Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

image-20240403-210656.png

What are compliance standards? 🤔

In simple terms, compliance standards for IT refer to a set of rules, regulations, and guidelines that organizations in the field of information technology (IT) must follow to ensure they meet specific security, privacy, and operational requirements. These standards are often established by regulatory bodies, industry organizations, or government agencies to promote best practices and protect sensitive information. Adhering to compliance standards helps organizations mitigate risks, enhance cybersecurity, and maintain the trust of customers and stakeholders.

What Compliance Standards Are Supported? 🤔

  • CIS

  • CYBER ESSENTIALS

  • ESSENTIAL EIGHT

  • GDPR

  • GPG 13

  • HIPAA

  • ISO 27002

  • NIST 800 171

  • NIST 800 53

  • NIST CSF

  • PCI-DSS

https://cybercns.atlassian.net/wiki/x/twB4g


Company Compliance Standards - Table of Contents


Company Compliance Standards - Overview

This is a Company view of how assets meet or fail compliance requirements and configuration checks.

image-20240205-200304.png

You can switch between different Compliance Types, Platforms, and Maturity Levels to meet your needs and clients' compliance requirements.

image-20240205-200441.png

You can tap on any tiles listed under Compliant, Non-Compliant, Manual Compliant, Manual Non-Compliant, Company, or Asset to see the details in the right-side Compliant pod (2).

image-20240130-164550.png

Company Compliance Standards - Details

Filtering Options

Compliance Type

Compliance

Company Types

Geospecifics

CIS

Technology companies, cybersecurity firms, financial institutions.

Company

Cyber Essentials

Software development companies, IT service providers, cloud computing services.

UK/EU

Essential Eight

Government agencies, critical infrastructure organizations, defense contractors.

Australia

GDPR IV

E-commerce platforms, social media companies, online service providers.

UK/EU

GPG 13

Government agencies, military organizations, public sector entities.

UK (with a focus on UK government entities)

HIPAA

Hospitals, healthcare providers, health insurance companies.

U.S. (Healthcare Industry Focus)

ISO 27002

Banks and financial institutions, technology companies, data centers.

Company

NIST CSF

Government agencies, critical infrastructure organizations, cybersecurity service providers.

Company (U.S. Government Focus)

NIST 800-53

Federal agencies, defense contractors, IT service providers.

Company (U.S. Government Focus)

NIST 800-171

Defense contractors, subcontractors working with the Department of Defense, government suppliers.

Company (U.S. Government Focus)

PCI DSS

Credit card companies, banks, online payment processors.

Company (Finance Industry Focus)

Platform

Select the platform based on predefined operating system groups, which include Azure, Linux, MAC, Windows Server, Windows Desktop, and more.

Microsoft Windows

Linux

Darwin

Windows Server

UBUNTU 22, 20, 18, 16, 14

MAC 13

Windows Desktop

SUSE 15, 12, 11

MAC 12

Azure Server

RHEL 9, 8, 7, 6

MAC 11

Windows Server 2012 R2

DEBIAN 11, 10, 9, 8, 7

MAC 10

Maturity Level

Where applicable, choose the maturity level to filter the compliance type further. Not all compliance-type options will have a maturity level to select from.

For example, when using the CIS compliance type, you can select just IG1 vs seeing IG1, IG2, and IG3.

image-20240130-165630.png

After selecting your Compliance Type, Platform, and Maturity Level filtering options, your data will be displayed in the Compliant pod.

image-20240130-165739.png

Column Label

General Use / Description

Section

Displays specific section details from the selected Compliance Type.

Compliant

Displays the count of compliant controls by Compliance ID for the selected Compliance Type.

Non Compliant

Displays the count of non compliant controls by Compliance ID for the selected Compliance Type.

Manual Compliant

Displays the count of manual compliant controls by Compliance ID for the selected Compliance Type.

Manual Non-Compliant

Displays the count of manual non-compliant controls by Compliance ID for the selected Compliance Type.

Company

Displays the count of Companies, or Company, which is affected.

Asset

Displays the count of Assets, or Asset, which is affected.

Manual Compliant / Non-Compliant must be verified manually and generally has some type of uploaded evidence.

Here, you will see the details of the selected line.

image-20240130-165845.png

See the table below for a listing of the available data columns.

Column Label

General Use / Description

Compliance ID

Displays the ConnectSecure issued ID to reference a specific compliance type check. Tap to see the Compliance Check Details.

image-20240205-200529.png

Sub Section

Displays the name of the sub-section from the selected Compliance Type

Description

Displays the detailed description about the specific Compliance ID.

Assets

Displays the count of Assets affected by the selected Compliance ID. Tap the count to see the list of assets.

image-20240205-200639.png


Company Compliance Standards - Action Toolbar Overview

The sidebar actions include Remediate Non-Compliant, Jobs, and Alerts.

image-20240403-210757.png

Company Compliance Standards - Side Navigation Toolbar Actions

Jobs

Tap to view the Scan Job(s) for the selected company.

image-20240403-211446.png

Alerts

Tap to view the System Events, timeline style alerts for the selected company.

image-20240403-211503.png


Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

image-20240206-144508.png
  • No labels