Following the theme of continuous compliance, we also need to provide our stakeholders with some assurance. This usually comes in various flavors of reporting, whether that be security event reporting, cost trend analysis, or patch currency reports. Reports are, for the most part, a point-in-time snapshot of a particular set of metrics. These metrics are likely to be tracked closely by risk or governance teams, so they must be accurate. It would be great if we could automate this, so we can have the results in a timely manner with minimal input from ourselves.

One of the compliance frameworks your organization might be aligning to and reporting against is the CIS Controls and Benchmarks. This is a standard that encompasses ...