The real compliance rate is much closer to 0.00%
Compliance requires network scans for all open and previously used protocols. Modern machines all have IPv6 enabled by default so the scans must test for IPv6 yet no scanning vendor I know of does that properly. If the system was ever hooked to a Novel lan or old IBM mainframe, you need to test that as well just to verify that old stuff is all off or come up with a compensating control saying you are very sure the system can't be hacked by something like a Banyan VINES Christmas tree packet.
Biting the hand that feeds IT
