A compliance scanner is a tool that automatically checks system configurations against defined security baselines and reports deviations. Well-known examples include OpenSCAP, Nessus Compliance Checks, CIS-CAT, and Microsoft Defender for Cloud.
In an ISMS, a compliance scanner supports the requirements of ISO 27001 Annex A controls A.8.9 (Configuration Management) and A.8.8 (Management of Technical Vulnerabilities). It automatically verifies whether systems conform to defined baselines (CIS Benchmarks, DISA STIGs, BSI recommendations) — covering password policies, disabled default accounts, enabled logging, and current patch levels. The results provide audit evidence and enable systematic remediation of deviations.