Systems and methods for automated governance, risk, and compliance

What is claimed is: 1. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions, that when executed by one or more processors, cause the processors to: retrieve, from one or more application programming interfaces (APIs), a set of Secure Configuration Assessment (SCA) data, the SCA data comprising configuration test results for a set of configuration tests evaluated against one or more configuration items (CIs); normalize and store, in the machine-readable medium, the set of SCA data as normalized SCA data, such that SCA data provided from different SCA providers is stored in a common computer-readable format; retrieve, via the one or more APIs, generate, via a graphical user interface, or both, one or more policies made up of a subset of the set of configuration tests; determine compliance with the one or more policies based upon the configuration test results; determine a residual risk score for the subset of the set of configuration tests, by: identifying, by accessing data from a data store, a plurality of services associated with a CI that is in non-compliance with a policy statement; identifying a highest criticality of the plurality of services; and setting the residual risk score based upon the highest criticality; and present, on an electronic display, the normalized SCA data and a residual score indication based upon the residual risk score in a configuration compliance dashboard configured to provide an indication of the determined compliance to the set of compliance tests by the CIs. 2. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: calculate an overall risk score for non-compliance by the set of compliance tests to the policy statement based at least in part upon the residual risk score. 3. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: calculate the overall risk score based at least in part upon the residual risk score and an inherent score for the set of compliance tests. 4. The machine-readable medium of claim 3 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: calculate the overall risk score by combining the residual risk score and the inherent score. 5. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: calculate the overall risk score by: identifying a percentage of non-compliance to the policy statement; maximizing the residual risk score and an inherent score for the set of compliance tests into a maximized score; and weighing the maximized residual risk score by a percentage of non-compliance to the policy statement. 6. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: calculate the overall risk score, by: retrieving an active risk score calculator from a set of available risk score calculators, each of the available risk score calculators comprising a machine-readable script instructing the processors how to calculate the overall risk; and executing a script of the active risk score calculator to calculate the overall risk score. 7. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: receive, via a graphical user interface (GUI) an indication of an order of magnitude; and normalize and store the set of SCA data as the normalized SCA data, by normalizing a criticality or priority attribute of the SCA data to the order of magnitude. 8. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: enable grouping, via a graphical user interface, of a subset of the configuration test results. 9. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: enable deferral of one or more of the configuration test results, via a configuration test result group, for a duration of time, such that the one or more of the configuration test results is not indicated as non-compliant in a subsequent rendering of the configuration compliance dashboard. 10. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: retrieve a set of authoritative polices, via the one or more APIs; and map the set of authoritative policies to relevant subsets of the set of compliance tests. 11. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions, that when executed by one or more processors, cause the processors to: retrieve compliance data for a configuration item (CI), via a Secure Configuration Assessment (SCA) source application programming interface (API); retrieve an authoritative policy from an authoritative source API; access a mapping between a subset of the compliance data and the authoritative policy; identify a compliance status of the CI to the authoritative policy, based upon the subset of the compliance data; when the compliance status of the CI indicates non-compliance to the authoritative policy, determine a residual risk score for the CI, by: identifying, by accessing data from a data store, a plurality of services associated with the CI; identifying a highest criticality of the plurality of services; and setting the residual risk score based upon the highest criticality; and presenting, via a graphical user interface (GUI) an indication of the compliance status and the residual risk score. 12. The machine-readable medium of claim 11 , wherein the compliance data comprises a set of configuration tests and configuration test results indicative of whether the CI provided expected results when queried based upon the set of configuration tests; the machine-readable medium comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to present the compliance status of the CI to the authoritative policy, based upon the configuration test results. 13. The machine-readable medium of claim 11 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: generate a report indicating whether the CI is in compliance with the authoritative policy by: accessing a plurality of configuration test results mapped to a plurality of policy statements of the authoritative policy; determining whether at least one of the configuration test results indicates non-compliance with its corresponding policy statements; and indicating that the CI is non-compliant with the authoritative policy when at least one of the configuration test results indicates non-compliance with its corresponding policy statements. 14. The machine-readable medium of claim 11 , comprising machine-readable instructions, that when executed by the one or more processors, cause the processors to: present a mapping interface, enabling a user to provide user inputs to generate the mapping. 15. The machine-readable medium of claim 11 , comprising machine-readable instructions, that when executed by the one or more processors, cause