> For the complete documentation index, see [llms.txt](https://docs.balkan.id/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.balkan.id/compliance-controls-and-posture/compliance-controls.md).

# Compliance controls

Use **Settings → Compliance** to configure the Compliance module.

This area is available to admins.

It is the control plane for Compliance. Use it to manage framework behavior, suppressions, exception rules, and recomputation.

If you are new to the feature, start with [Compliance overview](/compliance-controls-and-posture/compliance-overview.md). If you want the monitoring and triage workflow, go to [Compliance posture](/compliance-controls-and-posture/compliance-posture.md).

***

### Frameworks tab

The **Frameworks** tab lists supported frameworks.

Each row shows core framework details such as name, short name, description, and version. Superseded frameworks also show their replacement.

Open a framework to review its criteria.

The framework detail view shows each criterion with:

* Name
* Severity
* Suppression status
* Exception status
* Mapped controls count
* Deleted or superseded state

Admins can open a criterion row to add a suppression or exception scoped to that criterion.

This view is useful when you want to understand how a framework is structured before deciding whether to suppress or except a criterion.

<div data-with-frame="true"><figure><img src="/files/VIMvRUnuMsRsAQlv4zV7" alt=""><figcaption></figcaption></figure></div>

***

### Suppressions tab

The **Suppressions** tab lists suppression rules across frameworks.

Use it to review active rules and remove outdated ones. For guidance on when to suppress rather than except, see [Suppressions and exceptions](/compliance-controls-and-posture/suppressions-and-exceptions.md).

Each record includes framework, criterion, scope, reason, authorship, dates, and status.

Filter the table by **Active**, **Deleted**, or **All**.

Use **View scope** to inspect the entity filter, if any.

Suppressions can be either:

* **Blanket** — hide all violations for a criterion
* **Scoped** — hide only matching violations for entities defined by a filter

#### Add a suppression

{% stepper %}
{% step %}

### Choose the criterion

Click **Add Suppression**.

Select the framework criterion to suppress.
{% endstep %}

{% step %}

### Choose the scope

Leave **Scope to specific entities** off for a blanket suppression.

Turn it on to build a scoped filter.
{% endstep %}

{% step %}

### Save the rule

Optionally add a reason.

Save the rule to apply it.
{% endstep %}
{% endstepper %}

Use blanket suppressions carefully. They are faster to configure, but they remove the entire criterion from posture visibility.

Use scoped suppressions when you want to carve out a known subset of entities without hiding the broader control signal.

***

### Exceptions tab

The **Exceptions** tab lists rule-based exceptions across frameworks.

Use it to review existing exceptions and remove stale rules. For the decision model behind this flow, see [Suppressions and exceptions](/compliance-controls-and-posture/suppressions-and-exceptions.md#exceptions).

Filter the table by **Active**, **Deleted**, or **All**.

Each record includes framework, criterion, reason, authorship, dates, and status.

#### Add an exception

{% stepper %}
{% step %}

### Choose the criterion

Click **Add Exception**.

Select the framework criterion.
{% endstep %}

{% step %}

### Define the scope

Build an entity filter.

Exceptions are always scoped. See [Working with filters](/getting-started/entitlement-data-discovery/working-with-filters.md) if you need help defining the scope.
{% endstep %}

{% step %}

### Save the rule

Optionally add a reason.

Save the exception.
{% endstep %}
{% endstepper %}

Exceptions always require a scope. There is no blanket exception. This keeps accepted risk explicit and traceable to a defined set of entities.

Admins can also use this tab to review who created an exception rule and when it was last updated.

Exceptions created on specific violations from [Compliance posture](/compliance-controls-and-posture/compliance-posture.md#add-an-inline-exception) by risk managers will also show up here.

***

### Recompute compliance violations

Use **Recompute compliance violations** when you need to refresh posture after a meaningful change.

This action queues a background job.

You can scope the recompute to one integration.

If you do not select an integration, BalkanID recomputes all integrations.

This is especially useful after changes to one connected system. For integration context, see [Viewing your application integrations](/getting-started/entitlement-data-discovery/viewing-your-application-integrations.md) and [Application Integrations](/getting-started/setting-up-your-tenant/application-integrations.md).

This is useful after:

* enabling a new framework,
* changing suppressions or exception rules,
* adjusting control configuration,
* or validating changes for one integration without recomputing everything.

After submission, BalkanID confirms:

> Compliance violations recompute has been queued. Once complete, you'll be able to view them on the Compliance Posture Dashboard.

Once the job finishes, review the results in [Compliance posture](/compliance-controls-and-posture/compliance-posture.md).

***

### Out-of-date posture warning

If control configuration changed after the last scan, BalkanID shows a warning banner on [Compliance posture](/compliance-controls-and-posture/compliance-posture.md#out-of-date-posture-warning).

The banner indicates that summary statistics may be stale until you run a recompute.

This warning is especially relevant after changes to control mappings, suppressions, or exception rules.

<div data-with-frame="true"><figure><img src="/files/IikbmJoGG5QotwXQRyz3" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.balkan.id/compliance-controls-and-posture/compliance-controls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.