Skip to main content

Compliance Overview

Trio articles.

What “Compliance” Means in Trio (Technical Definition)

In Trio, compliance represents the evaluated state of an endpoint against a set of normalized security controls, derived from multiple regulatory and best-practice frameworks (e.g., CIS, ISO 27001, SAMA, GDPR, SOC 2).

Compliance is not a static label. It is a computed state generated by continuously evaluating:

  1. Policy-based controls (configuration enforcement)

  2. Control-check–based controls (telemetry-derived conditions)

  3. Static controls (always-pass, informational or inherited)

Each control evaluation produces evidence, which is aggregated upward across:

  • Devices

  • Platforms

  • Control groups

  • Frameworks

  • Organization-wide posture

High-Level Compliance Evaluation Flow (System Perspective)

  1. Agent Telemetry Collection

    • Endpoint agents collect device state, configuration, inventory, and runtime metadata

    • Telemetry is sent to the backend on a scheduled interval (hourly or event-driven)

  2. Policy State Resolution

    • Assigned policies are resolved per device scope

    • Policy presence and assignment state are validated (not runtime enforcement)

  3. Control Evaluation Engine

    • Each control is evaluated using one of three logic types:

      • Pass (static)

      • Policy (policy existence + assignment)

      • Control Check (backend telemetry condition)

  4. Evidence Generation

    • Each control evaluation emits evidence

    • Failed controls store failure reason and remediation path

  5. Aggregation & Scoring

    • Control states are aggregated by:

      • Device

      • Platform

      • Framework

      • Severity weighting (critical / high / medium)

Overall Endpoint Compliance Widget

What it represents:
A weighted aggregate of all evaluated controls across all active frameworks and enrolled endpoints.

Read more about this widget

Technical mechanics:

  • Only active frameworks are included

  • Controls marked as SKIP are excluded

  • Weighting favors:

    • Critical and high-severity controls

    • Policy-backed and control-check–backed controls

  • Trend deltas (e.g., “+3% in last 7 days”) are computed from historical snapshots

Key detail:
This score is derived, not stored. It is recalculated from control evidence snapshots.

Active Frameworks

What it represents:
The number of compliance frameworks currently enabled and contributing controls to evaluation.

Technical mechanics:

  • Framework activation dynamically registers its control set

  • Each framework maps to a normalized internal control schema

  • Controls may overlap across frameworks but are evaluated independently per framework context

Controls Passed / Total

What it represents:
The count of controls currently evaluated as passing versus the total evaluated controls.

Technical mechanics:

  • A “pass” is determined per control’s status logic

  • A control marked Policy only passes if:

    • Policy exists

    • Policy is assigned to the device scope

  • A control marked Control Check only passes if:

    • Backend telemetry satisfies the evaluation condition

  • Static Pass controls always increment the numerator

Compliance by Platform

What it represents:
Platform-scoped compliance posture (Windows, macOS, Android, iOS/iPadOS, Linux).

Read more about this widget

Technical mechanics:

  • Each platform has:

    • Platform-specific control applicability

    • Platform-specific policy compatibility

  • Compliance percentage reflects:

    • Passed controls ÷ applicable controls for that platform

  • The (51 / 155) pattern reflects:

    • Passed controls / total applicable controls for that platform

Important nuance:
A lower percentage does not necessarily indicate weaker security—often it reflects:

  • Platform-specific restrictions

  • Unsupported controls

  • Different enforcement models (e.g., iOS vs Windows)

Compliance by Framework

What it represents:
Framework-scoped compliance posture (e.g., CIS L1, SAMA, GDPR, SOC 2).

Read more about this widget

Technical mechanics:

  • Each framework evaluates its own control set independently

  • Controls may reference the same underlying policy but are counted separately

  • Framework compliance is not normalized across frameworks (91% in CIS ≠ 91% in GDPR semantically)

Agent Health

What it represents:
The freshness and reliability of endpoint telemetry contributing to compliance.

Read more about this widget

Technical mechanics:

  • Healthy agents

    • Recently reported telemetry within acceptable SLA

  • Stale agents

    • Have not reported within the expected reporting window

  • Stale agents:

    • Do not invalidate past evidence immediately

    • Gradually degrade confidence in compliance calculations

Why this matters:
Compliance accuracy is bounded by telemetry freshness.

Top Failing Controls

What it represents:
Controls with the highest number of failing endpoints across the environment.

Read more about this widget

Technical mechanics:

  • Sorted by:

    • Number of failing devices

    • Severity weight

  • Repeated entries (e.g., Disk Encryption) indicate:

    • Same control failing across multiple frameworks

Engineering insight:
This is the fastest way to identify systemic misconfiguration, not isolated incidents.

Compliance Trend

What it represents:
Time-series visualization of compliance score changes.

Read more about this widget

Technical mechanics:

  • Computed from historical snapshots

  • Snapshot frequency depends on:

    • Control re-evaluation cycles

    • Policy changes

    • Telemetry updates

  • Dotted reference lines represent:

    • Average compliance

    • Maximum observed compliance

Recent Logs

What it represents:
Latest control-level evaluation events.

Read more about this widget

Technical mechanics:

  • Each entry corresponds to a control evaluation result

  • Status types:

    • Passed: Evaluation condition satisfied

    • Pending: Policy exists but enforcement not yet confirmed

    • Failed: Control evaluation condition not met

  • Used as raw evidence for audit trails and remediation workflows

Automation & Remediation

What it represents:
The remediation lifecycle state of failed controls.

Read more about this widget

Technical mechanics:

  • Auto-remediated

    • System applied a predefined remediation (e.g., policy assignment)

  • Manual / Assisted

    • Admin intervention required

  • Pending

    • Remediation available but not yet executed

Key concept:
Remediation does not mark compliance directly—re-evaluation does.

Top Non-Compliant Groups

What it represents:
Device groups with the lowest aggregate compliance.

Read more about this widget

Technical mechanics:

  • Group compliance is calculated from member devices

  • Useful for identifying:

    • Departmental risk

    • Onboarding gaps

    • Mis-scoped policies

Summary: How Engineers Should Read This Dashboard

  • Compliance is computed, not declared

  • Every number traces back to:

    • A control

    • An evaluation logic

    • A data source

  • The dashboard is a projection layer over:

    • Agent telemetry

    • Policy state

    • Control evaluation results

Related Articles
Overall Endpoint Compliance
Compliance by Platform
Compliance by Framework
Compliance Trend
Recent Logs
Did this answer your question?