During this phase, the overall identification of non-compliance with policies is provided as a calculated risk metric for review by the stakeholders. The Security State Analysis provides the state of compliance against this metric for several categories, such as:
- Operating system
- Region
- Country
- Application
