Compliance Assessment Report

Introduction

The Compliance Assessment Report shows details about control violations, compliance status of controls as per policy execution and manual controls, and inventory summaries of various services. This is a SQL Server Reporting Services (SSRS) report.

Navigating to the Compliance Assessment Report

Perform the following steps to access the Compliance Assessment Report:

  1. Access the CoreStack application.

  2. Navigate to Reports > Compliance > Multi-Cloud > Compliance Reports > Compliance Assessment.

  3. Click the Filter icon on the right vertical pane.

  4. Select the required parameters in the following fields and click View Report.

    • Tenant
    • Service
    • Cloud Account
    • Compliance
    • Control Type

You can view the report in PDF format with all the relevant information as per the selected parameters.

Detailed information about the following sections are captured in this report:

  • Executive Summary
  • Coverage: This section shows the cloud account name, account number, cloud type, and assessment date.
  • Compliance Assessment Summary by Control Category: This section shows the control categories and the corresponding count, along with the count of success, violations, errors, and percentage of compliant resources. It also shows the overall compliance status and a summary of the findings.

πŸ“˜

Note:

The compliant percentage is calculated using the formula:
[Total controls - (violated + error)]/(total controls)*100

For example, if there are 49 controls, 9 successful controls, 30 violated controls, and 10 errors, then the compliant percentage will be: [(49 - (30+10))/49]*100 = 18.367% (converted to two decimal place would be 18.37%).

  • Compliance Assessment Summary by Compliance Controls: This section shows the status of assessed controls. You can see the control category, sub-category, control name, status, severity, and number of resources.

  • Compliance Assessment Details with Resource: This section shows the assessment results for various controls. It shows the control category, control name, policy, severity, and violation status. Detailed resource information, along with the host name and location, is also available in this section.