Introducing GravityZone Compliance

Regulatory compliance goes beyond legal obligations; it is a strategic approach to managing cyber risks and demonstrating the value of cybersecurity investments. You can use these regulations to identify, assess, and mitigate risks. By leveraging compliance reports and frameworks, you can proactively identify and mitigate security risks, reducing the likelihood of data breaches. 

Compliance functionality is now available for the Early Access Program (EAP) for all customers and partners with active Risk Analytics licenses. Available compliance reports can help you prepare for compliance audits, identify compliance gaps, and determine areas where you should focus your efforts.

Instructions on how to join the Early Access program and initiate the configuration can be found in the GravityZone Support Center here. New customers, before joining EAP, will need to request the trial license for Bitdefender GravityZone here. 

Compliance Standards 

With the latest release, for all your endpoints you will have access from GravityZone console to the following compliance standards: 

• General Data Protection Regulation (GDPR): EU regulation that requires organizations to protect the personal data and privacy of EU citizens. It includes requirements for data processing, consent, data subject rights, and breach notification.  

• NIS 2 Directive: EU cybersecurity directive aimed at improving the security of networks and information systems across various sectors. It establishes measures for risk management, incident reporting, and cooperation between EU member states to enhance the overall resilience of critical infrastructure. 

• CIS Critical Security Controls (CISv8): This framework outlines a set of best practices for securing IT systems and data, focusing on critical actions to mitigate risks. 

• SOC 2: This framework helps organizations that handle sensitive customer data assess and improve their security practices, availability, processing integrity, confidentiality, and privacy controls. 

• ISO 27001: Framework for implementing an Information Security Management System (ISMS). It helps organizations manage and protect sensitive information, such as customer data, financial information, and intellectual property. 

No further action is required to immediately view findings (misconfigurations) and user behavior risks identified by the Risk Management module and mapped to compliance standards. 

Compliance Posture

The Compliance page is available for you directly from the GravityZone console in the Compliance tab in the Risk Management section.

You can choose the type of compliance standards or benchmarks you want to view to see the control details. After selecting a control in the compliance page, you can view Details, Risks, and Affected Assets.

You can generate PDF or XLSX report available in the top right section. Both reports include all the information available on the main dashboard in the Compliance section and can be used to track all modifications.

Mitigating Compliance Risks 

Risks and Affected Assets information is taken from the Risk Management module. By clicking View all findings you will be redirected to dedicate Risk Management section where you will see all assets with all the findings under the selected control risk.  

By clicking with specific risk, you will see only assets affected by this risk. In Risk Management you can take mitigation actions as we described here on our TechZone platform.  

Summary 

Bitdefender GravityZone new Compliance feature helps strengthen your organization's security posture by providing insights into key industry standards like GDPR, NIS Directive, CIS Controls, SOC 2, and ISO 27001, enabling proactive risk identification and mitigation. 

Learn more about cybersecurity compliance on our official webpage here.