Systems and methods discussed herein relate to maintaining regulatory compliance by scanning a plurality of systems of an IT infrastructure for security vulnerabilities, detecting vulnerabilities, and generating list of remediation tasks for the detected vulnerabilities. The lists generated are prioritized as to enable compliance of the various systems to internal policies and government regulations, and the system is dynamically updated. Via these systems and methods, it may be determined whether a system will be in compliance by a particular date and/or if remediation lists are regenerated with different priorities and/or group assignments.