...
CIS
CYBER ESSENTIALS
ESSENTIAL EIGHT
GDPR
GPG 13
HIPAA
ISO 27002
NIST 800 171
NIST 800 53
NIST CSF
PCI-DSS
https://cybercns.atlassian.net/wiki/x/twB4g
...
Company Compliance Standards - Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Company Compliance Standards - Overview
This is a Company view of how assets meet or fail compliance requirements and configuration checks.
...
Passes will be indicated by the green tile counts.
Fails will be indicated by the red tile counts.
...
You can switch between different Compliance Types, Platforms, and Maturity Levels to meet your needs and clients' compliance requirements.
...
You can tap on any tiles listed under Compliant, Non-Compliant, Manual Compliant, Manual Non-Compliant, Company, or Asset to see the details in the right-side Compliant pod (2).
...
Company Compliance Standards - Details
Filtering Options
Compliance Type
Compliance | Company Types | Geospecifics |
CIS | Technology companies, cybersecurity firms, financial institutions. | Company |
Cyber Essentials | Software development companies, IT service providers, cloud computing services. | UK/EU |
Essential Eight | Government agencies, critical infrastructure organizations, defense contractors. | Australia |
GDPR IV | E-commerce platforms, social media companies, online service providers. | UK/EU |
GPG 13 | Government agencies, military organizations, public sector entities. | UK (with a focus on UK government entities) |
HIPAA | Hospitals, healthcare providers, health insurance companies. | U.S. (Healthcare Industry Focus) |
ISO 27002 | Banks and financial institutions, technology companies, data centers. | Company |
NIST CSF | Government agencies, critical infrastructure organizations, cybersecurity service providers. | Company (U.S. Government Focus) |
NIST 800-53 | Federal agencies, defense contractors, IT service providers. | Company (U.S. Government Focus) |
NIST 800-171 | Defense contractors, subcontractors working with the Department of Defense, government suppliers. | Company (U.S. Government Focus) |
PCI DSS | Credit card companies, banks, online payment processors. | Company (Finance Industry Focus) |
Platform
Select the platform based on predefined operating system groups, which include Azure, Linux, MAC, Windows Server, Windows Desktop, and more.
Microsoft Windows | Linux | Darwin |
---|---|---|
Windows Server | UBUNTU 22, 20, 18, 16, 14 | MAC 13 |
Windows Desktop | SUSE 15, 12, 11 | MAC 12 |
Azure Server | RHEL 9, 8, 7, 6 | MAC 11 |
Windows Server 2012 R2 | DEBIAN 11, 10, 9, 8, 7 | MAC 10 |
Maturity Level
Where applicable, choose the maturity level to filter the compliance type further. Not all compliance-type options will have a maturity level to select from.
...
Column Label | General Use / Description |
---|---|
Compliance ID | Displays the ConnectSecure issued ID to reference a specific compliance type check. Tap to see the Compliance Check Details. |
Sub Section | Displays the name of the sub-section from the selected Compliance Type |
Description | Displays the detailed description about of the specific Compliance ID. |
Assets | Displays the count of Assets affected by the selected Compliance ID. Tap the count to see the list of assets. |
...
The sidebar actions include Upload Evidence, Jobs, and Alerts.
...
Company Compliance Standards- Side Navigation Toolbar Actions
Upload Evidence
First, select a record from any Manual Non-Compliant checks and tap the Upload Evidence button from the top of the toolbar to provide comments, attachments, and additional details to act as ‘evidence' in a compliance check.
...
You can include Comments, Upload File(s), select the Action Type, Implementation Status, Eevident Quality, Teset TYpe, and Assessment Justification sections where applicable.
...
Info |
---|
The file formats supported include jpg, jpeg, png, bmp, txt, log, csv, pdf, doc, docx, xls, and xlsx with a maximum file size of 50 MB. |
...
Remediation Options
GPO and WMI Filters
Tip |
---|
ConnectSecure offers remediation of the CIS controls by tapping on the GPO and WMI Filters download button. |
...
Note |
---|
Compliance Remediation Script DisclaimerThis PowerShell script is intended for the purpose of automating compliance remediation tasks within your organization's IT infrastructure. By executing this script, you acknowledge and agree to the following:
By proceeding with the execution of this script, you confirm that you have read and understood this disclaimer, and you accept full responsibility for its use. If you do not agree with these terms or are unsure about the script's effects, do not proceed with its execution. |
You must tap the ‘I Agree’ on the Compliance Remediation Script Disclaimer, and then you will get a ZIP download to your default downloads location.
...
The folder should contain a separate folder for MAC and Windows-based objects.
...
Open Group Policy Management on the Domain Controller.
Right-click on the Domain and link both the GPOs to the domain.
...
If you would like to apply the GPO to specific users and computers, select the object type and click on Object types -> Check Computers. In the enter the object name to select, select the computer name. In users, add only required users.
...
If you would like to apply this GPO to only a specific machine's OS, you should also apply the WMI Filter in that Group policy object.
...
Info |
---|
Follow the same for both User and Computer GPO’s. |
Go to the Domain joined machine and execute gpupdate /Force in PowerShell as Administrator.
To check which group policy was applied, run gpresult /r
Install a ConnectSecure agent in the machine with the GPO applied and run a scan
Check the results; the policies will be remediated.
...
Company Compliance Standards - Action Toolbar Overview
The sidebar actions include Remediate Non-Compliant, Jobs, and Alerts.
...
Company Compliance Standards - Side Navigation Toolbar Actions
Jobs
Tap to view the Scan Job(s) for the selected company.
...
Alerts
Tap to view the System Events, timeline style alerts for the selected company.
...
...
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
...