Compliance control Details
Corestack compliance framework allows you to verify the compliance of your cloud infrastructure with respect to many different international standards, ie ISO , HIPAA ,etc. The different compliance standards are presented to the end-user in the form of a ”compliance control library”, each row represents an individual compliance control with respect to the standard. A control represents a rule/policy required by the standard, controls also represent an index of operation which can be performed on your cloud infrastructure deployment managed by Corestack.
Control action attributes
Each control has control action attributes which describes the range of capabilities and actions that can be performed by the control on the Corestack management platform.
Control attributes describe the function/purpose of the control with respect to the compliance standard. A compliance control attributes serve as a reference from corestack to the individual compliance standards.
Policy mappings act as a reference to indicate which Corestack policies are mapped to the control. Corestack allows its users with the required access roles(account_admin, tenant_admin, product_admin) to create new policy mappings or delete existing policy mappings on the tenant .
How To map/unmap a policy for a given control
- Click The “+” symbol next to the control action. When clicked a list will appear listing all the available policies for a given tenant.
- To map a policy click the check box adjacent to the policy name an click the “save list” button.
- To Un-map a given policy click the “+” button and in the list of policy names unselect the policy and select a suitable policy if required and click the “save list” to save the mappings.
Scheduling a compliance control to run periodically.
A schedule can be created for a given control to run automatically in between a time period defined by the “start date” and “end date”. The control can be executed in any of the following frequencies hourly, daily, monthly and weekly.
How to create a schedule or delete an existing schedule
- To create a schedule, click the “schedule” (calendar) button to open the schedule policies popup menu, note the schedule option is only available when a policy is already mapped to a given control.
- To schedule a policy, click the checkbox adjacent to the policy name, a schedule drop-down will appear which allows the user to schedule the required “start date”, “end date” and “frequency”. After selecting the desired parameters click save to save the schedule.
- To remove a schedule, uncheck the box adjacent to the policy name and click the “save” button to save the schedule.
Control execution status and policy outputs
The results of policy run in a schedule can be found in the policy execution status tab. When a policy is scheduled to run for a given control the policy is executed against all the cloud accounts available to the user aswell as all of the resource groups/ availabilty zones for the could account.
The status bar indicates the overall status of violations found for any given set of policy jobs, only when there are no errors and failures is the status given as success.
Viewing results for a particular control
- Click the control, the “compliance control details” tab appears. Move towards the bottom of the tab and click “policy executions”
- Click “View” for a given policy job, the policy jobs page will open with all relevant information regarding the job execution.