Compliance

Owned by Sneha B A (Unlicensed)
Last updated: Oct 17, 2023 by Amrutha Bolad
3 min read

CyberCNS supports some of the common cyber security compliance standards scans that help to form a strong basis for a good cybersecurity strategy. Scanning for Compliance standards like PCI DSS, HIPAA, GDPR IV, NIST 800-53, NIST 800-171, CIS, CIS 8.0, ISO 27002, and Essential Eight is supported by CyberCNS.

CIS is Version 7, CIS is a set of safeguards to mitigate cyberattacks against systems and networks. CIS  Controls are prescriptive and provide detailed guidelines for implementation.

  • Compliance is a section that shows detailed information about Compliance Benchmark, Title, Description, Benchmark, IG1, IG2, IG3, and if the asset is Compliant or Non-Compliant.

  • In the context of CIS compliance, IG1, IG2, and IG3 refer to the various implementation groups within the Center for Internet Security (CIS) Controls framework. The CIS Controls are a set of best practices for cybersecurity that organizations can follow to enhance their security posture.

    Each implementation group represents a different level of maturity in implementing the CIS Controls. Here's a brief overview:

    1. IG1 (Implementation Group 1): This group represents the foundational level of CIS Controls implementation. Organizations in IG1 are typically in the early stages of implementing basic security measures.

    2. IG2 (Implementation Group 2): IG2 represents an intermediate level of CIS Controls implementation. Organizations in IG2 have made progress in implementing additional security measures beyond the foundational level.

    3. IG3 (Implementation Group 3): IG3 represents the highest level of CIS Controls implementation. Organizations in IG3 have implemented the most comprehensive set of security measures and have a mature security program in place.

    The specific requirements and recommendations for each implementation group can vary based on the version of the CIS Controls framework being used. Organizations need to assess their current security posture and determine the appropriate implementation group to strive for based on their specific needs and resources.

  • Compliance is a section that lists compliance norms such as CIS V7, CIS 8.0, GDPR IV, GPG 13, HIPAA, NIST 800-53, NIST 800-171, ISO 27002, Essential Eight & PCI DSS.

  • In the image below, click on the Compliant Asset(s) Count to view the Compliant Assets.

  • The complete information on Compliant Assets can be seen in the below image.

  • The complete information on Complaint Assets for the particular asset can be seen in the below image.

  • In the image depicted below click on the Non-Compliant Asset(s) Count to view the Non-Compliant Asset(s).

  • The complete details of Non-Compliant Asset(s) can be found in the below image.

  • In the image below click on the Total Asset(s) Count to view the Compliant Assets and Non-Compliant Assets.

  • The complete information on Non-Complaint issues for the particular asset can be seen in the below image.

  • This completes the Compliance section.