The disclosure provides an approach for compliance management in a network. Embodiments include receiving, by a manager, a system health plugin. Embodiments include determining a configuration change for a network. Embodiments include receiving data indicating a current security posture of the network. Embodiments include determining an impact to the security posture of the network based on the configuration change. Embodiments include generating a notification relating to the impact to the security posture of the network. Embodiments include receiving a decision relating to the configuration change in response to the notification. Embodiments include performing an action based on the decision.