Skip to main content

Compliance

This Compliance page provides an overview of the compliance status of all your integrated cloud accounts. You can check how your company, and all your cloud accounts, are complying to any specific compliance standard.

Bitdefender GravityZone Cloud Security’s compliance features and reports are designed to help organizations with compliance-related security activities, in particular with assessing and helping maintain compliance to a given standard, but can neither fully replace internal efforts nor guarantee that an organization will pass a compliance audit. Bitdefender recommends working with an approved auditor to obtain any official compliance certifications.

You can access the page using the Compliance link in the menu on the left side of the console.

CSPM_GCP_compliance_412741_en.png

  1. Your Compliance Brief - this section provides compliance statistics for all your linked cloud accounts.

    By default, statistics are shown for the totality of compliance standards. If you select a specific standard from the menu below, only statistics related to that compliance standard will be shown.

    This section provides the following information:

    • Overall compliance - the percentage of passed compliance checks out of the total checks performed.

      Note

      Suspended compliance checks are not counted towards the total number of checks.

    • Pass - the total number of passed checks.

    • Fail - the total number of failed checks.

    • Suppressed - the total number of failed checks that have been suppressed.

  2. Compliance information - this section allows you to select a specific compliance standard to display in the Compliance Brief.

    When selecting a specific standard, additional information is displayed, and the standard is broken down into multiple sections. A description is provided for each section, along with individual scoring information.

    CSPM_GCP_compliance_specific_412741_en.png

  3. Filters - Filters give you the option to customize the list of rules currently displayed on the page based on the following criteria:

    • Account

      Filter rules by onboarded accounts. The cloud provider icon shows the account provider type.

    • Region

      Filter the region the resource belongs in.

    • Resource type

      Filter rules by resource type. The cloud provider icon shows the resource provider type.

    • Severity

      Filter rule's severity.

    • Scoring

      Filter rules by Pass or Fail score.

    • Status

      Filter rules by rule status: Pass, Risk Accepted, False Positive, Needs Review.

  4. Reports - Click on this tab to switch to the Reports section.

    GravityZone Cloud Security compliance reports show you what checks have been performed by GravityZone Cloud Security, grouped by a compliance standard's relevant control items, with how many of each have passed or failed. This reduces the time you spend creating reports by helping you export the compliance information you need.

Viewing compliance standard details

To view the details of a specific compliance standard, go to the Compliance page, and under the Compliance Standard tab, use the Compliance selector to specify the standard you want to view.

Each standard has a number of requirements, that are split into sections and subsections:

CSPM_compliance_view_standard_425536_en.png

To investigate the compliance of your cloud accounts with a specific standard, substandard, or specific rule, follow the steps below:

  1. Click on a section to display all the available standard subsections.

  2. Click on the subsection you want to investigate.

    All the rules associated to the subsection are displayed, along with scoring information:

  3. Click on a rule to display all your scan groups that have cloud accounts to which this rule is relevant:

    CSPM_compliance_view_standard_2_425536_en.png

  4. Click on a scan group to expand the information and display the scoring for each resource relevant to the rule.

    The Check details panel is displayed.

Managing compliance standards

To investigate the compliance of your cloud accounts with a specific standard, go to the Configuration > Compliance Standards page:

cloud_security_compliance_standards_en_425536.png

  1. Compliance standard search - You can use this field to search for a specific standard, by name.

  2. Provider - Use this selector to select one or more cloud account providers. Only compliance standards that apply to the selected providers are displayed.

  3. Create new compliance standard - Displays a sidebar where you can create a new custom compliance standard.

  4. The compliance standards grid - The grid provides you with a list of all existing standard and custom compliance standards currently available for your cloud accounts. The following columns are available:

    • Compliance standard - The name of the compliance standard.

      For custom compliance standards you can click the arrow next to the name to expand the line and display additional information:

      cloud_security_expand_custom_compliance_standard_en_425536.png

    • Cloud provider - The name of the provider to which the standard applies.

      If - is displayed, the standard applies to all cloud accounts.

    • Description - The description assigned to the compliance standard.

    • Enabled - Determines if the compliance standard is visible in the Cloud Security console.

  5. Edit compliance standard - Allows you to change the compliance name, description, and abbreviation.

  6. Manage compliance standard - Allows you to modify the compliance standard. You can add, remove, or change existing sections, controls, and rules.

Enable or disable a compliance standard

To enable or disable a compliance standard, follow the steps below:

  1. Go to the Compliance Standards page.

  2. Find the standards you want to enable or disable in the Compliance standards grid.

  3. Select the checkboxes next to their names under the Compliance Standard name.

    cloud_security_enable_disable_custom_compliance_standard_2_en_425536.png

  4. Set the selected standards to either enabled or disabled.

    cloud_security_enable_disable_custom_compliance_standard_en_425536.png

  5. Click Save.

The status is applied to all selected standards.

Create and manage a new custom compliance standard

To create a new custom compliance standard, follow these steps:

  1. Go to the Compliance Standards page.

  2. Click the Create new compliance standard button on the upper right side of the page.

    The Create New Compliance Standard sidepanel is displayed.

  3. Fill in the required information.

    cloud_security_create_custom_compliance_standard_en_425536.png

  4. Click Save.

    The standard is now displayed in the Compliance standards grid.

  5. Click the Manage compliance standard button.

    cloud_security_create_custom_compliance_standard_2_en_425536.png

    The Manage Compliance Standard window is displayed.

  6. Create the sections for the new standard:

    1. Click the Add button under Add a section.

      cloud_security_create_custom_compliance_standard_3_en_425536.png

      The Add New Section sidebar is displayed.

    2. Fill in the information for the sections you want to add to the standard.

      cloud_security_create_custom_compliance_standard_4_en_425536.png

    3. Click Add.

      The new sections are added to the standard.

  7. Create the controls for the new sections:

    1. Under one of the added sections and click the Add button under Add a control to start adding controls to it.

      cloud_security_create_custom_compliance_standard_5_en_425536.png

    2. Fill in the information for the controls you want to add to the section.

      cloud_security_create_custom_compliance_standard_6_en_425536.png

    3. Click Add.

      The new controls are added to the section.

  8. Enable the rules you want for the new controls:

    1. For one of the added controls, click the Map rules to control button to configure what rules you want to enable.

      cloud_security_create_custom_compliance_standard_7_en_425536.png

      The Manage control window is displayed.

    2. Select the toggle under the Mapped column to enable the rules you want.

      cloud_security_create_custom_compliance_standard_8_en_425536.png

    3. Click Manage Compliance Standard in the path displayed at the top of the page.

      cloud_security_create_custom_compliance_standard_8_en_425536.png

    4. Repeat steps i to iii for all the controls.

  9. Go back to the Compliance Standards page to view an overview of the complete standard.

Delete a custom compliance standard

To delete a custom compliance standard, follow the steps below:

  1. Go to the Compliance Standards page.

  2. Find the standard in the Compliance standards grid.

  3. Click the Edit compliance standard button.

    cloud_security_delete_custom_compliance_standard_en_425536.png

    The Edit Compliance Standard sidebar is displayed.

  4. Click the Delete button.

    cloud_security_delete_custom_compliance_standard_2_en_425536.png

  5. Click Delete to confirm the request.

Reports

GravityZone Cloud Security compliance reports show you what checks have been performed by GravityZone Cloud Security , grouped by a compliance standard's relevant control items, with how many of each have have been suppressed, passed or failed. This reduces the time you spend making reports by helping you export the compliance information you need.

You can use this report to communicate your compliance posture internally, or as part of the evidence, you send to an external auditor.

To generate a compliance report for your organization, follow these steps:

  1. Click Compliance on the side navigation bar.

  2. Click the Reports tab.

  3. Check the box next to the compliance standard for which you want a report.

  4. Check the box next to the accounts you want to include in your compliance report.

  5. Scroll down and click Download as button.

    • PDF - contains summarized content designed for management reporting.

    • XSLX - contains more detailed information.

  6. Select one of the available options:

  7. A dialog box appears indicating that your report is being generated.

  8. The report will be downloaded automatically.

Note

You can only generate a report for one compliance standard at a time.

Export data

To export the data currently displayed in the Compliance page, click the Export filtered checks button on the bottom of the Filters section.

The information is downloaded in a .CSV file.

Note

All the filters currently applied on the page are taken into consideration and only the customized information made available on the page is included in the file.

In this section: