CoreStack has support for a growing list of Industry specific Regulatory Compliance standards and Industry benchmark standards necessary for modern corporations in various sectors. CoreStack is committed in bringing industry leading technology in cloud governance with the ease of use unrivaled in today's complicated tech landscape.
Each compliance standard contains various controls or rules which represents guideline to be implemented by the Organization for the resources to comply with.
Click Compliance in the Left navigation menu and select Standards option to land in Compliance Controls screen.
The tabs at the top represent the scope of the standards. There are 2 tabs – Marketplace and My Standards.
CoreStack provides a wide range of Pre-defined standards which can help in achieving Compliance and Security standards. These are Pre-loaded for all subscriptions and can be executed on-demand or scheduled.
These standards are available across all tenants and are created by the Product Administrator. It is managed by CoreStack. In on-premises installations, it will be managed by the on-site administrator.
These standards can be created by end users. These standards would be visible only for users within the tenant. You can add more standards or edit/delete existing standards in this tab based on your role and access policies.
CoreStack offers search and filter functions to help quickly look for the standards you need. The Search bar is available just above the standards list and works based on the Name mapped to it. To Filter Standards, you can click on the Filter icon placed to the right end above the standards list. Filter by services and scope is available.
CoreStack also provides the option for users to create their own standards and control, which help them to assess their standards. The following steps need to be performed in the My Standards tab of the Compliance Controls screen to create a new standard.
- Click "New Standard" button.
- Provide the following details to create the standard.
|Name||Specify a name for the new compliance standard.|
|Description||Provide a detailed description about the compliance standard.|
|Service||Select a required cloud service provider from the dropdown list in which the new compliance standard will be applicable.|
|Scope||Select the required boundary to define the area of influence for the compliance standard: Account or Tenant.|
|Compliance Logo||Click Choose Logo button and upload a logo for the new compliance standard.|
|Upload JSON||Upload the JSON file that has the control attributes defined in it. You can download the sample JSON format that is available for reference.|
- Click Create button to create the new standard.
A new compliance standard will be created and listed in the My Standards tab.
Note: If any control attribute needs to be added or deleted after the controls are loaded, then controls should be deleted along with created standard before a new control attribute is added.
You can manage the existing compliance standards in My Standards tab by using the below explained options.
- By clicking on the Edit icon available in the standard, you can update the details configured in the standard.
- By clicking on the Delete icon available in the standard, you can delete the standard.
You can perform the following operations in compliance standards.
- By clicking on the Status icon available in the standard, you can view the status of assessments performed using the standard.
- By clicking on the Assess icon available in the standard, you can perform assessment of resources using the standard.
- By clicking on the History icon available in the standard, you can view the history of assessments performed using the standard.
- By clicking on the Controls button available in the standard, you can view the control objectives associated with the standard.
Compliance controls are individual rules which are enforced by the organization. Each control can be created as required by individual auditing specification and needs. CoreStack by default provides few essential controls for each standard, these are essential controls which are required for any organization looking into getting a certification for the standard. Any additional controls can be created as need for a required scenario.
Note: To create a compliance control, the CoreStack user must have suitable role such as account_admin or ops_admin.
The following steps need to be performed to create and add control objectives to a compliance standard.
- Click Controls button available in the required standard.
- Click Add Control Objectives button.
- Specify the required values in the fields.
- Click Save Control button.
A new control will be created and listed in the Compliance Controls tab.
If the control created is automated type, suitable policies can be mapped to the controls from CoreStack polices. The New tenant created is only available in the tenant level, any custom policy created for the control should be available to the current tenant.
You can manage the existing control objectives by using the below explained options.
- Controls created by the user can be edited and changed as needed. To edit a control, select the control, navigate to the preview side bar from the menu, select the "more details button" in the preview tab and press the menu button ":`" . Select Edit Control option from the menu. After making the changes, click on Save Control button to update the changes.
- To delete a control, select the control, navigate to the preview side bar from the menu, and select Delete option from the menu. A pop up will appear asking you to confirm if you want to proceed to delete the control. Click "OK" to proceed.
The controls which are not automatable are classified as manual type controls. CoreStack allows the end users to manually update the status of manual type controls.
- Click Action button of the manual type control.
- Update the Remarks field and the updated date.
- Click Resolve to mark it as success or click Mark Violations to mark it as violations.
Updated about 1 month ago