The Compliance Check are "scanning" the saved config in your directory - so how you can not execute a command.
But for your example i could help you. Create a compliance rule which alert if the running contains the string "ip ssh authentication-retries" because otherwise your default values matches:
here is the link to cisco.com: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfssh.html
kind regards,
flo