When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an EC2 Security Group may have 50 Cloud Conformity Rules (Checks) scanning for various risks/vulnerabilities.
To view Checks associated with an account, click Browse all checks on the summary section of the Cloud Conformity Dashboard.
Each Check has the following information associated with it:
You can take the following actions on a Check:
Every Rule has an implementation associated with it, which will then determine if a Check against the Rule is successful or not. For example, if you have an S3 bucket with public read permissions enabled, the “S3 Bucket Public ‘READ’ Access”’ Rule will be applied towards all S3 buckets in your AWS account. If any S3 bucket has Public Read enabled, then the Check for that S3 bucket is a failure.
Some rules are documented by Conformity but cannot be tested against your cloud infrastructure due to not being applicable to cloud infrastructure or limitations of the data provided by the cloud provider. Rules that are only informational are identified as Not Scored.
Conformity may not be able to test the Rule completely, we do provide you with some high-level information that can be beneficial, e.g. Check whether ‘Alternate contacts for your AWS Accounts’ have been set up. You can pass on the information to your team via a communication channel and keep them informed as well.
You can neither ‘Resolve’ or ‘Suppress’ these Rules as they do not affect your compliance score.
To view a list of all Not Scored Rules in your account: