Every finding, mapped to the controls your auditor asks for

Siemserva carries the framework mapping with the finding. 31 MCSB controls and 81 CISA SCuBA codes baked into the report natively, every scan, across 650+ underlying checks. The Siemserva MCP layer reaches the rest: NIST 800-53, NIST 800-171, ISO 27001, SOC 2, HIPAA, PCI-DSS, CIS Controls, MITRE ATT&CK, Microsoft Zero Trust Assessment, through Claude, bridged live by Senserva Trustworthy AI using the same source data as evidence.

Every Siemserva scan generates audit-ready evidence for compliance: each finding ships with the underlying data Siemserva used to detect it, the control mapping it satisfies (or fails), and a validated remediation step.

Compliance view, generated automatically

One scan produces the Compliance tab below. Each row is a Microsoft 365, Intune, or Entra ID finding with the framework codes it satisfies (or fails) right next to it. Filter by code, jump to the failing finding, export to HTML, or pipe the same data into Claude over MCP.

Siemserva Compliance tab mapping Microsoft 365, Intune, Entra ID, and Purview findings to CISA SCuBA, NIST, MCSB, and CIS controls

Compliance tab in the live dashboard. Same data lands in the HTML report and the MCP tool responses.

What lands in the evidence packet

Compliance is not a list of issues. It is a list of issues with proof. Every Siemserva HTML report ships the four things an auditor asks for on the same finding row, so there is no separate document to assemble after the scan.

1. THE FINDING

Named entity, severity, the specific configuration or gap, and which Microsoft 365 / Intune / Entra ID workload it lives in.

2. THE PROOF

Underlying scan data Siemserva used to reach the conclusion: policy assignment, user properties, sign-in trace, audit-log event, group-membership chain. Reproducible, not synthesized.

3. THE CONTROL MAPPING

MCSB v2 and CISA SCuBA codes attached at the row level on every scan. Ask Claude over the Siemserva MCP to bridge to NIST 800-53, NIST 800-171, ISO 27001, SOC 2, HIPAA, PCI-DSS, CIS Controls, MITRE ATT&CK, and Microsoft ZTA.

4. THE REMEDIATION

A validated, step-by-step fix written by Senserva Trustworthy AI. Where possible, an attached PowerShell script ready for review and apply, plus a re-prove pass after the fix lands.

One scan. One self-contained HTML file. Prints to PDF for the audit packet. Try it on the demo →

Frameworks supported out of the box

Siemserva ships with the mappings already done. Nothing to configure, no separate compliance tool to license. Every native check, plus Maester, Microsoft ZTA, and any of your own PowerShell scripts, lands in the same mapped catalog.

Microsoft Cloud Security Benchmark

31 MCSB v2 controls across Identity, Access, Privileged Access, Posture, Data Protection, Logging, and Incident Response. Maps to Azure baselines and the Microsoft Security Score so your posture column moves the same direction as the M365 admin centers.

Example codes: IM-1, PA-7, LT-3, DS-2

CISA SCuBA Baselines

81 SCuBA codes across MS.AAD (Entra ID), MS.EXO (Exchange Online), MS.SHAREPOINT, MS.TEAMS, MS.DEFENDER, MS.POWERPLATFORM, and MS.INTUNE. The federal baseline the auditor on a public-sector engagement is going to ask for first.

Example codes: MS.AAD.3.1v1, MS.EXO.2.2v2, MS.TEAMS.6.1v1

Microsoft Zero Trust Assessment

ZTA test results land as first-class findings. Same severity model, same remediation language, same dashboard tab. Run the official ZTA tool or let Siemserva run it inline; either way it shows up in the same Compliance view.

Three concrete examples

What a Siemserva finding looks like with the compliance mapping attached. These are not mock-ups: this is the same data shape the dashboard, the HTML reports, and the MCP tools all return.

Finding 12 of 247 . Conditional Access
CRITICAL . Severity 1875 CONDITIONAL ACCESS

Require MFA for All Users policy excludes the Finance group (28 users)

28 high-privilege Finance users are exempt from the MFA Conditional Access policy. The most common pattern behind business email compromise lives exactly here: one exclusion group that swallowed the rule.

MCSB
IM-6: Use strong authentication controls
CISA SCuBA
MS.AAD.3.1v1, MS.AAD.3.2v1
NIST 800-53
IA-2(1), IA-2(2)
MITRE ATT&CK
T1078 (Valid Accounts), TA0006 (Credential Access)
Finding 31 of 247 . Exchange Online
HIGH . Severity 375 EXCHANGE ONLINE

Auto-forwarding to external domains is allowed at the tenant level

Any compromised mailbox can silently forward inbound mail to an attacker-controlled inbox. The classic data-exfil path after a phishing foothold. Microsoft set the tenant default to Off in 2020; this tenant has it back On.

MCSB
DS-7: Limit data flow to untrusted networks
CISA SCuBA
MS.EXO.1.1v1
CIS Controls
CIS 3.13, CIS 13.4
MITRE ATT&CK
T1114.003 (Email Forwarding Rule)
Finding 4 of 247 . Privileged Access
CRITICAL . Severity 1875 PRIVILEGED IDENTITY

7 standing Global Administrators (PIM-eligible only is 0)

Every Global Admin in this tenant holds the role permanently. None are eligible-only via Privileged Identity Management. Standing-admin count is the single biggest privilege-creep signal and the first thing an attacker who phishes a help-desk credential goes after.

MCSB
PA-1, PA-2, PA-7 (Privileged Access)
CISA SCuBA
MS.AAD.7.1v1, MS.AAD.7.2v1, MS.AAD.7.5v1
NIST 800-53
AC-2(7), AC-6(5), AC-6(7)
MITRE ATT&CK
T1098 (Account Manipulation), T1078.004 (Cloud Accounts)

SCuBA scorecard, one keystroke away

Press C in the dashboard for the SCuBA-by-code scorecard. Every required code, pass or fail, with the count of failing findings and a one-click jump to the offending row. Same view exports to HTML for compliance review packets.

Siemserva SCuBA scorecard table showing real CISA SCuBA control codes with pass/fail status

The compliance answer, on the first scan

Stop hand-mapping findings to controls in a spreadsheet. Siemserva does it on every scan: MCSB v2 + CISA SCuBA baked into the HTML report, with the rest (NIST 800-53, NIST 800-171, ISO 27001, SOC 2, HIPAA, PCI-DSS, CIS) reached live through Claude over the Siemserva MCP.

Quick Start All Siemserva features