The Compliance object contains information about Industry and Regulatory Framework standards, controls and requirements.
Attributes
Section titled “Attributes”standards
- Type:
string_t - Requirement: required
Security standards are a set of criteria organizations can follow to protect sensitive and confidential information. e.g. NIST SP 800-53, CIS AWS Foundations Benchmark v1.4.0, ISO/IEC 27001
control
- Type:
string_t - Requirement: recommended
A Control is prescriptive, prioritized, and simplified set of best practices that one can use to strengthen their cybersecurity posture. e.g. AWS SecurityHub Controls, CIS Controls.
status
- Type:
string_t - Requirement: recommended
The resultant status of the compliance check normalized to the caption of the status_id value. In the case of ‘Other’, it is defined by the event source.
status_id
- Type:
integer_t - Requirement: recommended
- Values:
0-Unknown: The status is unknown.1-Pass: The compliance check passed for all the evaluated resources.2-Warning: The compliance check did not yield a result due to missing information.3-Fail: The compliance check failed for at least one of the evaluated resources.99-Other: The event status is not mapped. See thestatusattribute, which contains a data source specific value.
The normalized status identifier of the compliance check.
requirements
- Type:
string_t - Requirement: optional
A list of requirements associated to a specific control in an industry or regulatory framework. e.g. NIST.800-53.r5 AU-10
status_code
- Type:
string_t - Requirement: optional
The resultant status code of the compliance check.
status_detail
- Type:
string_t - Requirement: optional
The contextual description of the status, status_code values.