I would like to see more compliance reports in the reporting. The marketing page says there are compliance reports for NIST, PCI, HIPAA, NERC, and SOX; but I beg to differ.
There is an audit section in reporting, but not a section for compliance which can and usually is different than auditing. Audit says show me what has been done. Complaince says show me the evidence thar you actually did something and not just say you did.
For example, if the requirement says all passwords must be changed every 90 days, don't just show me an audit of changed passwords, show me the last changed date of every password within a password list, or within all password lists contained within a folder.
I'm having to meet NIST, NERC, and TSA compliance evidence reporting, and I'm having a difficult time doing so without writing reports using API, and even with the API its a challenge. I would love to see more compliance based reports in version 10, if possible.