How CyberAudit Works
A short guide to how you run CyberAudit and how it behaves. We cover deployment options first, then the behavioral guarantees that make evidence audit-defensible.
How you run CyberAudit
Choose the deployment model that fits your environment
Direct endpoint installation
Install on one or more workstations (e.g. via MSI or setup bundle). Run scans on demand, view results in the desktop interface, and export reports. Best for small teams or quick assessments without a server.
InTune or SCCM deployment
Use a silent deployer for policy-driven rollout across your fleet. Set compliance thresholds and central logging; get structured audit reports. Fits organizations that already manage endpoints with Microsoft InTune or SCCM.
Agents + central server
Deploy lightweight agents to Windows and Linux endpoints; run a central server for the web dashboard and REST API. Get fleet-wide compliance visibility, remote scan and remediate commands, and continuous reporting. Scales to large environments.
How CyberAudit behaves
Behavioral guarantees that make evidence audit-defensible
Evidence Comes First
CyberAudit begins with evidence, not assumptions. Compliance status is derived from observable conditions—what can be verified and recorded—not from attestations or self-declaration. The system's behavior is anchored in evidence; the boundaries of what is in scope follow from what is present and verifiable.
Controls Are Interpreted
Controls are evaluated through a primary framework perspective. Cross-framework interpretation is supported: the same evidence and validation can be interpreted against multiple frameworks without re-entering or re-performing work. The result is reduction of duplicated effort while preserving consistency and traceability.
Verification Over Inference
CyberAudit refuses to infer compliance when conditions are ambiguous. If the observable state is unclear or partial, that state is preserved as an exception—not resolved by assumption. This is a guarantee: the system does not fill in gaps or mark controls satisfied without a clear, recorded basis.
Changes Are Optional and Reversible
Remediation is guided and controlled; never destructive. Changes can be reversed, and the path from one state to another is traceable. Assessment and remediation are intentionally decoupled: you can assess without changing, and when you choose to remediate, reversibility and traceability are preserved.
Exceptions Are Preserved
Failures, partial compliance, and deviations are retained. They are not removed or overwritten between assessment cycles. History is preserved so auditors can see what was found, when, and how it was addressed. Complete record of exceptions and their handling, not cosmetic compliance that hides gaps.
Evidence for Audit Review
Outputs are structured for clarity and review. Control-to-evidence relationships, validation outcomes, and exception history are presented consistently so auditors can follow the chain and compare across periods. Emphasis on repeatability, consistency, and audit-to-audit comparability.
Why This Holds Up in Real Audits
Auditors care about consistency, traceability, and preserved history. They need to see what was in scope, what was verified, what failed, and what changed between periods. Checklist completion—marking items done without a defensible evidence trail—does not hold up when an auditor asks for the basis of a finding or the history of an exception.
Audit defense depends on behavior that supports those expectations: evidence first, verification over inference, preserved exceptions, and reversible change. CyberAudit's guarantees are aligned with that. The result is a system that behaves in a way that holds up in real audits.
Design Principles
What guides our decisions
Transparency
No black boxes. Auditors can see how conclusions are reached.
Verifiability
Every claim backed by evidence that can be independently verified.
Continuity
Historical record preserved for audit-to-audit comparison.