Compliance Packs

An Overview of InsightCloudSec Compliance Packs

Security and compliance are two key InsightCloudSec capabilities. Under "Security--> Insights" the second tab available is for built-in Compliance Packs. Compliance Packs are out-of-the-box collections of related Insights focused on industry requirements and standards for all of your resources. Compliance packs may focus on security, costs, governance, or combinations of these across a variety of frameworks, e.g., HIPAA, PCI DSS, GDPR, etc.

The Compliance Packs tab on the Insights main page displays more than fifteen preconfigured Insight packs focused on various regulatory frameworks, including the CIS Benchmark, NIST 800-53, and ISO 27001.

Compliance Packs display in a list format. Each line provides a brief description of the pack's contents, including a designation for legacy packs (which typically indicates we have created an updated pack) and notes the number of Insights included in the pack.

1916

Compliance Packs Landing Page

Available Compliance Packs

A complete list of InsightCloudSec Compliance Packs is below. If you have questions about compliance standards that you don't see listed here, reach out to us through the Customer Support Portal.

*Note: The Compliance Packs page lists these using the acronyms (for example: CIS) for better visibility.

Compliance PackNumber of Insights in the Pack
ACSC Cloud Security Controls Matrix (ISM Sep22)113
ACSC Essential 8148
AWS Foundational Security Best Practices105
AWS Privilege Escalation Attacks31
Azure Security34
Center for Internet Security (CIS) - Alibaba 1.0.038
Center for Internet Security (CIS) - Amazon Web Services 1.3.045
Center for Internet Security (CIS) - Amazon Web Services 1.4.050
Center for Internet Security (CIS) - Amazon Web Services 1.5.053
Center for Internet Security (CIS) - Azure 1.1.040
Center for Internet Security (CIS) - Azure 1.4.058
Center for Internet Security (CIS) - Azure 1.5.086
Center for Internet Security (CIS) - Azure 2.086
Center for Internet Security (CIS) - Controls v8392
Center for Internet Security (CIS) - GCP (Google Cloud Platform) 1.1.042
Center for Internet Security (CIS) - GCP (Google Cloud Platform) 1.3.068
Center for Internet Security (CIS) - GCP (Google Cloud Platform) 2.0.066
Center for Internet Security (CIS) - Kubernetes 1.6.056
Center for Internet Security (CIS) - Oracle Cloud Infrastructure (OCI) 1.1.021
Center for Internet Security (CIS) - Oracle Cloud Infrastructure (OCI) 1.2.034
CMMC Level 146
Cost Containment Pack13
CSA CCM (Cloud Security Alliance Cloud Controls Matrix)43
CSA CCM V4 (Cloud Security Alliance Cloud Controls Matrix)480
CVEs for Kubernetes and ISTIO64
FedRAMP CCM 3.0.137
Federal Financial Institutions Examination Council (FFIEC)175
GDPR42
HIPAA237
HITRUST v9.4381
IAM Security (with Access Explorer)44
IAM Security (without Access Explorer)41
ISO 27001:2013514
ISO 27001:2022491
Kubernetes Security Recommended98
Microsoft Cloud Security Benchmark196
MITRE Att&ck Mitigation Pack311
NIST 800-171322
NIST 800-53 (Rev 4)225
NIST 800-53 (Rev 5)356
NIST Cyber Security Framework (CSF)396
NSA and CISA Kubernetes Hardening Guide 1.1101
NYDFS NYCCR 500201
PCI DSS318
SOC 2305

Compliance Pack Actions

From the Compliance Packs landing page, each available Compliance Pack is displayed as a line item in a list. Selecting the actions/context menu to the left of the name of the Compliance Pack provides access to the following actions:

  • Show Report Breakdown
  • Manage Subscriptions
  • Export Configuration Links
  • Toggle Pack Visibility
755

Compliance Pack Actions

Show Report Breakdown

The "Show Report Breakdown" option takes you to a summary page of dynamic charts that allow you to view the following:

  • A time series (up to 90 days) plot of total noncompliant resources categorized by what type of Insight registered the resource as noncompliant; ideally, you will see this trending down as you take actions to resolve compliance issues
  • Noncompliant resources, as a percentage of total resources, associated with this Insight pack
  • Noncompliant resources, as a percentage of total resources, within individual clouds associated with this pack
1393

Compliance Pack Example Charts

Manage Subscriptions

Email subscriptions associated with Insight packs are available for administration through a Compliance Pack's actions menu ("...").

Note: To read more about setting up SMTP, configuring email notifications, and creating pack-level notifications, check out our documentation on SMTP (Email Notifications).

After opening the actions menu, you can click "Manage Subscriptions" (envelope icon). This icon opens a page that provides a list of all subscriptions associated with the Insight Pack.

From this page you can add a new subscription or modify an existing subscription.

  • Select "Add new Subscription" to create a new subscription
  • For existing subscriptions under Action you can: Send Now, Edit, or Delete.
Managing Subscriptions

Managing Subscriptions

Export Configuration Links

Here you can add, edit, and otherwise manage export configuration links (otherwise known as cloud storage subscriptions) for exporting data. Details on this functionality are available in our Compliance Exporting documentation.

Note: In general we recommend using the Compliance Scorecard for the most robust reporting and export capabilities.

Toggle Visibility

This option allows you to disable and hide an entire Insight pack from your organization. You must confirm this selection. To unhide and re-enable the pack, uncheck the Hide Disabled Packs checkbox on the main page and toggle the pack's visibility to the "on" position.

Viewing Compliance Pack Details

You can view the details of any pack by clicking on the name. This will take you to the "Insights Library" filtered to display the individual Insights included in the pack.

2355

Compliance Pack Filtered Insight View

Insight Summary Page

Clicking on the name of an individual Compliance Pack opens a summary page listing each individual Insight included with the pack.

Results can be filtered, there are pagination controls, and each Insight row includes (for users with the appropriate permissions) several controls/fields as follows:

  • An Actions Menu (three dots - Create Bot)
  • The name of the individual Insight(s)
  • A summary of the Impacted (noncompliant) Resources
  • Details on Exempted Resources (when applicable)
  • The associated Compliance Rules
  • Any metadata
  • Any associated Bots (a total count)
  • Severity details
  • Favorite(s)
  • The InsightCloudSec version this compliance pack was released
  • Author details

Note: This is simply a "filtered" Insight list; when clicking on the text, it will display "This is a filtered result set. Click here to reset the filters." It will reset this list to display all available Insights.

📘

Compliance Pack Editing

Compliance Packs (because they are included with InsightCloudSec) cannot be deleted. While you can edit the severity, the only way to edit a Compliance Pack is to make a copy to customize.

General Pack Controls

With the appropriate administrative permissions, you can also access actions for each individual Compliance Pack. Those details are covered on the Insights page here.

Bots and Compliance Reporting (Impacted Resources)

Once you understand specific compliance failures, you can use Bots to notify about or remediate the issue. To learn more about this capability, check out our documentation on BotFactory.

Excluding Resources (Exemptions)

In earlier versions, InsightCloudSec offered the ability to exempt resources from Insight findings using the Resource Group functionality. Check out our documentation on our dedicated Exemptions functionality for details on excluding resources.

Checking for Existing Bots

You can determine whether any existing Bots match the failed Insight by clicking on the Bots listed on the Insight page associated with your Compliance Pack.

2355

Example of Bot Count

In the example above, four such Bots exist for one Insight. Clicking on this detail allows you to investigate these Bots on the "Bot --> Listing" page to see what specific actions they are taking as a result of the failed Insight. From this page you can choose to modify your Bot--or create a new one--accordingly.

2518

Compliance Pack - Bot Listing (from Insight Details)

Creating a Bot

You may wish to create a Bot to notify of or remediate for the failed insight. In the example below, clicking the actions menu and selecting "Create Bot" next to a specific insight allows you to create a Bot directly from that Insight. Check out details on the main BotFactory & Automation page or hop directly to Creating Bots or Working with Bots (Best Practices & Examples) to review some examples.

Compliance Reporting

Compliance Scorecard

For the best results in viewing, sorting, interpreting, and understanding data associated with both the InsightCloudSec Compliance Packs and any Custom Packs you may create, we recommend taking advantage of our Compliance Scorecard.

Downloading Results

You can download a .CSV file that includes the results for the Compliance Pack.
From the Compliance Packs page, click on the name of an individual Compliance Pack.

This will take you to a filtered Insights page where you can then select the download arrow.

2355

Downloading Insight Results From the Insights Page

What's Next?

  • To learn more about using an existing Compliance Pack as the starting point for a customized pack, check out our documentation on Custom Packs.
  • For information on compliance reporting, check out our Compliance Scorecard.
  • To explore automation using Compliance Packs, take a look at our BotFactory documentation.