I am currently conducting Best Practice assessments for the Email gateway team, endpoint security, web application firewall, and web gateway. After forwarding the assessment reports to the respective teams, they have confirmed that they have implemented the recommended mitigations. However, I'm facing a challenge in tracking the closure of these findings. The issue is that when I conduct future best practice assessments, I often discover new findings, and only a few from the previous assessment have been addressed.
I'm seeking a solution, idea, or concept to effectively track the closure of my findings to ensure that recommended actions are implemented and that progress is made over time.