd64	auditkit-v0.8.2-linux-amd64.tar.gz	59M
Linux arm64	auditkit-v0.8.2-linux-arm64.tar.gz	54M
macOS Intel	auditkit-v0.8.2-darwin-amd64.tar.gz	61M
macOS Apple Silicon	auditkit-v0.8.2-darwin-arm64.tar.gz	58M
Windows amd64	auditkit-v0.8.2-windows-amd64.zip	60M

AWS-Only Scanner

Platform	File	Size
Linux amd64	auditkit-aws-v0.8.2-linux-amd64.tar.gz	6.7M
Linux arm64	auditkit-aws-v0.8.2-linux-arm64.tar.gz	6.0M
macOS Intel	auditkit-aws-v0.8.2-darwin-amd64.tar.gz	6.8M
macOS Apple Silicon	auditkit-aws-v0.8.2-darwin-arm64.tar.gz	6.3M
Windows amd64	auditkit-aws-v0.8.2-windows-amd64.zip	6.8M

Azure-Only Scanner

Platform	File	Size
Linux amd64	auditkit-azure-v0.8.2-linux-amd64.tar.gz	6.8M
Linux arm64	auditkit-azure-v0.8.2-linux-arm64.tar.gz	6.4M
macOS Intel	auditkit-azure-v0.8.2-darwin-amd64.tar.gz	7.0M
macOS Apple Silicon	auditkit-azure-v0.8.2-darwin-arm64.tar.gz	6.7M
Windows amd64	auditkit-azure-v0.8.2-windows-amd64.zip	7.0M

GCP-Only Scanner

Platform	File	Size
Linux amd64	auditkit-gcp-v0.8.2-linux-amd64.tar.gz	12M
Linux arm64	auditkit-gcp-v0.8.2-linux-arm64.tar.gz	11M
macOS Intel	auditkit-gcp-v0.8.2-darwin-amd64.tar.gz	13M
macOS Apple Silicon	auditkit-gcp-v0.8.2-darwin-arm64.tar.gz	12M
Windows amd64	auditkit-gcp-v0.8.2-windows-amd64.zip	13M

Installation

# Universal (all providers)
tar -xzf auditkit-v0.8.2-linux-amd64.tar.gz
chmod +x auditkit-linux-amd64
./auditkit-linux-amd64 version

# AWS-only (90% smaller)
tar -xzf auditkit-aws-v0.8.2-linux-amd64.tar.gz
chmod +x auditkit-aws-linux-amd64
./auditkit-aws-linux-amd64 scan -framework soc2

# Azure-only
tar -xzf auditkit-azure-v0.8.2-linux-amd64.tar.gz
chmod +x auditkit-azure-linux-amd64
./auditkit-azure-linux-amd64 scan -framework soc2

# GCP-only
tar -xzf auditkit-gcp-v0.8.2-linux-amd64.tar.gz
chmod +x auditkit-gcp-linux-amd64
./auditkit-gcp-linux-amd64 scan -framework soc2

SHA256 Checksums

ef1accc4f7acf62397e0b84918a14266e84dd7eaa4ec974ea89934f7cb7a7d7e  auditkit-v0.8.2-linux-amd64.tar.gz
9b0be75a35822f76684aee21adbe71c2766fc7fea8647799b2cd3957fbecd3d0  auditkit-v0.8.2-linux-arm64.tar.gz
19a0218f71aab3ab46dbf2deda34c9dad62472b2bd6b68987368f28fb1d8bb0a  auditkit-v0.8.2-darwin-amd64.tar.gz
445b9c7c93875edf1118d92970b4c2775b4e6f917de01d2f8f05f7c132b5f34f  auditkit-v0.8.2-darwin-arm64.tar.gz
a812be54b65f62787e3c41a2d6d970308f74cc1f45b9321a0917b5062cd4ffd0  auditkit-v0.8.2-windows-amd64.zip
1dbdb07fe4215cd6803e8cce8e1508f7e3fc14d9be0abb88814dfe9752cebb12  auditkit-aws-v0.8.2-linux-amd64.tar.gz
0b9939c718815fc6c3ef719ae8d4222cfa6a205823af0faa1e8f691827288d7e  auditkit-aws-v0.8.2-linux-arm64.tar.gz
91d2a6d84d140e475f6e37a2899d136abcd3793fe9d3acb09a27315fe788f338  auditkit-aws-v0.8.2-darwin-amd64.tar.gz
aa09c60e6e5615be460088455c91fad98767c114e00e45c9e651d3efcb7a18cc  auditkit-aws-v0.8.2-darwin-arm64.tar.gz
d9bda173d6d0013acc0af89e9f3feecc625c22b9c716f5a0e0f8fcd52c1d10b7  auditkit-aws-v0.8.2-windows-amd64.zip
cc3de62ae4401ddc44facc97ad6b89cf81cb45ace2f05a8a32294eb47c49c710  auditkit-azure-v0.8.2-linux-amd64.tar.gz
465f6ea9522623dfdf661f03c672e9008dd46b3534573e2371981446fc22e6dd  auditkit-azure-v0.8.2-linux-arm64.tar.gz
346a10fd7d79d60c3139ae20bbc7330e5067685525724c5da34ddfddea675562  auditkit-azure-v0.8.2-darwin-amd64.tar.gz
297703efa0e5af9ec43d290807adef3ab3d58cf1a94f30c9aa906d3356e0ce40  auditkit-azure-v0.8.2-darwin-arm64.tar.gz
dcda5095e6549188d370f592767f0fab4c0c63d82b5f2bc14bfcc70113ad0014  auditkit-azure-v0.8.2-windows-amd64.zip
cb8f8ec06d2a074962f5c6ab9c678692831ddeeb7cfdbac77223de5086a6a03e  auditkit-gcp-v0.8.2-linux-amd64.tar.gz
e90c437d88fe690a297ccdd7256043eb43ac3d60356c7e6489c01c3a31939c9e  auditkit-gcp-v0.8.2-linux-arm64.tar.gz
d6bf724824d9d9be62cc1b2db140671c97a85264d1d4eaee1e9fa7aaae4d145e  auditkit-gcp-v0.8.2-darwin-amd64.tar.gz
9063888ed41bdb9f02ec3a7759188bdaf1eae5de7a9c0c5e1287695842c9dd4d  auditkit-gcp-v0.8.2-darwin-arm64.tar.gz
b24650e90b8717399a3327915f7d11a069bc85827a46d31d3618797c3fd94bf9  auditkit-gcp-v0.8.2-windows-amd64.zip

Full Changelog: v0.8.1...v0.8.2

AuditKit v0.8.1 - Full Prowler Integration + Other Improvements

What's New in v0.8.1

Prowler Integration

Import Prowler scan results directly into AuditKit with automatic framework mapping.

# Run Prowler first
prowler aws --output-formats json -o prowler-output

# Import into AuditKit
auditkit integrate -source prowler -file prowler-output.json

# Generate PDF report from Prowler results
auditkit integrate -source prowler -file prowler-output.json -format pdf -output report.pdf

Supported:

• AWS, Azure, and GCP Prowler outputs
• Automatic cloud provider detection
• Framework mapping to SOC2, PCI-DSS, CMMC, HIPAA, NIST 800-53, CIS, and more
• All output formats (text, JSON, HTML, PDF)

Azure Fix Script Generation

Generate remediation scripts for Azure resources - completing support for all three major cloud providers.

# Generate Azure fix script
auditkit fix -provider aws      # Already supported
auditkit fix -provider gcp      # Already supported
auditkit fix -provider azure    # NEW in v0.8.1

Evidence Tracker HTML

Interactive HTML checklist for tracking evidence collection during audit prep.

Features:

• Progress bar showing collection status
• Pass/fail statistics dashboard
• LocalStorage persistence (progress saves across browser sessions)
• Notes field for each control
• Export to JSON for backup/sharing
• Print-friendly layout

auditkit evidence-tracker -provider aws -output tracker.html

Improvements

• Evidence tracker now persists progress in browser localStorage
• Prowler integration auto-detects AWS/Azure/GCP from scan results
• Updated all documentation to v0.8.1

Installation

Download the binary for your platform below and run:

chmod +x auditkit-*
./auditkit-linux-amd64 scan -provider aws -framework soc2

See CHANGELOG.md for complete version history.

AuditKit v0.8.0

What's New in v0.8.0

AWS Data Analytics & ML Services (24 new checks)

SageMaker (6 checks)

• Notebook instance encryption
• Direct internet access disabled
• Root access disabled
• Endpoint encryption
• Training job encryption
• Model network isolation

Redshift (7 checks)

• Cluster encryption at rest
• Audit logging enabled
• Public accessibility disabled
• SSL/TLS enforcement
• Backup retention (7+ days)
• Automatic minor version upgrades
• Enhanced VPC routing

ElastiCache (5 checks)

• Encryption at rest
• Encryption in transit
• Automatic minor version upgrades
• AUTH token enabled
• Backup retention

OpenSearch (6 checks)

• Encryption at rest
• Node-to-node encryption
• HTTPS enforcement
• VPC deployment
• Audit logging
• Fine-grained access control

Offline Mode

Run scans without cloud connectivity - essential for air-gapped and classified environments.

New Framework Mappings

• GDPR - 27 articles mapped via NIST 800-53 crosswalk
• NIST CSF - All 5 functions with 23 categories mapped

Improvements

• AWS service coverage increased from 64 to 90+ automated checks
• All framework remediation guidance updated to January 2026 standards
• CIS AWS Benchmark mappings updated to v3.0
• PCI-DSS v4.0 remediation updated for 2026 requirements
• HIPAA guidance updated for 2026 enforcement requirements

Installation

Download the binary for your platform below and run:

chmod +x auditkit-*
./auditkit-linux-amd64 scan -provider aws -framework soc2

See CHANGELOG.md for complete version history.

AuditKit v0.7.1

AuditKit v0.7.1 Release Notes

Release Date: December 14, 2025

---

Compliance Check Accuracy Fixes

This release focuses on fixing compliance check accuracy issues across all three major cloud providers.

GCP PCI-DSS

Connected the comprehensive PCI-DSS v4.0 implementation covering all 12 requirements. The implementation existed but was not being used by the scanner.

• Requirement 1: Network Segmentation (firewall rules)
• Requirement 2: Default Passwords (manual checks with guidance)
• Requirement 3: Storage Encryption (CMEK verification, key rotation)
• Requirement 4: Encryption in Transit (SQL SSL enforcement)
• Requirement 5: Malware Protection (guidance for endpoint protection)
• Requirement 6: Secure Systems (patching, SDLC, WAF)
• Requirement 7: Access Control (least privilege, IAM)
• Requirement 8: Authentication (MFA, session timeout, key rotation)
• Requirement 9: Physical Access (inherited controls documentation)
• Requirement 10: Logging (audit logs, 12-month retention)
• Requirement 11: Security Testing (ASV scans, pen testing, FIM)
• Requirement 12: Security Policy (policies, risk assessment, training)

Azure PCI-DSS

Connected the comprehensive AzurePCIChecks implementation. Previously, Azure PCI scans were using filtered basic checks instead of the dedicated PCI implementation.

AWS Credential Report

Fixed CSV parsing for IAM credential reports. The unused credentials check was returning empty results due to parsing errors when processing the credential report CSV.

Azure VM Public IP Detection

Added proper NetworkInterfaces and PublicIPAddresses client integration for accurate detection of VMs with public IP exposure. Previous implementation was incomplete and could miss exposed VMs.

---

Upgrade Instructions

Download the new binary for your platform and replace your existing auditkit binary.

# Verify version
./auditkit --version
# Should show: AuditKit v0.7.1

---

Checksums

See auditkit-v0.7.1-checksums.txt in the release assets.

AuditKit v0.7.0 - Google Cloud Platform Support

Release Date: November 4, 2025

AuditKit now supports Google Cloud Platform (GCP) alongside AWS and Azure, making it the first open-source compliance scanner with unified coverage across all three major cloud providers.

---

What's New

Google Cloud Platform (GCP) Support

Scan GCP projects for SOC2, PCI-DSS, CMMC Level 1, NIST 800-53, ISO 27001, and CIS Benchmarks compliance.

Supported GCP Services:

• Cloud Storage (GCS) - Public access, encryption, versioning, logging
• Cloud IAM - Service account keys, MFA, primitive roles
• Compute Engine - Public IPs, OS patching, disk encryption, Shielded VM
• VPC Networks - Firewall rules, network segmentation, flow logs
• Cloud SQL - Public exposure, SSL enforcement, backups, encryption
• Cloud KMS - Key rotation policies, encryption at rest
• Cloud Logging - Audit logs, retention, export, log sinks
• GKE (Kubernetes Engine) - Binary authorization, network policies, dashboard access
• BigQuery - Dataset encryption, access controls

170+ automated security checks across these services.

Quick Start:

# Authenticate with GCP
gcloud auth application-default login
export GOOGLE_CLOUD_PROJECT=my-project-id

# Run SOC2 scan
./auditkit scan -provider gcp -framework soc2

# Generate PDF report
./auditkit scan -provider gcp -framework soc2 -format pdf -output gcp-soc2-report.pdf

New Compliance Frameworks

NIST 800-53 Rev 5

• ~150 automated technical controls across AWS, Azure, and GCP
• Covers FedRAMP Low/Moderate/High baseline requirements
• Essential for federal contractors and FedRAMP pursuits
• Framework crosswalk from existing SOC2/PCI/CMMC controls
• Use: -framework 800-53

ISO 27001:2022

• 93 total controls in the framework (54+ automated via crosswalk)
• Focus on Annex A technical controls (A.8)
• International information security standard
• Required for global enterprise sales and certifications
• Use: -framework iso27001

CIS Benchmarks

• AWS: 129 automated controls (combines CIS v1.4 and v3.0)
• Azure: 40+ automated controls (CIS Microsoft Azure Foundations v3.0)
• GCP: 56 automated controls (CIS Google Cloud Platform Foundations)
• Security hardening best practices beyond compliance checkboxes
• Proactive defense to reduce attack surface
• Use: -framework cis-aws, -framework cis-azure, -framework cis-gcp

Framework Coverage

All cloud providers now support the same frameworks with consistent reporting:

Framework	AWS	Azure	GCP	Purpose
SOC2 Type II	64 controls	64 controls	40 controls	SaaS trust & security
PCI-DSS v4.0	30 controls	30 controls	30 controls	Payment card security
HIPAA	70 mappings	62 mappings	40 mappings	Healthcare data protection
CMMC Level 1	17 practices	17 practices	17 practices	DoD contractor compliance
NIST 800-53 Rev 5	150+ controls	150+ controls	150+ controls	Federal/FedRAMP foundation
ISO 27001:2022	54+ controls	54+ controls	54+ controls	International InfoSec
CIS Benchmarks	129 controls	40+ controls	56 controls	Security hardening

Enhanced Framework Coverage

PCI-DSS Completion

• All 12 requirements now fully documented across all clouds
• Added Requirements 2, 5, 6, 9, 11, 12 organizational controls
• Complete coverage with both automated and manual controls

HIPAA Production Ready

• AWS: 70 framework mappings
• Azure: 62 framework mappings
• GCP: 40 framework mappings
• Moved from experimental to production status for technical safeguards

CMMC Level 1 Verified

• All 17 official practices confirmed
• Complete coverage across AWS, Azure, and GCP
• Removed mislabeled Level 2 controls

CSV Export

Export compliance results to spreadsheet format for compliance teams:

./auditkit scan -provider gcp -framework soc2 -format csv -output results.csv

• Compatible with Excel and Google Sheets
• Includes: Control ID, Name, Status, Severity, Evidence, Remediation, Console URLs
• Proper CSV escaping for special characters

Provider-Specific Binaries

Choose the right binary for your environment:

Universal Binary (All Platforms)

• Supports AWS + Azure + GCP in one binary
• Available for: Linux (amd64, arm64), Windows (amd64), macOS (Intel, Apple Silicon)
• Size: ~280MB
• Best for: Multi-cloud environments, desktop usage, Windows/Mac users

Provider-Specific Binaries (Linux Only)

• auditkit-aws - AWS-only (20MB, 93% smaller)
• auditkit-azure - Azure-only (26MB, 91% smaller)
• auditkit-gcp - GCP-only (44MB, 84% smaller)
• Best for: CI/CD pipelines, Docker containers, single-cloud deployments

Important: Provider-specific binaries are available for Linux only. Windows and macOS users should use the universal binary.

Documentation Restructure

The README was getting unwieldy at 1000+ lines, so we reorganized:

Before: Everything crammed into README.md

After:

• docs/frameworks/ - One guide per framework (CIS, ISO 27001, NIST 800-53)
• docs/setup/ - Provider-specific authentication and setup
• docs/examples/ - CI/CD integration examples
• README.md - Clean overview with links to detailed docs

---

Installation

Universal Binary (Recommended for Windows/Mac)

Linux (amd64):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-v0.7.0-linux-amd64.tar.gz
tar -xzf auditkit-v0.7.0-linux-amd64.tar.gz
chmod +x auditkit-linux-amd64
./auditkit-linux-amd64 scan -provider gcp -framework soc2

Linux (arm64):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-v0.7.0-linux-arm64.tar.gz
tar -xzf auditkit-v0.7.0-linux-arm64.tar.gz
chmod +x auditkit-linux-arm64
./auditkit-linux-arm64 scan -provider aws -framework pci

Windows (amd64):

# Download auditkit-v0.7.0-windows-amd64.zip from releases
# Extract and run:
.\auditkit-windows-amd64.exe scan -provider azure -framework soc2

macOS (Intel):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-v0.7.0-darwin-amd64.tar.gz
tar -xzf auditkit-v0.7.0-darwin-amd64.tar.gz
chmod +x auditkit-darwin-amd64
./auditkit-darwin-amd64 scan -provider aws -framework 800-53

macOS (Apple Silicon):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-v0.7.0-darwin-arm64.tar.gz
tar -xzf auditkit-v0.7.0-darwin-arm64.tar.gz
chmod +x auditkit-darwin-arm64
./auditkit-darwin-arm64 scan -provider gcp -framework iso27001

Provider-Specific Binaries (Linux Only - CI/CD Optimized)

AWS Only (20MB):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-aws-v0.7.0-linux-amd64.tar.gz
tar -xzf auditkit-aws-v0.7.0-linux-amd64.tar.gz
chmod +x auditkit-aws-linux-amd64
./auditkit-aws-linux-amd64 scan -framework cis-aws

Azure Only (26MB):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-azure-v0.7.0-linux-amd64.tar.gz
tar -xzf auditkit-azure-v0.7.0-linux-amd64.tar.gz
chmod +x auditkit-azure-linux-amd64
./auditkit-azure-linux-amd64 scan -framework cis-azure

GCP Only (44MB):

wget https://github.com/guardian-nexus/auditkit/releases/download/v0.7.0/auditkit-gcp-v0.7.0-linux-amd64.tar.gz
tar -xzf auditkit-gcp-v0.7.0-linux-amd64.tar.gz
chmod +x auditkit-gcp-linux-amd64
./auditkit-gcp-linux-amd64 scan -framework soc2

---

GCP Authentication

Three authentication methods supported:

Option 1: Application Default Credentials (Recommended)

gcloud auth application-default login
export GOOGLE_CLOUD_PROJECT=my-project-id
./auditkit scan -provider gcp -framework soc2

Option 2: Service Account Key

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json
export GOOGLE_CLOUD_PROJECT=my-project-id
./auditkit scan -provider gcp -framework pci

Option 3: GCE Metadata (for Compute Engine)

# Automatically detected when running on GCE, just set project ID
export GOOGLE_CLOUD_PROJECT=my-project-id
./auditkit scan -provider gcp -framework cmmc

Required Permissions: roles/viewer or equivalent read-only access to your GCP project.

---

Usage Examples

Multi-cloud SOC2 assessment:

./auditkit-linux-amd64 scan -provider aws -framework soc2 -format pdf -output aws-soc2.pdf
./auditkit-linux-amd64 scan -provider azure -framework soc2 -format pdf -output azure-soc2.pdf
./auditkit-linux-amd64 scan -provider gcp -framework soc2 -format pdf -output gcp-soc2.pdf

GCP security hardening with CIS Benchmarks:

./auditkit-gcp-linux-amd64 scan -framework cis-gcp -format html -output gcp-hardening.html

NIST 800-53 assessment for FedRAMP:

./auditkit-linux-amd64 scan -provider aws -framework 800-53 -format csv -output nist-results.csv

ISO 27001 technical controls:

./auditkit-linux-amd64 scan -provider gcp -framework iso27001 -format pdf -output iso-report.pdf

PCI-DSS for payment processing:

./auditkit-linux-amd64 scan -provider azure -framework pci -format html -output pci-report.html

---

Example Output

AuditKit v0.7.0 - SOC2 Compliance Scan
======================================
Provider: GCP
Project: production-project-12345
Framework: SOC2 Type II Trust Services Criteria
Scan Date: 2025-11-04 10:30:00 UTC

Overall Compliance Score: 72.5% (29/40 controls passed)

CRITICAL - Fix These NOW:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[FAIL] CC6.6 - User MFA Enforcement
       Evidence: 12 users without MFA enabled
   ...

v0.6.8 - NIST 800-53 Rev 5 Mapping Support

Release Date: October 13, 2025

What's New

NIST 800-53 Rev 5 Framework Crosswalk

AuditKit now supports NIST 800-53 Rev 5 scanning through an intelligent framework crosswalk system. Instead of building entirely new checks, we map your existing SOC2, PCI-DSS, and CMMC controls to NIST 800-53 control families.

Quick Example:

# Scan your AWS environment with 800-53 mapping
./auditkit scan -provider aws -framework 800-53

# See results with NIST control IDs
✓ Mapped CC6.6 → IA-2, IA-2(1), IA-5
✓ Mapped CC7.1 → AU-2, AU-3, AU-12
✓ Mapped CC6.1 → AC-2, AC-3, AC-17

[FAIL] IA-2, IA-2(1), IA-5 - Authentication Controls (via CC6.6)
[FAIL] AU-2, AU-3, AU-12 - Audit Logging (via CC7.1)
[FAIL] AC-2, AC-3, AC-17 - Access Controls (via CC6.1)

What You Get

Automated Technical Checks (~150 controls)

Control Families Covered:

• Access Control (AC): 12 automated checks
• Audit and Accountability (AU): 15 automated checks
• Identification and Authentication (IA): 18 automated checks
• System and Communications Protection (SC): 22 automated checks
• System and Information Integrity (SI): 14 automated checks
• Plus 14 more families: CA, CM, IR, MA, MP, PE, PL, PM, PS, RA, SA, SR (3-8 checks each)

Framework Crosswalk Mappings

The crosswalk intelligently maps:

• SOC2 → 800-53: CC6.6 (MFA) → IA-2, IA-2(1), IA-5
• PCI-DSS → 800-53: Requirement 8.3.1 (MFA) → IA-2(1), IA-5(1)
• CMMC → 800-53: AC.L1-3.1.1 → AC-2, AC-3

Report Generation

• PDF reports with 800-53 control IDs and evidence checklists
• HTML reports with interactive control navigation
• Shows source control so you know where the mapping came from

How It Works

1. Framework Crosswalk Engine

New pkg/mappings/crosswalk.go provides intelligent control mapping:

// Check if a control has 800-53 mappings
if crosswalk.ControlHas800_53(control.Frameworks, control.ID) {
    // Get the NIST 800-53 IDs
    nist80053IDs := crosswalk.Get800_53String(control.Frameworks, control.ID)
    // Result: "IA-2, IA-2(1), IA-5"
}

2. Dual Lookup Strategy

Primary: Uses your control's framework mappings

Frameworks: map[string]string{
    "SOC2": "CC6.6",
    "PCI":  "8.3.1",
}
// Crosswalk looks up: SOC2 CC6.6 → IA-2, IA-2(1), IA-5

Fallback: Uses control ID directly

Control: "CC6.6"
// Crosswalk looks up: CC6.6 → IA-2, IA-2(1), IA-5

This means all controls get mapped, even if they don't have explicit framework mappings!

3. Clean Output

Control IDs are cleaned and truncated for readability:

• Long IDs (>60 chars) truncated to prevent page overflow
• Unicode characters (→, •, —) converted to ASCII
• Source control shown in parentheses: "(via CC6.6)"

Important Limitations

What's NOT Included (FREE Version)

Organizational Controls (~850 controls)

• Policies and procedures
• Training records and documentation
• Risk assessments and management plans
• Business continuity and disaster recovery
• Physical security controls
• Third-party assessments

These require manual documentation and cannot be automated.

What's NOT Included (Any Version)

This is not:

• A complete NIST 800-53 certification tool
• A FedRAMP authorization package
• A replacement for security assessors
• A vulnerability scanner

This IS:

• An automated technical control checker
• A gap analysis tool for 800-53 readiness
• A mapping between SOC2/PCI/CMMC and 800-53
• A starting point for 800-53 compliance

Getting Started

Installation

# Clone and build
git clone https://github.com/guardian-nexus/auditkit
cd auditkit/scanner
go build ./cmd/auditkit

# Or download from releases
wget https://github.com/guardian-nexus/auditkit/releases/download/v0.6.8/auditkit-linux-amd64
chmod +x auditkit-linux-amd64

Basic Usage

# Run 800-53 scan
./auditkit scan -provider aws -framework 800-53

# Verbose output with mapping details
./auditkit scan -provider aws -framework 800-53 -verbose

# Generate PDF report
./auditkit scan -provider aws -framework 800-53 -format pdf -output report.pdf

# See all controls (no truncation)
./auditkit scan -provider aws -framework 800-53 --full

Azure Support

# Configure Azure credentials
az login
export AZURE_SUBSCRIPTION_ID="your-subscription-id"

# Run 800-53 scan on Azure
./auditkit scan -provider azure -framework 800-53

What's Changed

New Files

• pkg/mappings/crosswalk.go - Framework crosswalk engine
• pkg/mappings/framework-crosswalk.yaml - Control mappings database

Modified Files

• cmd/auditkit/main.go - Added 800-53 framework validation and filtering
• pkg/report/pdf.go - Added 800-53 report sections and control ID handling
• pkg/report/html.go - Added 800-53 framework label support

New Functions

• Get800_53ByControlID() - Direct control ID to 800-53 lookup
• Get800_53StringByControlID() - Formatted string output
• ControlHas800_53() - Check if control has 800-53 mapping
• Get800_53String() - Get comma-separated 800-53 IDs
• cleanString() - Unicode character cleanup for PDFs

Bug Fixes

• Fixed PDF generation errors with long control IDs (now truncated at 60 chars)
• Fixed unicode character handling in control names and evidence text
• Fixed framework detection for controls without explicit framework mappings
• Improved error handling when crosswalk YAML fails to load

Breaking Changes

None. This release is fully backward compatible. Existing scans (SOC2, PCI, CMMC, HIPAA) work exactly as before.

What's Next

Planned Features

• v0.7.0: Prowler integration for complete 1000+ control coverage
• v0.7.1: GCP provider support
• v0.8.0: FedRAMP baseline analysis (LOW/MODERATE/HIGH)
• v0.9.0: Kubernetes compliance scanning

Community Requests

See our roadmap for planned features and vote on what you'd like to see next.

v0.6.7 - HTML Report Hotfix

What's Fixed

HTML Report URL Overflow

Long console URLs in evidence guides now wrap properly instead of breaking page layout.

Before:

• URLs extended beyond page boundaries
• Evidence guides were unreadable
• Console links broke layout

After:

• URLs wrap across multiple lines
• Evidence guides stay within container
• Console links truncate with ellipsis

README Improvements

• 60% shorter (1000 lines → 400 lines)
• Better organized sections
• No excessive emoji usage
• Added HTML/PDF report preview section

Upgrade

# Download binary
wget https://github.com/guardian-nexus/auditkit/releases/download/v0.6.7/auditkit-linux-amd64

# Or rebuild from source
git pull origin main
go build ./cmd/auditkit

v0.6.6 - Critical Hotfix + Examples

v0.6.6 - Critical Hotfix + Examples

Critical Fixes

PCI-DSS Scanner Crash

• Fixed nil pointer dereference when AWS API calls fail
• Scanner now returns ERROR status instead of crashing
• Affects all PCI-DSS scans on v0.6.5 and earlier

Build Issues

• Removed duplicate min function causing compilation errors
• Stripped debug paths from binaries (security improvement)
• Binary size reduced ~30% (35MB → 24MB)

New Documentation

Examples Added

• Sample compliance reports (AWS/Azure SOC2, PCI-DSS, CMMC)
• Terminal output examples
• HTML and PDF report screenshots
• Real-world use cases documented

View examples: docs/examples/

Important

If using v0.6.5, upgrade immediately. That release contains the PCI-DSS crash bug and embedded build paths.

Installation

Linux (x64)

curl -LO https://github.com/guardian-nexus/auditkit/releases/download/v0.6.6/auditkit-v0.6.6-linux-amd64.tar.gz
tar -xzf auditkit-v0.6.6-linux-amd64.tar.gz
chmod +x auditkit-linux-amd64
./auditkit-linux-amd64 version

macOS (Apple Silicon)

curl -LO https://github.com/guardian-nexus/auditkit/releases/download/v0.6.6/auditkit-v0.6.6-darwin-arm64.tar.gz
tar -xzf auditkit-v0.6.6-darwin-arm64.tar.gz
chmod +x auditkit-darwin-arm64
./auditkit-darwin-arm64 version

Windows

Invoke-WebRequest -Uri "https://github.com/guardian-nexus/auditkit/releases/download/v0.6.6/auditkit-v0.6.6-windows-amd64.zip" -OutFile "auditkit.zip"
Expand-Archive -Path auditkit.zip -DestinationPath .
.\auditkit-windows-amd64.exe version

See CHANGELOG.md for complete version history.

Release Notes - v0.6.5 (Hotfix)

Release Date: October 11, 2025

What's Fixed

Critical Bug Fix: PCI-DSS scans no longer crash when AWS credentials have limited EC2 permissions. The scanner now gracefully handles permission errors instead of panicking.

Technical Details

• Fixed nil pointer dereference in PCI Requirement 1.2.1 (Network Segmentation)
• Fixed nil pointer dereference in PCI Requirement 2.2.2 (Default Configurations)
• Improved error messages to indicate missing permissions
• Removed hardcoded development paths from source files

Who Should Update

Anyone running PCI-DSS scans with restricted AWS credentials.

Upgrade Instructions

Linux/macOS

curl -L https://github.com/guardian-nexus/auditkit/releases/download/v0.6.5/auditkit-linux-amd64.tar.gz -o auditkit
chmod +x auditkit
./auditkit --version

Windows (PowerShell)

Invoke-WebRequest -Uri "https://github.com/guardian-nexus/auditkit/releases/download/v0.6.5/auditkit-windows-amd64.exe" -OutFile "auditkit.exe"
.\auditkit.exe --version

Using Go

go install github.com/guardian-nexus/auditkit/scanner/cmd/auditkit@v0.6.5

Full Changelog

Changed:

• PCI scanner error handling improved

Fixed:

• PCI-DSS scanner panic on insufficient EC2 permissions
• Error handling in network segmentation checks

---

Full Changelog: guardian-nexus/AuditKit@v0.6.4...v0.6.5

v0.6.4 - Enhanced Output Control with --full Flag

AuditKit v0.6.4

Enhanced output control with --full flag for complete visibility across all formats.

What's New

--full Flag

Added --full flag to show all controls in terminal output without truncation.

# Default behavior (concise output)
auditkit scan -provider aws -framework soc2

# Show all controls
auditkit scan -provider aws -framework soc2 --full

Complete PDF Reports

PDF reports now display all failed and passed controls without truncation. Previously limited to ~25 controls, PDFs now include complete control lists.

Changes

Format	Previous	Current
Console (default)	Truncated ~40 controls	Unchanged
Console (--full)	Not available	Shows all controls
PDF	Truncated ~25 controls	Shows all controls
HTML	Complete	Unchanged

Technical

• Added --full flag to CLI
• Removed truncation from PDF generator
• Added helper functions for control formatting

Bug Fixes

• Fixed PDF report truncation
• Fixed spacing in passed controls section
• Improved console output formatting

Installation

From binary:
Download the binary for your platform below.

From source:

git clone https://github.com/guardian-nexus/auditkit
cd auditkit/scanner
git checkout v0.6.4
go build ./cmd/auditkit

Usage

# Show all controls in terminal
auditkit scan -provider aws -framework soc2 --full

# Generate complete PDF
auditkit scan -provider aws -framework soc2 -format pdf -output report.pdf

# CMMC with full output
auditkit scan -provider aws -framework cmmc --full

Upgrade Notes

Fully backward compatible. The --full flag is optional and existing scripts will continue to work unchanged.

---

Full Changelog: guardian-nexus/AuditKit@v0.6.3...v0.6.4