I think you are talking about the annual audits we have to pass for various compliance needs.
If so, there is no one solution for this and the specifics of the solutions will vary depending on which compliance you are needing to acheive.
You should start by going to the compliance standards body document first. LIke PCI, HIPAA or whatever and download the actual standard that is being used for your infrastructure.
These are organized in sections and you then need to determine which tools are needed to properly adhere to each section. Tools like Space or NSM help with the monitoring and reporting on configuration and activity. But you need to use outside tools like NMAP or scanners to determine if the port vulnerabilities are properly closed or managed. And you may need other systems to monitor change management.
All of it really starts with knowing those requirements by the certification body. Owning the tools are not enough they have to be configured and used in a way that meets the standard.