Systems and methods for automated governance, risk, and compliance

What is claimed is: 1. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions, that when executed by one or more processors, cause the one or more processors to: retrieve, from one or more application programming interfaces (APIs), configuration test results for one or more sets of configuration tests evaluated against one or more configuration items (CIs), wherein each of the one or more sets of configuration tests corresponds to one or more authoritative policies; normalize the configuration test results such that configuration test result data from different sources is stored in a common computer-readable format in the machine-readable medium; determine compliance data for the one or more CIs with the one or more authoritative policies based on the configuration test results; identify a set of CIs of interest based upon the compliance data, wherein each CI in the set of CIs of interest is in non-compliance with at least one of the one or more authoritative policies; determine a respective residual risk score for a particular CI in the set of CIs of interest by: identifying, by accessing data from a data store, an indication of a plurality of services associated with the particular CI; identifying a highest criticality of the plurality of services; and setting the respective residual risk score for the particular CI based upon the highest criticality; and present, in a configuration compliance dashboard rendered on an electronic display, a residual score indication based upon the respective residual risk score associated with each CI of the set of CIs of interest. 2. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: calculate an overall risk score for non-compliance by the one or more sets of configuration tests to a policy statement of the one or more authoritative policies based at least in part upon the respective residual risk score for one or more CIs of the set of CIs of interest. 3. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: calculate the overall risk score based at least in part upon the respective residual risk score for one or more CIs of the set of CIs of interest and an inherent score for at least one of the one or more sets of configuration tests, the inherent score comprising a score associated with non-compliance to the at least one of the one or more sets of configuration tests, as indicated by the configuration test results. 4. The machine-readable medium of claim 3 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: for each CI of the set of CIs of interest, calculate the overall risk score by combining the respective residual risk score and the inherent score. 5. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: calculate the overall risk score by: identifying a percentage of non-compliance to the policy statement; maximizing the respective residual risk score and an inherent score for the one or more sets of configuration tests into a maximized score; and weighing the maximized score by the percentage of non-compliance to the policy statement. 6. The machine-readable medium of claim 2 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: calculate the overall risk score, by: retrieving an active risk score calculator from a set of available risk score calculators, each of the set of available risk score calculators comprising a respective machine-readable script instructing the one or more processors how to calculate the overall risk score; and executing the respective machine-readable script of the active risk score calculator to calculate the overall risk score. 7. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: enable grouping, via a graphical user interface, of a subset of the configuration test results. 8. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: enable deferral of one or more of the configuration test results, via a configuration test result group, for a duration of time, such that the one or more of the configuration test results is not indicated as non-compliant in a subsequent rendering of the configuration compliance dashboard. 9. The machine-readable medium of claim 1 , comprising machine-readable instructions, that when executed by the one or more processors, cause the one or more processors to: retrieve the one or more authoritative polices, via the one or more APIs; and map the one or more authoritative policies to relevant subsets of the one or more sets of configuration tests. 10. A computer-implemented method, comprising: retrieving, from one or more application programming interfaces (APIs), configuration test results for a set of configuration tests evaluated against one or more configuration items (CIs), wherein each configuration test in the set of configuration tests is associated with one or more authoritative policies; normalizing the configuration test results such that configuration test result data from different sources is stored in a common computer-readable format in a machine-readable medium; determining compliance data for the one or more CIs with the one or more authorative policies based on the configuration test results; identifying a set of CIs of interest based upon the compliance data, wherein each CI in the set of CIs of interest is in non-compliance with at least one of the one or more authoritative policies; determining a respective residual risk score for a particular CI in the set of CIs of interest, by: identifying, by accessing data from a data store, an indication of a plurality of services associated with the particular CI; identifying a highest criticality of the plurality of services; and setting the respective residual risk score for the particular CI based upon the highest criticality; and presenting, in a configuration compliance dashboard rendered on an electronic display, a residual score indication based upon the respective residual risk score associated with each CI of the set of CIs of interest. 11. The computer-implemented method of claim 10 , comprising: calculating an overall risk score for non-compliance by the set of configuration tests to a policy statement of the one or more authoritative policies based at least in part upon the respective residual risk score for one or more CIs of the set of CIs of interest. 12. The computer-implemented method of claim 11 , comprising: calculating the overall risk score based at least in part upon the respective residual risk score for each of the CIs in the set of CIs of interest and an inherent score for the set of configuration tests, the inherent score comprising a score associated with non-compliance to the set of configuration tests, as indicated by the configuration test results. 13. The computer-implemented method of claim 12 , comprising: calculating the overall risk score by combining the respective residual risk score for each of the CIs of the set of CIs of interest and the inhe