docs
  • Account onboarding
  • Dashboard
  • Well-Architected Reviews
  • Assessments
    • Overview
    • Recommendations
    • Assessment Details
    • Remediation
    • Assessment Tuning
  • Reports
    • Configuration Status
    • Compliance Reports
    • Custom Compliance Reports
    • Resource Summary
  • Automated Assessments
  • Email Summaries
  • AWS Settings
    • Managed AWS Accounts
    • Managed Organizations
  • Profile Management
    • User Settings
    • Subscriptions Details
    • Custom Reports
    • Update Password
  • API
  • Join our community Slack
Powered by GitBook
On this page
  • Available Reports
  • Report Details
  • List of Controls
  • Assessment Rules
  • PDF Export

Was this helpful?

  1. Reports

Compliance Reports

PreviousConfiguration StatusNextCustom Compliance Reports

Last updated 3 years ago

Was this helpful?

Available Reports

The compliance reports help assess your infrastructure against industry security frameworks. The following reports are available:

Report
Description

CIS AWS Foundations

SOC 2

NIST 800-53

These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability

NIST CSF

HIPAA

PCI DSS v3.2.1

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process, or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions

FedRAMP (Moderate)

FedRAMP (Federal Risk and Authorization Management Program) is the US federal government’s approach to securing the cloud services that its agencies use internally.

Canada GC Guardrails

A preliminary set of baseline controls is provided through the GC Cloud Guardrails, which help to ensure that cloud-based environments are protected upon receipt of enrolment under the GC Cloud Services Framework Agreement

Canada Protected B Medium Integrity Medium Availability (PBMM)

Reserve Bank India (RBI) Cyber Security Framework

A comprehensive cyber security framework by RBI for Urban Cooperative Banks, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them, and assessment of cyber security risk.

Report Details

List of Controls

Each compliance report contains a list of controls as defined by the security standard or framework. Each control shows a quick pass/fail icon.

Click on each control item to expand it and display the Control Description (as defined by the standard or framework), and the Assessment Checks that were evaluated as part of this control. Each assessment check also displays an icon to indicate whether it passed, failed, or was not applicable in this environment.

Assessment Rules

Along with the list of controls, each report includes all the assessment rules that are applicable to the evaluation of this report. This view provides more details on the specific AWS resources that were evaluated, including whether they passed or failed, and resource details such as region, resource Arn, and more.

PDF Export

Use the Export PDF button to generate a PDF document based on the data included in the report

The provides a high-level compliance standard for securing Amazon Web Services resources. The benchmark offers prescriptive instructions for configuring AWS services in accordance with industry best practices

System and Organization Controls () 2 is an auditing procedure that ensures a company's data is securely managed It's intended for use by service organizations (organizations that provide information systems as a service to other organizations) to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories known as Trust Service Principles

provides a list of controls that support the development of secure and resilient federal information systems.

NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US (NIST) based on existing standards, guidelines, and practices.taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated into many languages and is used by several governments and a wide range of businesses and organizations

(HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge

identify the baseline security controls that must be implemented by CSPs and GC departments and agencies in order to appropriately protect cloud-based GC services and related information having a security category of Protected B, medium integrity, and medium availability (PBMM)

CIS AWS Foundations Benchmark
SOC
NIST SP 800-53
National Institute of Standards and Technology
[1]
[2]
[3]
[4]
The Health Insurance Portability and Accountability Act of 1996
PBMM controls