What is a one sentence summary of your feature request?
Allow administrators to query CIS benchmark results by control ID and server, and expose this data via API so it can be integrated into custom reports and external tools.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Change Tracker currently generates CIS compliance reports as static PDF documents, which can run to hundreds of pages for enterprise environments. While this satisfies audit checkbox requirements, it provides no practical way to manage CIS compliance operationally. There is no ability to query which specific servers are non-compliant with a given control (e.g. “which servers fail CIS control 2.1?”), no way to identify servers that have been decommissioned or newly built and are missing from the compliance scope, and no API access to the underlying compliance data beyond a small set of administrative functions.
The ideal solution would provide: 1. a queryable data layer behind CIS results- either through a supported API or direct database access- allowing administrators to filter and pivot results by control ID, server, compliance status, or date; 2. a dashboard or reporting interface that reflects this granularity without requiring PDF generation; and 3. the ability to integrate CIS compliance data into external reporting tools such as SSRS or similar BI platforms. This would transform Change Tracker’s CIS module from an audit artifact generator into an operational compliance management tool.
How do you currently solve the challenges you have by not having this feature?
Currently the only available output is a static, paginated PDF report. There is no practical way to cross-reference it with live infrastructure inventory, identify which servers are missing from compliance scans, or track remediation progress at the control level. As a workaround, some customers are rebuilding the entire CIS compliance process on top of Netwrix Access Analyzer, using its data access and reporting capabilities to compensate for the visibility gaps in Change Tracker’s CIS module. This is a significant additional effort that should not be necessary given that Change Tracker is the certified CIS tool in the stack.