Global Compliance Standards
What are compliance standards?
In simple terms, IT compliance standards refer to a set of rules, regulations, and guidelines that information technology (IT) organizations must follow to ensure they meet specific security, privacy, and operational requirements. Regulatory bodies, industry organizations, or government agencies often establish these standards to promote best practices and protect sensitive information. Adhering to compliance standards helps organizations mitigate risks, enhance cybersecurity, and maintain the trust of customers and stakeholders.
What Compliance Standards Are Supported?
CIS
CYBER ESSENTIALS
ESSENTIAL EIGHT
GDPR
GPG 13
HIPAA
ISO 27002
NIST 800 171
NIST 800 53
NIST CSF
PCI-DSS
Global Compliance Standards - Table of Contents
- 1 Global Compliance Standards - Overview
- 2 GPO and WMI Filters for Compliance Remediation
- 3 Compliance Remediation Script Disclaimer
- 4 Global Compliance Standards - Details
- 4.1 Filtering Options
- 4.1.1 Compliance Type
- 4.1.2 Platform
- 4.1.3 Maturity Level
- 4.1 Filtering Options
- 5 Global Compliance Standards - Side Navigation Toolbar Overview
Global Compliance Standards - Overview
This is a global view of how assets meet or fail compliance requirements and configuration checks.
You can switch between different Compliance Types, Platforms, and Maturity Levels to meet your needs and clients' compliance requirements.
You can tap on any tiles listed under Compliant, Non-Compliant, Manual Compliant, Manual Non-Compliant, Company, or Asset to see the details in the right-side Compliant pod (2).
GPO and WMI Filters for Compliance Remediation
ConnectSecure provides the GPO and WMI Filters needed for CIS compliance.
Compliance Remediation Script Disclaimer
This PowerShell script is intended for the purpose of automating compliance remediation tasks within your organization's IT infrastructure. By executing this script, you acknowledge and agree to the following:
The purpose of this script is to bring systems or configurations into compliance with established organizational policies and standards.
While every effort has been made to ensure the script's accuracy and safety, it is provided "as is" without any warranties or guarantees of any kind.
The author(s) of this script shall not be held liable for any unintended consequences, data loss, or disruptions that may occur as a result of running this script.
You should thoroughly review and understand the functionality of this script and its potential impact on your systems and network environment before executing it.
You are responsible for taking appropriate precautions, including creating backups and verifying the script's behavior in a non-production environment before deploying it in a production setting.
This script may make changes to system settings, configurations, or data. Ensure you have proper authorization and adhere to your organization's change control processes and policies when using this script.
It is advisable to consult with your organization's compliance and security teams, as well as seek appropriate approvals, before running this script in a production environment.
By proceeding with the execution of this script, you confirm that you have read and understood this disclaimer, and you accept full responsibility for its use. If you do not agree with these terms or are unsure about the script's effects, do not proceed with its execution.
You must tap the ‘I Agree’ on the Compliance Remediation Script Disclaimer, and then you will get a ZIP download to your default downloads location.
The folder should contain a separate folder for MAC and Windows-based objects.
Â
Global Compliance Standards - Details
Filtering Options
Compliance Type
Compliance | Company Types | Geospecifics |
CIS | Technology companies, cybersecurity firms, financial institutions. | Global |
Cyber Essentials | Software development companies, IT service providers, cloud computing services. | UK/EU |
Essential Eight | Government agencies, critical infrastructure organizations, defense contractors. | Australia |
GDPR IV | E-commerce platforms, social media companies, online service providers. | UK/EU |
GPG 13 | Government agencies, military organizations, public sector entities. | UK (with a focus on UK government entities) |
HIPAA | Hospitals, healthcare providers, health insurance companies. | U.S. (Healthcare Industry Focus) |
ISO 27002 | Banks and financial institutions, technology companies, data centers. | Global |
NIST CSF | Government agencies, critical infrastructure organizations, cybersecurity service providers. | Global (U.S. Government Focus) |
NIST 800-53 | Federal agencies, defense contractors, IT service providers. | Global (U.S. Government Focus) |
NIST 800-171 | Defense contractors, subcontractors working with the Department of Defense, government suppliers. | Global (U.S. Government Focus) |
PCI DSS | Credit card companies, banks, online payment processors. | Global (Finance Industry Focus) |
Platform
Select the platform based on predefined operating system groups, which include Azure, Linux, MAC, Windows Server, Windows Desktop, and more.
Microsoft Windows | Linux | Darwin |
---|---|---|
Windows Server | UBUNTU 22, 20, 18, 16, 14 | MAC 13 |
Windows Desktop | SUSE 15, 12, 11 | MAC 12 |
Azure Server | RHEL 9, 8, 7, 6 | MAC 11 |
Windows Server 2012 R2 | DEBIAN 11, 10, 9, 8, 7 | MAC 10 |
 | SLES 11, 12, 15 |  |
Maturity Level
Where applicable, choose the maturity level to filter the compliance type further. Not all compliance-type options will have a maturity level to select from.
For example, when using the CIS compliance type, you can select just IG1 vs seeing IG1, IG2, and IG3.
After selecting your Compliance Type, Platform, and Maturity Level filtering options, your data will be displayed in the Compliant pod.
Column Label | General Use / Description |
---|---|
Section | Displays specific section details from the selected Compliance Type. |
Compliant | Displays the count of compliant controls by Compliance ID for the selected Compliance Type. |
Non Compliant | Displays the count of non compliant controls by Compliance ID for the selected Compliance Type. |
Manual Compliant | Displays the count of manual compliant controls by Compliance ID for the selected Compliance Type. |
Manual Non-Compliant | Displays the count of manual non-compliant controls by Compliance ID for the selected Compliance Type. |
Company | Displays the count of Companies, or Company, which is affected. |
Asset | Displays the count of Assets, or Asset, which is affected. |
Manual Compliant / Non-Compliant must be verified manually and generally has some type of uploaded evidence.
Here, you will see the details of the selected line.
See the table below for a listing of the available data columns.
Column Label | General Use / Description |
---|---|
Compliance ID | Displays the ConnectSecure issued ID to reference a specific compliance type check. Tap to see the Compliance Check Details. |
Sub Section | Displays the name of the sub-section from the selected Compliance Type |
Description | Displays the detailed description about the specific Compliance ID. |
Assets | Displays the count of Assets affected by the selected Compliance ID. Tap the count to see the list of assets. |
Companies | Displays the count of Companies affected by the selected Compalice ID. Tap the count to see the list of Companies as well as count of Assets. |
Global Compliance Standards - Side Navigation Toolbar Overview
The standard Jobs and Alerts features can only be accessed from the side navigation toolbar actions.