Exsecute / Run History / SOC2 Readiness Assessor (exe_9A8420)

SOC2 Output Artifact

Completed on March 18, 2026 • Runtime: 1h 45m

Run Status: Success Tokens Used: 145,200

SOC2 Type II Readiness Gap Assessment

92%

Control Coverage Score

1. Executive Summary

This automated assessment evaluated the AWS Infrastructure (`aws-us-east-1`) and GitHub Organization (`github-acme-org`) against the complete set of SOC2 Trust Services Criteria (Security, Availability, and Confidentiality).

The overall posture is strong, with CC6.0 (Logical and Physical Access) showing the highest maturity. Three (3) primary control gaps were identified that require remediation before initiating the formal observation period.

2. Critical Findings & Gaps

GAP-1: GitHub Branch Protections Missing on Production

Control: CC8.1 (System Development Life Cycle)

Detail: The repository `acme-core-api` lacks branch protection rules enforcing code reviews on the `main` branch. A minimum of 1 approval must be required.

📎 View Evidence: s3://.../evidence/github_branch_rules.json
GAP-2: Public Read Access on S3 Bucket

Control: CC6.6 (Logical Access Security)

Detail: The bucket `acme-corp-assets-dev` has an ACL permitting `PublicRead`. While this is a development bucket, it violates the strict least-privilege boundary without an explicit exception policy.

📎 View Evidence: s3://.../evidence/s3_acl_snapshot.json

3. Control Coverage Map

Criteria Segment Status Notes
CC1.0 - CC5.0 (Environment) ✔ Satisfied Policies verified via user input upload.
CC6.0 (Logical Access) ⚠ Partial MFA enforced, but S3 ACL gap present.
CC8.0 (System Changes) ✖ Failed Missing branch protections on `main`.