Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Access Governance

Findings

Understand what a finding is, how to navigate the findings view, and how to act on severity-ranked governance issues.

Last updated: June 2026

Who this is for

Admins, approvers, and auditors who need to review, prioritize, and act on governance issues identified by Nuxari.

Before you start

At least one control pack evaluation must have run, or a connector must have completed an access comparison. If you have not set up a connector yet, see theStart Guide.

What a finding is

A finding is a documented deviation from your expected access or policy state. Nuxari produces findings when it detects a gap between what was approved and what actually exists, whether that is an elevated role, an inactive license, a stale credential, or a configuration out of alignment with a control. Each finding includes a severity level, the affected identity or resource, the source system, and a link to the relevant control.

Severity levels

  • ·Critical: Immediate risk, unauthorized privilege, active account exposure, or critical control failure. Requires prompt action.
  • ·High: Significant deviation from policy. Should be reviewed and remediated within your organization's defined SLA.
  • ·Medium: Policy gap that does not present immediate risk but should be addressed in your next review cycle.
  • ·Low: Minor deviation or informational flag. Low operational impact but should be tracked.
  • ·Informational: No action required, but the finding is recorded for audit completeness.

How to navigate the findings view

  1. 1In Nuxari, go to Governance > Findings.
  2. 2Use the filter bar to narrow by severity, finding type, connector, date range, or status (open / in remediation / closed).
  3. 3The list shows each finding with its severity badge, the affected identity or resource, the source system, and the time it was first detected.
  4. 4Click any finding to open the detail panel.

What the finding detail shows

Inside a finding you will see:

  • ·Observed state, what Nuxari actually found in the connected system.
  • ·Approved state, what access or configuration was expected based on your records.
  • ·Severity and control mapping, which governance control this finding relates to.
  • ·Detection time, when the deviation was first identified.
  • ·Recommended action, the suggested next step (remediate, accept, or update policy).

How to act on a finding

From the finding detail, you have three options:

  • ·Create Remediation Plan: Routes the finding through an approval-gated workflow. The finding status changes to In Remediation and is closed after the corrective action executes and evidence is captured.
  • ·Accept as Exception: Marks the finding as a known and accepted deviation. The reason is recorded in the audit log. The finding remains visible but does not count against open remediation items.
  • ·Update Approved State: If the actual state is now the correct policy (for example, a legitimate role change that bypassed the standard workflow), update your baseline so future evaluations do not re-open the finding.
Findings are reopened automatically if a re-evaluation detects the same deviation after a remediation marked it closed. This canary behavior ensures that fixes are real, not just acknowledged.

Finding lifecycle

  • ·Open, deviation detected, no action yet taken.
  • ·In Remediation, a remediation plan has been created and is pending approval or execution.
  • ·Accepted, marked as a known exception with a recorded reason.
  • ·Closed, remediation executed, re-evaluation confirmed the deviation no longer exists.

Related docs

Access Drift

Understand the gap between approved and actual access

Remediation

Create and close remediation plans for findings

Control Packs

Run evaluations that produce severity-ranked findings

Evidence

Review and export the evidence attached to each finding

Was this page helpful?