Skip to main content

Compliance

This page provides an overview of the compliance status of all your integrated cloud accounts. You can check how your company, and all your cloud accounts, are complying to any specific compliance standard.

Bitdefender GravityZone Cloud Security’s compliance features and reports are designed to help organizations with compliance-related security activities, in particular with assessing and helping maintain compliance to a given standard, but can neither fully replace internal efforts nor guarantee that an organization will pass a compliance audit. Bitdefender recommends working with an approved auditor to obtain any official compliance certifications.

You can access the page using the Compliance link in the menu on the left side of the console.

CSPM_GCP_compliance_412741_en.png
  1. Your Compliance Brief - this section provides compliance statistics for all your linked cloud accounts.

    By default, statistics are shown for the totality of compliance standards. If you select a specific standard from the menu below, only statistics related to that compliance standard will be shown.

    This section provides the following information:

    • Overall compliance - the percentage of passed compliance checks out of the total checks performed.

      Note

      Suspended compliance checks are not counted towards the total number of checks.

    • Pass - the total number of passed checks.

    • Fail - the total number of failed checks.

    • Suppressed - the total number of failed checks that have been suppressed.

  2. Compliance information - this section allows you to select a specific compliance standard to display in the Compliance Brief.

    When selecting a specific standard, additional information is displayed, and the standard is broken down into multiple sections. A description is provided for each section, along with individual scoring information.

    CSPM_GCP_compliance_specific_412741_en.png
  3. Filters - Filters give you the option to customize the list of rules currently displayed on the page based on the following criteria:

    • Account

      Filter rules by onboarded accounts. The cloud provider icon shows the account provider type.

    • Region

      Filter the region the resource belongs in.

    • Resource type

      Filter rules by resource type. The cloud provider icon shows the resource provider type.

    • Severity

      Filter rule's severity.

    • Scoring

      Filter rules by Pass or Fail score.

    • Status

      Filter rules by rule status: Pass, Risk Accepted, False Positive, Needs Review.

  4. Reports - Click on this tab to switch to the Reports section.

    GravityZone Cloud Security compliance reports show you what checks have been performed by GravityZone Cloud Security, grouped by a compliance standard's relevant control items, with how many of each have passed or failed. This reduces the time you spend creating reports by helping you export the compliance information you need.

Investigating standard compliance

To investigate the compliance of your cloud accounts with a specific standard, first select a standard from the list under the Compliance Standards section:

CSPM_compliance_view_standard_3_425536_en.png

Each standard has a number of requirements, that are split into sections and subsections:

CSPM_compliance_view_standard_425536_en.png

To investigate the compliance of your cloud accounts with a specific standard, substandard, or specific rule, follow the steps below:

  1. Click on a section to display all the available standard subsections.

  2. Click on the subsection you want to investigate.

    All the rules associated to the subsection are displayed, along with scoring information:

    CSPM_compliance_view_standard_1_425536_en.png
  3. Click on a rule to display all your scan groups that have cloud accounts to which this rule is relevant:

    CSPM_compliance_view_standard_2_425536_en.png
  4. Click on a scan group to expand the information and display the scoring for each resource relevant to the rule:

    CSPM_compliance_view_standard_4_425536_en.png
  5. Click on the Open link under the Status column to display additional information on why a specific check has failed.

    The Check details panel is displayed.