DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Compliance Packs

Overview

Security and compliance are two of DivvyCloud's key capabilities. Under Security on the Insights page, the second tab available is for DivvyCloud's built-in Compliance Packs. Compliance Packs are out-of-the-box collections of related Insights focused on industry requirements and standards for all of your resources. Compliance packs may focus on security, costs, governance, or combinations of these across a variety of frameworks, e.g., HIPAA, PCI DSS, etc.

The Compliance Packs tab on the Insights main page displays more than fifteen prepackaged Insight packs focused on various regulatory frameworks, including the CIS Benchmark, NIST 800-53, and ISO 27001.

Compliance Packs display in card format. Each card provides a brief description of the pack's contents, and notes the number of Insights included in the pack.

Compliance Packs Landing Page

Available Compliance Packs

A complete list of DivvyCloud's Compliance Packs is below. If you have questions about compliance standards that you don't see listed here, reach out to us at [email protected].

📘

New for 20.4

Check out our new feature pages for our updated HIPAA Compliance Pack as well as our updated GCP CIS Compliance Pack.

Compliance Pack

Number of Insights in the Pack

Center for Internet Security (CIS) - Amazon Web Services

32

Center for Internet Security (CIS) - Microsoft Azure

62

Center for Internet Security (CIS) - Google Cloud Platform (Legacy)

38

Center for Internet Security (CIS) - Google Cloud Platform 1.1.0

43

GDPR

42

HIPAA (Legacy)

35

HIPAA (Updated August 2020)

289

SOC 2

61

FedRAMP CCM 3.0.1

37

PCI DSS

31

NIST Cyber Security Framework (CSF)

58

NIST 800-53 (Legacy)

63

NIST 800-53 (Rev 4)

256

CSA Cloud Controls Matrix (CCM)

43

ISO 27001 (Updated July 2020)

328

Center for Internet Security (CIS) - Kubernetes

41

Compliance Pack Actions

From the Compliance Packs landing page, each available Compliance Pack is displayed as a card. Each of these cards includes the following actions:

  • Show Charts
  • Manage Subscriptions
  • Manage Export Configuration Links
  • Toggle Pack Visibility

Compliance Pack Actions

Show Charts

The Show Charts icon (the bar chart icon) takes you to a summary page of dynamic charts that allow you to view:

  • A time series (up to 90 days) plot of total noncompliant resources; ideally, you will see this trending down as you take actions to resolve compliance issues
  • Noncompliant resources as a percentage of total resources associated with this Insight pack
  • Percent of total noncompliance contributed by component clouds associated with this pack
  • Noncompliant resources as a percentage of total resources within individual clouds associated with this pack

Compliance Pack Example Charts

Manage Subscriptions (Notifications)

Email notifications (or subscriptions) associated with Insight packs are available for administration through the Insight landing page.

Note: To read more about setting up SMTP, configuring email notifications, and creating pack-level notifications, check out our documentation on SMTP (Email Notifications).

After selecting the specific Insight Pack, you can select the envelope icon (Manage Subscriptions). This icon opens a page that provides a list of all subscriptions associated with the Insight Pack.

From this page you can add a new subscription, or modify an existing subscription by clicking on the ellipsis menu ("...") to display the following options:

  • Send Now - Send a new report based on your Insight Pack immediately (On-Demand Report)
  • Edit - modify or update your subscription
  • Delete - remove your subscription

Managing Subscriptions

Manage Export Configuration Links

Here you can add, edit, and otherwise manage export configuration links for exporting data. Details on this functionality are available in our Compliance Exporting documentation.

Manage Export Configuration Links

In general we recommend using the Compliance Scorecard for the most robust reporting and export capabilities.

Toggle Visibility

This option allows you to disable and hide an entire Insight pack from your organization. You must confirm this selection. To unhide and re-enable the pack, uncheck the Hide Disabled Packs checkbox on the main page and toggle the pack's visibility to "on".

Viewing Compliance Pack Details

You can view the details of any pack by clicking on its card. This will take you to the Insights Library listing the filtered individual Insights included in the pack.

Compliance Pack Filtered Insight View

Insight Summary Page

Clicking on the name of an individual Compliance Pack opens a summary page listing each individual Insight included with the pack.

Results can be filtered, there are pagination controls, and each Insight row includes (for users with the appropriate permissions) several controls/fields including:

  • A Bot creation icon (wrench)
  • The name of the individual Insight(s)
  • A summary of the Impacted (noncompliant) Resources
  • Details on Exempted Resources (when applicable)
  • The associated Compliance Rules
  • Any associated Bots (a total count)
  • Severity details
  • Favorite(s)
  • Author details

Note: This is simply a "filtered" Insight list, clicking on the text "This is a filtered result set. Click here to reset the filters", will reset this list to display all available Insights.

📘

Compliance Pack Editing

Compliance Packs (because they are included with DivvyCloud) cannot be deleted. While you can edit the severity, the only way to edit a Compliance Pack is to make a copy to customize.

General Pack Controls

With the appropriate administrative permissions you can also access actions for each individual Compliance Pack. Those details are covered on the Insights page here.

Bots and Compliance Reporting (Impacted Resources)

Once you understand specific compliance failures, you can use Bots to notify about or remediate the issue. To learn more about this capability check out our documentation on BotFactory.

Excluding Resources (Exemptions)

In earlier versions, DivvyCloud offered the ability to exempt resources from Insight findings using the Resource Group functionality. Check out our documentation on our dedicated Exemptions functionality for details on excluding resources.

Checking for Existing Bots

You can determine whether any existing Bots match the failed Insight by clicking on the Bots listed on the Insight page associated with your Compliance Pack.

Example of Bot Count

In the example above, fourteen such bots exist for one Insight. Clicking on this detail allows you to investigate these Bots on the "Bot --> Listing" page, to see what specific actions they are taking as a result of the failed Insight. From this page you can choose to modify your bot--or create a new one--accordingly.

Compliance Pack - Bot Listing (from Insight Details)

Creating a Bot

You may wish to create a bot to notify of---or remediate---the failed insight. In the example below, clicking the next to a specific insight, allows you to create a bot directly from that insight. You can learn more here about creating bots in the BotFactory.

Compliance Reporting

Compliance Scorecard

For best results in viewing, sorting, interpreting, and understanding data associated with both the DivvyCloud Compliance Packs as well as any Custom Packs you may create, we recommend taking advantage of our Compliance Scorecard.

Downloading Results

You can download a CSV file that includes the results for the Compliance Pack.
From the Compliance Packs page, click on the name of an individual Compliance Pack.

This will take you to a filtered Insights page where you can then select the download arrow.

Downloading Insight Results From the Insights Page

What's Next?

  • To learn more about using an existing Compliance Pack as the starting point for a customized pack, check out our documentation on Custom Packs.
  • For information on compliance reporting, check out our Compliance Scorecard.
  • To explore automation using Compliance Packs, take a look at our BotFactory documentation.

Updated about a month ago


Compliance Packs


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.