DivvyCloud

Compliance

Compliance is a primary focus of DivvyCloud, giving customers greater visibility into and understanding of their security and compliance issues across multiple cloud providers.

Compliance Packs

Compliance packs are collections of related insights focused on industry requirements and standards for all of your resources. Compliance packs may focus on security, costs, governance, or combinations of these across a variety of frameworks, e.g., HIPAA, PCI DSS, etc.

A complete list of DivvyCloud's prepackaged compliance packs is in the table below.

Compliance Packs
Number of Insights in the Pack

Center for Internet Security (CIS) - Amazon Web Services

31

Center for Internet Security (CIS) - Microsoft Azure

51

Center for Internet Security (CIS) - Google Cloud Platform

40

GDPR

42

HIPAA

36

SOC 2

61

FedRAMP CCM 3.0.1

37

PCI DSS

31

NIST Cyber Security Framework (CSF)

58

NIST 800-53

63

CSA Cloud Controls Matrix (CCM)

43

ISO 27001

24

Center for Internet Security (CIS) - Kubernetes

41

In DivvyCloud, these compliance packs are shown on the Insights page:

DivvyCloud-Provided Compliance Packs as Seen on the Insights Page

DivvyCloud-Provided Compliance Packs as Seen on the Insights Page

The following workflow for understanding compliance results has been deprecated. To understand your compliance results, we will direct you to the docs for the Compliance Scorecard and Insights, as well as the documentation for understanding compliance with respect to a specific Compliance Pack.

The Compliance Dashboard

Selecting Compliance on the main menu opens the Compliance Dashboard, giving you quick visibility into your compliance with different frameworks. This provides a straightforward, top-level view into individual cloud account's failed checks against a particular compliance pack.

Understanding the Compliance Results

The Compliance Dashboard will open to display compliance results for the last framework viewed. To select a different framework, click Packs on the upper right of the page, then select Compliance Packs or Custom Packs and choose a pack from the appropriate drop-down list.

Your cloud accounts' compliance with the selected pack is displayed in card format, one card per cloud account:

Viewing a Cloud's Compliance Against HIPAA, GDPR, and a Custom Compliance Packs

Viewing a Cloud's Compliance Against HIPAA, GDPR, and a Custom Compliance Packs

You can use the search field, as well as badges, to tailor your view to specific risk profiles, environments, owners, and other factors. (Learn more about badges here.)

Using the Search Field and Badges to Tailor Your Compliance View

Using the Search Field and Badges to Tailor Your Compliance View

In the example below, the Compliance Dashboard displays the Center for Internet Security (CIS) Benchmark for AWS, and shows the user's two AWS clouds: Marketing, which failed 10 of the 31 checks; and Operations, which failed 11 of 31 checks.

Example Compliance Dashboard for CIS-AWS

Example Compliance Dashboard for CIS-AWS

From the Compliance Dashboard, you can now select individual clouds (in the example, the Marketing or Operations clouds) to see details of the specific failures, including:

  • Insight - the name of the insight against which resources failed
  • Bots - the number of bots taking action or set to take action on the specific insight
  • Severity - the severity level of the insight
  • Compliance Rule - the specific rule from the compliance regulation to which this insight relates
  • Impacted Resources - the number of resources that failing to match this insight (compliance rule)
  • Exemptions - The number of exemptions for this cloud account (see Exemptions).
Viewing Details of a Cloud's Specific Compliance Failures

Viewing Details of a Cloud's Specific Compliance Failures

Accessible by clicking on an account card in the Cloud Compliance view, the Pack Compliance page displays number of relevant information regarding the selected pack and the cloud account such as: Compliance timeseries graph, Compliance per every pack rule, and Breakdown of noncompliance by resource type.

Sorting Your Compliance List

The insights in the above list can be sorted by column. Click on a column header to sort the list by values in that column. Click on the header again to toggle the sort between increasing and decreasing order.

Acting on the Compliance Report with Bots

Once you understand specific compliance failures, you can use bots to notify about or remediate the issue.

Checking for Existing Bots

You can determine whether any existing bots match the failed insight. In the example below, two such bots exist. You can investigate these bots to see what specific actions they are taking as a result of the failed insight, and then possibly modify your bot--or create a new one--accordingly.

Checking for Existing Bots to Address Compliance Failures

Checking for Existing Bots to Address Compliance Failures

Modifying Existing Bots

You can also modify existing bots by clicking on the (non-zero) number in the 'Existing Bots' column. This takes you to the BotFactory where you can reconfigure your bot (from the Admin action hamburger).

Creating a Bot

You may wish to create a bot to notify of---or remediate---the failed insight. In the example below, clicking the next to a specific insight, allows you to create a bot directly from that insight. You can learn more here about creating bots in the BotFactory.

Creating a Bot Directly from a Failed Insight

Creating a Bot Directly from a Failed Insight

Investigating Impacted Resources

In understanding your compliance report, you will

  1. Identify generally which insights/resources failed
  2. Further investigate your impacted resources
  3. Modify existing bots or create new bots to take action where insights have failed.

Results for Impacted Resources

You can view details of impacted resources by clicking on the (non-zero) number in the 'Impacted Resources' column, then selecting either the number under the 'Resources' column, or the "View Resources" tab on the slide-in dialog window. Either of these selections take you to the Resources page. See also Resources.

Investigating Impacted Resources

Investigating Impacted Resources

Excluding Resource Groups

You can select resources or Resource Groups to exclude from your report. While DivvyCloud still harvests for these resources or groups against the given insights, 'failures' found for excluded resources will not count against the compliance 'score'.
See also Exemptions in the Insights article.

Excluding Resource Groups From Insight Totals

Excluding Resource Groups From Insight Totals

Downloading Results

You can create a csv download reporting the results for the compliance pack as shown below. Click on a compliance pack from the Compliance page. This will take you to the Insights main page where you can then select the download arrow.

Downloading Insight Results From the Insights Page

Downloading Insight Results From the Insights Page

Example Download

The downloaded results appear in tabular form, which include the number of impacted resources aligned with the particular insights from the compliance pack along with the compliance rules. This is basically a document reflecting the same results you would see above.

Downloaded Insight Results

Downloaded Insight Results

Updated a day ago

Compliance


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.