Every compliance team knows the feeling: you run an automated scan against CIS Benchmarks or CISA SCuBA, and the results come back with a clean split between Pass, Fail, and a frustratingly large bucket of "Manual Review." Those Manual Review controls are not failures and they are not passes. They are unknowns. And in security, unknowns are where risk hides.
The Manual Review Problem
Manual Review controls exist because certain security configurations cannot be validated through API calls or registry checks alone. They require human judgment: reviewing a policy document, confirming an operational procedure, or verifying a physical control. For organizations managing hundreds or thousands of controls across multiple frameworks, this creates an enormous backlog.
The Verizon 2025 Data Breach Investigations Report found that 68% of breaches involved a human element. Many of those human elements map directly to controls that automated tools mark as Manual Review. The irony is clear: the controls most likely to be involved in a breach are the ones least likely to be assessed.
"The controls you cannot measure are the controls you cannot manage. And the controls you cannot manage are the ones adversaries exploit."
How Prediction Works
TATER's Predict the Unknown engine takes a different approach. Instead of leaving Manual Review controls as blank spots, it applies intelligence about default configurations. Every operating system, every Microsoft 365 tenant, every cloud service ships with default settings. Many compliance controls have a known default state: either the default configuration satisfies the requirement, or it does not.
For each control in the TATER catalog, a defaultCompliance field records whether the out-of-the-box setting meets the control requirement. When an organization enables the Predict the Unknown toggle, any control that resolves to Manual Review is re-evaluated against this baseline. If the default satisfies the requirement, the control becomes a "Predicted Pass." If the default falls short, it becomes a "Predicted Fail."
From Unknown to Actionable
The impact is immediate. Organizations enabling Predict the Unknown typically see their Manual Review bucket shrink from 35% to under 10%. That does not mean those controls are resolved. Predictions are clearly distinguished in the dashboard with teal (Predicted Pass) and pink (Predicted Fail) badges, and they appear in compliance bars with reduced opacity to signal their provisional nature.
The real value is prioritization. A Predicted Fail tells your team exactly where to focus manual validation effort. A Predicted Pass tells you that the default configuration likely satisfies the requirement, but you should verify it during your next audit cycle. Both are dramatically more useful than a blank "Manual Review" status.
Enabling Predictions
The feature is an organization-level toggle, available under Settings, then Features. OrgAdmin or higher roles can enable it, and the effect is immediate: all resolved controls are re-evaluated, dashboard KPIs update, and compliance bars reflect the new predicted status. The toggle can be disabled at any time to return to the standard Manual Review view.
How TATER Helps
TATER's Predict the Unknown engine transforms the largest blind spot in compliance programs into actionable intelligence. By leveraging default configuration baselines across Microsoft 365, Windows, and endpoint settings, TATER predicts outcomes for Manual Review controls, reduces your unknown surface by up to 70%, and gives your security team clear prioritization signals for manual validation efforts.
Try TATER
