|   Trend Micro Cloud One™
Open menu

Compliance and Conformity Reports

Location

Main Dashboard > Select {Account} or {All Accounts} or {Group} > Browse all checks > View by Standard or Framework > Select {Standard or Framework}

The Compliance and Conformity Report scores your cloud infrastructure as PASS or FAIL for each control within supported Standards and Frameworks.

  • All controls are organized into sections and headers that map to those within the Standards and Frameworks itself as set by the standard or framework authority.
  • The report comes with % pass and % fail scores based on the total checks that have passed and failed for Conformity rules mapped to the standard or framework controls.
  • Using the report, you can get an instant assessment of your organization’s cloud infrastructure compliance, and accordingly, take remediation measures to improve compliance levels, thereby potentially avoiding non-compliance reactive fixes and expenditures.

What is a control?

A control is the passable element of a standard or framework that can be determined to PASS, FAIL, or be otherwise assessed.

How is PASS or FAIL determined for each control?

Each Conformity rule that is applicable to control within the selected standard or framework is run against your selected account(s) and Checks are sent back and totaled as PASS or FAIL for each control.

Mapping of Conformity rules to controls:

Supported Standards and Frameworks:

  1. AWS Well-Architected Framework
  2. CIS AWS Foundations v1.2.0
  3. NIST 800-53 (Rev. 4)
  4. PCI DSS
  5. HIPAA
  6. GDPR
  7. Monetary Authority of Singapore TRM
  8. System and Organization Controls 2 (SOC 2)
  9. IST Cybersecurity Framework v1.1
  10. ASAE 3150 Security of CDR Data
  11. PCI DSS v3.2.1
  12. APRA CPS 234 June 2019

User Access

Compliance and Conformity Report Layout

In the Compliance and Conformity Report, the grouping of the controls is defined by the control family. Conformity interprets the standards and frameworks and map rules to each control and control family. Each rule has a pre-existing category assigned to it based on an assessment of which pillar of the AWS Well-Architected framework a rule belongs to. These pillars may or may not align with the categorizations used by a framework or standard Conformity audits against.

Improve your organization’s compliance

Clicking on the Resolve button against the failed Checks will direct you to the related rule and remediation steps on the Conformity Knowledge Base, which provides a step-by-step guide on how to resolve the failure.

You also have the following options on clicking the expand button on a rule:

  1. Send rule to
  2. Configure rule
  3. Suppress
  4. Create tickets depending on communication channels configured

Customize and Download your Compliance and Conformity Report

  1. You can create customized views of the rules and checks on your All accounts, Individual accounts, or Groups using filters.
    Note: Some controls might return 0 checks i.e. 0 under Total Counts columns because:
    a. You have selected a filter that excludes services, rules, or checks that map to that specific control
    b. Or, you do not have access to applicable services for rules within the control
    c. Or, controls that aren’t applicable to cloud infrastructure or immeasurable by Conformity will not have any rules
  2. Download the report result
    1. Click on Generate report to generate and download Compliance and Conformity report
  3. Download previously generated reports from the history
    1. Expand Other reports from the Configured reports list
    2. Select either CSV or PDF format for the report
      Note:
      i. Compliance and Conformity Reports can also be downloaded from
      the All Generated Reports list.