I am looking for a way to report on HIPAA and PCI compliance using IVM Policies.
I looked through the existing policies and didn’t see any that stood out for what I was looking for.
Has anyone done something similar where you can give me some starting pointers?
I think the place you want to look is in scan templates for HIPAA and PCI compliance scans. Configure your site with the assets to be scanned and aside from verifying nothing would adversely affected you should be able to scan. Then you should be able to run reports off that.