Topics on this page
Compliance Reports
Location | Main Dashboard > Select {Account} or {All Accounts} or {Group} > Browse all checks > View by Standard or Framework > Select {Standard or Framework} |
The Compliance and Conformity Report scores your cloud infrastructure as PASS or FAIL for each control within supported Standards and Frameworks.
- All controls are organized into sections and headers that map to those within the Standards and Frameworks itself as set by the standard or framework authority.
- The report comes with % pass and % fail scores based on the total checks that have passed and failed for Trend Micro Cloud One™ – Conformity rules mapped to the standard or framework controls.
- Using the report, you can get an instant assessment of your organization’s cloud infrastructure compliance, and accordingly, take remediation measures to improve compliance levels, thereby potentially avoiding non-compliance reactive fixes and expenditures.
What is a control?
A control is the passable element of a standard or framework that can be determined to PASS, FAIL, or be otherwise assessed.
How is PASS or FAIL determined for each control?
Each Conformity rule that is applicable to control within the selected standard or framework is run against your selected account(s) and Checks are sent back and totaled as PASS or FAIL for each control.
Supported Standards and Frameworks:
- AWS Well-Architected Framework
- Azure Well Architected Framework
- Google Cloud Architecture Framework
- NIST 800-53 (Rev.4)
- NIST 800-53 (Rev.5)
- The Center of Internet Security (CIS) AWS Foundations Benchmark v1.5.0
- The Center of Internet Security (CIS) AWS Foundations Benchmark v2.0.0
- The Center of Internet Security (CIS) AWS Foundations Benchmark v3.0.0
- PCI DSS v3.2.1
- PCI DSS v4
- HIPAA Feb 2023
- GDPR
- APRA CPS 234
- Monetary Authority of Singapore MAS-TRM 2021
- NIST Cybersecurity Framework v1.1
- NIST Cybersecurity Framework v2.0
- System and Organization Controls 2 (SOC 2)
- ISO 27001 2013
- ISO 27001:2022
- AusGov ISM 2021
- ASAE 3150 Security of CDR Data
- HITRUST CSF v9.3
- FEDRAMP Rev4
- NIS Europe OES-2019
- FISC Security Guidelines v9
- LGPD Brazil
- The Center of Internet Security (CIS) GCP Foundations Benchmark v1.3.0
- The Center of Internet Security (CIS) GCP Foundations Benchmark v2.0.0
- The Center of Internet Security (CIS) GCP Foundations Benchmark v3.0.0
- The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v1.5.0
- The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.0.0
- The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.1.0
- CIS Critical Security Controls Version 8
- NIS 2 Directive v2
User Access
User Role | Can Access |
---|---|
Administrator | |
Power User | |
Custom - Full Access | |
Read Only | |
Custom - Read Only |
Compliance and Conformity Report Layout
In the Compliance and Conformity Report, the grouping of the controls is defined by the control family. Conformity interprets the standards and frameworks and map rules to each control and control family. Each rule has a pre-existing category assigned to it based on an assessment of which pillar of the AWS Well-Architected framework a rule belongs to. These pillars may or may not align with the categorizations used by a framework or standard Conformity audits against.
Improve your organization's compliance
Clicking on the Resolve button against the failed Checks will direct you to the related rule and remediation steps on the Conformity Knowledge Base, which provides a step-by-step guide on how to resolve the failure.
You also have the following options on clicking the expand button on a rule:
- Send rule to
- Configure rule
- Suppress
- Create tickets depending on communication channels configured
Customize and Download your Compliance and Conformity Report
-
You can create customized views of the rules and checks on your All accounts, Individual accounts, or Groups using filters.
-
Some controls might return 0 checks i.e. 0 under Total Counts columns because
- You have selected a filter that excludes services, rules, or checks that map to that specific control
- Or, you do not have access to applicable services for rules within the control
- Or controls that aren't applicable to cloud infrastructure or immeasurable by Conformity will not have any rules
-
-
Download the report result
- Click on Generate report to generate and download Compliance and Conformity report
- Click on Generate report to generate and download Compliance and Conformity report
-
Download previously generated reports from the history
- Click to expand Other reports from the Configured reports list
- Select either CSV or PDF format to download
Compliance and Conformity Reports can also be downloaded from_ the All Generated Reports list