Secureframes Test Pages provides a comprehensive list of all Tests (passing, failing, at risk, and not-applicable) based on the frameworks you have purchased.
The Test page provides users who are not as familiar with Controls/Requirement an easy list of items needed to complete before audit.
Each tests are mapped with the respective Framework, Controls, Requirement so that your efforts seamlessly translate to additional frameworks if applicable.
Passing Tests - the test have met all individual evidence criteria and is currently passing
Failing Tests - the test have not met all the individual evidence criteria (ex, 1 of 5 users have acknowledged policies)
At Risk Tests - this test is part of the tolerance window configuration where a test will move from "passing" to "at risk" instead of failing instantly. The test is "At Risk" to failing.
Not Applicable Tests - the tests are not applicable based on the framework you currently have enabled, or the Test in question is not currently mapped to any controls which keeps the test in a Not Applicable status.
What is a Test?
A Test proves whether a Control is or is not operating as designed. A Control is operating as designed when the Test(s) that make up a Control are all passing. A Test can satisfy multiple Controls and multiple Controls can be satisfied by a Test. Typically, there are multiple Tests that support a single Control.
Secureframe has three types of tests available within the platform:
Integration tests: leverage our integration automations to verify your setup is meeting test requirements
Platform tests: completed within the Secureframe platform eg. Policy acceptance, Security training, etc…
Upload tests: tests that require a file upload as evidence
Test Panel (slide out) Overview
Click on any Test to launch a detailed page containing the Test Name, Description, along with an Overview with Remediation Guidance, Evidence, Controls the test relates to, and a Comments section.
Overview: Secureframe's recommendation for taking action on what is causing a test to fail by either correcting the underlying configurations or resolving other issues. There are detailed instructions on how to make changes to your systems in order to achieve a passing test. Make sure to check the Evidence tab on the test in order to determine which resources need to be remediated as a test will show as a failure even if only one resource is failing.
Evidence: The Evidence tab displays the results for your test, showing passing, failing, or supplemental items. Depending on the test type, you’ll either see detailed system results (e.g., devices, users, configurations) or uploaded documentation. You can also add Additional evidence to provide supporting files for your auditor.
Evidence Types: Not all files are supported in Secureframe. We recommend .jpg, .png, .pdf, .docx, .xlsx, .csv, and more.
AI Evidence Validation: This AI feature is designed to assist compliance teams in verifying the accuracy and relevance of audit documentation before assessments commence. By proactively identifying potential issues, this tool aims to reduce audit delays, minimize findings, and accelerate the path to compliance.
Tasks: create notifications and tasks in response to specific event triggers within the platform. This feature ensures that important tasks and events are seamlessly incorporated into your day-to-day workflow tools, allowing for efficient management and tracking. Applicable with Email, Slack, Jira, ClickUp, Linear, ServiceNow, Microsoft Teams, and Zendesk.
Additional Evidence: For platform and integration tests you have the ability to upload supplemental or multiple pieces of evidence to support a current test. Note: This is not the same as pass with upload.
Controls: Here you can view which Controls a particular test maps to for each framework.
Finding Noted: Users can now add comments or findings to evidence uploaded. Please note Evidence with findings noted will not pass the upload tests. IF tests exist with findings you will also see a banner on your tests page to filter those labeled "Tests with Findings"
Commenting on a Test
Each test includes a comment section that allows users to leave notes, updates, or questions related to the test.
Submit a Comment: Type your message in the text box and press Enter to submit.
Edit a Comment: After posting, click the pencil icon next to your comment to make changes.
Delete a Comment: Click the trash can icon to remove your comment.
Comments are helpful for internal collaboration or for documenting context that may assist with audits or follow-ups.
Test Page Filters & Columns
The Test page offers a variety of Columns and Filters to help provide the data you need when reviewing Tests at a high level.
Columns allow you to enable/disable data rows that are relevant to your test page.
Filters allow you to access a subset of data in the test page based on your chosen criteria.
Ex, Type is exactly = upload test, plus Owner contains "name of admin" to narrow down upload specific tests that are assigned to one of your admins.
Both Columns and Filter sets can be saved by using the Save View button, or they can be reset by using the Clear All Filters button.
Test Columns options:
Vendors - vendor associated with the test, typically from Integrations
Owners - owner assigned
Resource Category - Risk, Network, Personnel, etc..
Type - Upload, Platform, Integration test
Domain - Risk Management, Network Security, etc..
Function - Vendor Management, Training, Security Monitoring, etc..
Author - Secureframe test, Custom Test, etc..
Next Due Date
Test Interval - weekly, monthly, quarterly, yearly
Last Refreshed - date in which the test was last refreshed
Last Uploaded - indicates a date the last file (evidence) was uploaded
Tags
Test Filters options:
Tags
Status
Type
Domain
Function
Author
Owner
Next Due Date
Test Interval
Has Findings
User Authored
Vendors Frameworks
Last Uploaded (identify old evidence)
Platform & Integration Test (Evidence Filter) options:
Some test like Platform or Integration will provide multiple pieces of evidence given these test are designed to test against many assets. In some cases, the Evidence Tab will include additional filters to help you sort large lists.
Status
Framework
To access this section, head to Test Page, click on a Test, then the Evidence tab, then using the filter button to expose the filter options.
Uploading Evidence to a Test
When you're ready to submit documentation to satisfy a test requirement, Secureframe provides two options: uploading a file directly or providing a link to external documentation.
Manually uploading will be most common on Upload Test, since Platform Test and Integration Test typically provide evidence for you through those integrations.
How to Upload Evidence:
Go to the Evidence tab
Within the test details page, click the Evidence tab.Click the “+ Add” button
This will open the Upload Evidence modal.Choose your evidence type
File(s): Upload files directly from your device (max file size: 500MB).
Supported formats: PDF, PNG, JPG, DOCX, etc.
Drag-and-drop or click to browse for files.
Link: Paste a URL linking to your external evidence (e.g., a Dropbox or Google Drive doc).
Be sure to confirm the permissions are publicly viewable or available to your auditor.
Mark in-scope frameworks
By default, the test will suggest frameworks related to the test. You can adjust these using the tags provided.(Optional) Add a comment
Use the comment field to clarify context for your auditor or teammates.Click Save
Your evidence will be logged, and the system will try to validate active evidence if applicable.
Reactivating Archived Evidence for Past-Due Tests
When managing test evidence, the options for reactivating archived files now vary depending on whether the test is past due.
If the test is not past due:
You’ll see the option to Set Active, which reactivates the archived file and sets it as the current evidence.If the test is past due:
You’ll see Duplicate and set active instead. This opens the upload modal, where you can:Modify the framework scope
Add an optional comment
Mark the evidence as a finding if applicable
The original file does not need to be re-uploaded. A copy of the archived file is created automatically and marked as active. The test’s due date is also updated based on the new upload.
When to utilize Pass with upload
Pass with upload (manually uploading evidence) should be utilized when a failing test should be a passing test but is not currently recognized by the system. An example of this would be if you perform testing outside of your version control tool, thus causing our API to not pick up the testing performed. In this case, you will want to take an example of how testing is performed outside of the version control tool (a screenshot of SAST testing performed on a PR for example) and select Pass with upload.
Note: This screenshot only captures one example of this test being performed. Without the integration operating continuously you will lose the ability for the test to continuously monitor for compliance. Please ensure that during an audit window the respective tests are being performed.
How to mark Tests as Not-applicable:
You have the ability to mark tests as not-applicable. Once marked as not-applicable, the test will not appear as failing regardless of the integration. Be careful when marking these tests and always put a detailed justification that will be used to communicate to your team and auditors the reason the test is not needed. Additionally, Secureframe automatically marks certain tests deemed not applicable to your organization, however, you may enable them for use at any time.
Reviewing old evidence
Regularly reviewing old evidence ensures your organization remains compliant with regulatory standards.
To do this quickly and efficiently in Secureframe, we recommend using the Last Updated feature on the Test Page.
This can also be used in combination with other filters like "Type = upload" indicating those test with manual uploads.
Last Updated Column - In the test section, enable the Last Updated column, which indicates a date the last file (evidence) was uploaded.
Last Updated Filters - In the test section, enable the Last Updated filter, which will provide parameters for finding evidence "before, after, exactly, or in between" a specific date.
How to enable Non-applicable Tests
You have the ability to enable any non-applicable Test. Once a test is enabled it will automatically be mapped to the relevant Control(s).
How to use bulk actions on Tests
The Test Page offers a variety of options for Bulk Actions to make your work more efficient.
By selecting one or more of the Tests using the check box, a modal will appear in the bottom of the page.
This will allow you to use bulk actions on the following:
Property - ability to edit Owner, Tolerance Window, Test Interval, Edit Tags to selected tests
Comment - ability to add comments to selected tests
Tasks - ability to add Tasks to selected tests
Refresh - ability to bulk refresh selected tests
Disable - ability to bulk disable selected tests
Map Test to an existing Control
Additional tests can be associated with an existing control through the Frameworks or Controls page.
On the Frameworks or Controls page, click on a specific control.
Select the Testing tab.
Click Edit Mapping.
Search for the desired test.
Click Add.
Map Test to an existing Control from the Test page
Controls can also be mapped from the Test page from within the individual test.
In the Test page click on a specific test
Select the Controls tab
Click Edit Mapping
Search for the desired Control
Click add
"Select All" Test Page Features
Nearly every page has a Select All feature which, when selected, provides many additional helpful options for interacting with your data.
When using the Select All on the Test page, it provides a modal pop-up with many bulk feature actions described here.
Ongoing Monitoring vs. Point-in-Time
Secureframe distinguishes between ongoing monitoring activities (like vulnerability scans) and point-in-time activities (like penetration test reports) through test types.
Ongoing Monitoring (Platform / Integration Tests)
Definition: These tests connect directly to your systems through integrations (e.g., cloud providers, vulnerability scanners, HRIS).
How it works: Evidence is pulled automatically and refreshed on a recurring basis. Test status updates dynamically as new data comes in.
Examples:
Internal vulnerability scanning results
Cloud configuration checks
Identity provider integrations
Point-in-Time Evidence (Upload Tests)
Definition: These tests require you to upload documentation generated at a single moment in time.
How it works: You upload a file (e.g., penetration test report, policy acknowledgement, screenshot). Secureframe allows you to define a test interval (e.g., annual, quarterly). Once the interval passes, the system prompts you to upload updated evidence.
Examples:
Annual penetration testing report
Security awareness training completion records
Background check confirmations
Why This Matters
Ongoing monitoring provides continuous visibility and automated evidence collection.
Point-in-time evidence ensures you meet compliance requirements for activities that are performed less frequently but still required by your auditor.
Automatic Test Refresh Frequency
All tests refresh automatically once daily to ensure your evidence stays up to date and your compliance posture remains current.
Frequently Asked Questions (FAQ)
How can I easy see old evidence that needs to be updated?
In the test section, you can use the Columns feature to display the Last Updated field. This will allow you to search through ALL test and identify those test with older and possibly stale evidence.
In the test section, you can use the Filters to display the Last Updated field with parameters. This will allow you to review evidence before, after, exactly, or in between a specific date.
Where can I see historical data related to any test that shows changes and timestamps made in the test, regardless of whether it’s a platform, upload, or integration test?
Currently, Secureframe does not track or display this type of information.
However, we do currently have a feature request to introduce functionality that would allow users to view historical information for any test. This feature would include details such as changes made to the test, changes in ownership, timestamps for transitions (e.g., when the test transitioned to a failed state), and more.
What does it mean to be a Test Owner?
Test owners are responsible for the status of the test. They will have their test statuses summarized in the "Owned by me" email they receive from Secureframe.
I just added evidence to many of my tests, but they are still failing?
If you want to see your test percentage passing reflected right away, you will want to hit “Refresh all tests” in the top right of the page to ensure you are working with the most up to date information.
Otherwise, this information will be updated the following day as we perform daily refreshes.
Why is a Test marked as Not-applicable?
A test can be marked as not-applicable if you deem it irrelevant to your business or if it is a General Test given to all Secureframe customers. If a test is marked not-applicable by Secureframe, this means that it is N/A for the frameworks you purchased.
How do I remove a finding?
First, understand that user who added the finding disables the "finding" flag from the comment.
Once you have resolved the finding, you can now delete or archive the evidence with the finding, and re-upload it to the test.
We understand this is not the best workflow, and our team is looking to improve this by possibly adding an option to satisfy a finding, rather than archiving the evidence itself.
Can I bulk assign owners to tests?
Yes, you can bulk assign owners to multiple tests by following these steps:
Select the checkboxes to the left of the tests you want to update.
To select all tests in view, click the checkbox at the top of the column next to "Status".
In the bottom bar, click Select All to include all active tests before editing the owner.
In the options menu at the bottom, select Property -> Edit Owner.
I tried uploaded a .doc file type as evidence and I am getting an error?
We do not currently support .doc because this file type uses a binary format that is less efficient with newer tools.)
We recommend .jpg, .png, .pdf, .docx, .xlsx, .csv, and more.
I've re-enabled a test that was previously disabled, but it still says Not applicable (User)?
In this scenario, it seems the test is currently missing a control mapping, which is keeping it in the disabled state.
You can either map this to an applicable framework, or if you have a control that you would like this mapped to, you can always add a control mapping by opening the test, clicking the Controls tab, then Edit Mapping.
What happens when an upload test's due date passes? Will it automatically move to failing?
Yes. When the next due date on an upload test passes, Secureframe's daily evaluation job will automatically archive the existing evidence and move the test to a failing state. You do not need to manually refresh the test for this to happen.
Because this runs once daily, there may be a delay of up to 24 hours between when the due date passes and when the test status updates. If a test is still showing as passing the day after its due date, it should resolve on its own by the following day. If it does not, contact support.
Note: the system uses the Next Due Date (set by the test interval) to determine when evidence becomes stale, not the "Completed On" date on the evidence itself. If you notice a test archiving sooner than expected, check whether the "Completed On" date was manually set to an earlier date, as that can also trigger archiving.
How can you filter for tests that have ignored resources?
Yes, you can filter by Ignored on a single test, but you cannot filter by ignored at the main Test Page level.
Ex, you can search for GuardDuty enabled (AWS) test, click on the evidence tab, then utilize the Status filter to search for ignored results to find the specific ignored results for this test.
How does Secureframe differentiate between ongoing monitoring evidence (like Internal Vulnerability scanning) and point-in-time evidence (like Penetration Testing reports)?
Secureframe uses different test types to distinguish between ongoing monitoring and point-in-time activities:
Platform / Integration Tests (Ongoing Monitoring)
These are connected directly to your systems through integrations (e.g., vulnerability scanners, cloud platforms, HR systems). Evidence is pulled automatically and refreshed on a recurring basis. This ensures continuous monitoring, with the test status updating as new data comes in.Upload Tests (Point-in-Time Evidence)
These require you to upload documentation, such as penetration test reports, policy acknowledgements, or screenshots. Because these are point-in-time activities, Secureframe allows you to set a test interval (e.g., annual, quarterly). Once the interval is reached, the platform will prompt you to provide new evidence.
In short:
Ongoing monitoring evidence = integration-driven, continuous
Point-in-time evidence = upload-driven, interval-based