Continuous Compliance Scanning Agent

Description

Runs automated compliance checks on a scheduled basis to detect configuration drift, expired certificates, overprivileged accounts, and policy violations. Findings are surfaced to a compliance dashboard with severity ratings and remediation guidance.

Canonical use case

A security operations team uses the continuous scanning agent to receive daily reports on open access control exceptions and expiring TLS certificates, enabling them to remediate issues before they become audit findings.

Open Items

• [ ] Canon alignment — populate canon_axiom_refs or confirm no existing axiom applies
• [ ] Dependency assessment — set dependencies_assessed: true once SA has reviewed the full chain
• [ ] effort_estimate — replace 0 with rough engineering days (order of magnitude)
• [ ] public_description — write the public-facing description before publishing