Skip to main content

Compliance

This page provides an overview of the compliance status of all your integrated cloud accounts. You can check how your company, and all your cloud accounts, are complying to any specific compliance standard.

Bitdefender GravityZone Cloud Security’s compliance features and reports are designed to help organizations with compliance-related security activities, in particular with assessing and helping maintain compliance to a given standard, but can neither fully replace internal efforts nor guarantee that an organization will pass a compliance audit. Bitdefender recommends working with an approved auditor to obtain any official compliance certifications.

You can access the page using the Compliance link in the menu on the left side of the console.

CSPM_GCP_compliance_412741_en.png

  1. Your Compliance Brief - this section provides compliance statistics for all your linked cloud accounts.

    By default, statistics are shown for the totality of compliance standards. If you select a specific standard from the menu below, only statistics related to that compliance standard will be shown.

    This section provides the following information:

    • Overall compliance - the percentage of passed compliance checks out of the total checks performed.

      Note

      Suspended compliance checks are not counted towards the total number of checks.

    • Pass - the total number of passed checks.

    • Fail - the total number of failed checks.

    • Suppressed - the total number of failed checks that have been suppressed.

  2. Compliance information - this section allows you to select a specific compliance standard to display in the Compliance Brief.

    When selecting a specific standard, additional information is displayed, and the standard is broken down into multiple sections. A description is provided for each section, along with individual scoring information.

    CSPM_GCP_compliance_specific_412741_en.png

  3. Filters - Filters give you the option to customize the list of rules currently displayed on the page based on the following criteria:

    • Account

      Filter rules by onboarded accounts. The cloud provider icon shows the account provider type.

    • Region

      Filter the region the resource belongs in.

    • Resource type

      Filter rules by resource type. The cloud provider icon shows the resource provider type.

    • Severity

      Filter rule's severity.

    • Scoring

      Filter rules by Pass or Fail score.

    • Status

      Filter rules by rule status: Pass, Risk Accepted, False Positive, Needs Review.

  4. Reports - Click on this tab to switch to the Reports section.

    GravityZone Cloud Security compliance reports show you what checks have been performed by GravityZone Cloud Security, grouped by a compliance standard's relevant control items, with how many of each have passed or failed. This reduces the time you spend creating reports by helping you export the compliance information you need.

Investigating standard compliance

To investigate the compliance of your cloud accounts with a specific standard, first select a standard from the list under the Compliance Standards section:

CSPM_compliance_view_standard_3_425536_en.png

Each standard has a number of requirements, that are split into sections and subsections:

CSPM_compliance_view_standard_425536_en.png

To investigate the compliance of your cloud accounts with a specific standard, substandard, or specific rule, follow the steps below:

  1. Click on a section to display all the available standard subsections.

  2. Click on the subsection you want to investigate.

    All the rules associated to the subsection are displayed, along with scoring information:

  3. Click on a rule to display all your scan groups that have cloud accounts to which this rule is relevant:

    CSPM_compliance_view_standard_2_425536_en.png

  4. Click on a scan group to expand the information and display the scoring for each resource relevant to the rule.

    The Check details panel is displayed.

Reports

GravityZone Cloud Security compliance reports show you what checks have been performed by GravityZone Cloud Security , grouped by a compliance standard's relevant control items, with how many of each have have been suppressed, passed or failed. This reduces the time you spend making reports by helping you export the compliance information you need.

You can use this report to communicate your compliance posture internally, or as part of the evidence, you send to an external auditor.

To generate a compliance report for your organization, follow these steps:

  1. Click Compliance on the side navigation bar.

  2. Click the Reports tab.

  3. Check the box next to the compliance standard for which you want a report.

  4. Check the box next to the accounts you want to include in your compliance report.

  5. Scroll down and click Download as button.

    • PDF - contains summarized content designed for management reporting.

    • XSLX - contains more detailed information.

  6. Select one of the available options:

  7. A dialog box appears indicating that your report is being generated.

  8. The report will be downloaded automatically.

Note

You can only generate a report for one compliance standard at a time.

Export data

To export the data currently displayed in the Compliance page, click the Export filtered checks button on the bottom of the Filters section.

The information is downloaded in a .CSV file.

Note

All the filters currently applied on the page are taken into consideration and only the customized information made available on the page is included in the file.

In this section: