Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Compliance Scorecard

The InsightCloudSec Compliance Scorecard audits compliance and identifies risks in your cloud environment in a simple, transparent way. It can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues and provide guidance for acting appropriately on the right resources to mitigate those issues. Using a heatmap visual, summaries, and non-compliance history details, you can see where resources are failing these compliance checks.

Prerequisites

Before you get started with the Compliance Scorecard, you need at least one cloud account connected to InsightCloudSec. While not required, having some custom badges or custom Insight packs already created can be helpful when filtering for the Compliance Scorecard. It's also helpful to have a basic understanding of Insights and Compliance Packs in InsightCloudSec.

Generate a scorecard

The Compliance Scorecard is generated dynamically based on the filters selected. The only required filter is an Insight Pack (also known as a Compliance Pack).

To generate the scorecard:

Log into InsightCloudSec.
Go to Security > Compliance Scorecard.
Select an Insight Pack in the Insight Filters section.
Optionally, add severities, resource types, and Insights to filter the results.
Optionally, add a Resource Filter. You can only add one type of Resource Filter.
Click Apply. The Compliance Heatmap loads.

Scorecards do not persist

If you leave this page, the scorecard is removed, so when you return, you'll have to regenerate the scorecard. If you'd like to easily return to the scorecard, you should export it.

Understand a scorecard

The Compliance Scorecard consists of a few different views that are all accessed from the Compliance Heatmap. The Compliance Heatmap lists your scoped cloud accounts (or cloud filters) on the y-axis (vertical) and your Insights (as determined by the selected Insight Pack and any additional filtering) along the x-axis (horizontal). Where each cloud account intersects with an Insight, you'll find a square with a color that expresses the cloud account's Insight compliance as a percentage. The following is a list of important features to note when interacting with the heatmap:

Point your mouse cursor to a square to display a summary of the impacted resources in the cloud account.
Click a square to open a report card for the intersection of a particular cloud account and Insight, which includes a list of noncompliant resources for the particular cloud account, an overview of the Insight, and remediation details.
Click a cloud account name to open a list of report cards for the cloud account. Click an Insight to open the report card for that Insight.
Click an Insight name to open a report card for the Insight, which includes a list of noncompliant resources across all cloud accounts, an overview of the Insight, and remediation details.

Noncompliant resource actions

From the list of noncompliant resources, you can download the data, create a Bot to fix the noncompliance, or create an exemption.

Export a scorecard

After generating your scorecard, you can export the data in a few different ways from the Options menu:

Need to manage an existing subscription?

After you create a subscription, you can reconfigure or delete it or you can send it on demand from the Manage Subscriptions page. Cloud storage subscriptions also have the option to validate settings and to be toggled on or off. From the Compliance Scorecard page, click Options > Manage Subscriptions.

Microsoft Excel download

You can download the currently configured scorecard as an Microsoft Excel file from the main filtering menu and from the Report Card view for impacted resources. All Insights for the selected pack will be downloaded and are not limited to selected severities, badges, or resource types. This download option has data size limitations: if your report is too large, you will not be able to download the file.

Percentage of Compliance

In the interface, the scorecard is displayed as Insights (along the x-axis) vs. Cloud accounts (along the y-axis). In the Compliance Export, however, the reverse is true: Cloud accounts are on the X-axis and Insights along the Y-Axis.

The calculation of percent compliance, though, is the same in both cases. This percentage is calculated as 1 minus the ratio of noncompliant resources to total resources checked against that insight, and the ratio is then multiplied by 100 to obtain a percentage. For example, if a field has 50 impacted (noncompliant) resources out of a total of 1000 assessed resources for an Insight, the compliance for the assessed resources is therefore (1 - [50/1000])*100, or 95%. This field would be color-coded yellow, indicating a compliance level of between 95% and 99%.

To download a Microsoft Excel file:

From the Compliance Scorecard page, generate a scorecard.
Click Options > Download (Excel). A file downloads asynchronously.

Email subscription

You can send the currently configured scorecard as an email on a regular basis. When the email is sent, it has a short message along with an attached Microsoft Excel file.

To create an email subscription:

From the Compliance Scorecard page, generate a scorecard.
Click Options > Create Email Subscription.
Provide a Subscription Name.
Optionally, provide a Description.
Add Recipient Email Addresses to send the email to.
Select an Email Frequency.
Optionally, include tags or badges. These are represented as columns in the Excel file included with the email.
Click Subscribe.

Cloud storage subscription

You can send the currently configured scorecard to a cloud storage container (for example: AWS S3 bucket, GCP Cloud Storage) on a regular basis. By default, the scorecard is sent as a Microsoft Excel file in a .zip archive. The cloud storage container must be already harvested by InsightCloudSec, which means it appears in the Resources Inventory.

To create a cloud storage subscription:

From the Compliance Scorecard page, generate a scorecard.
Click Options > Create Cloud Storage Subscription.
Provide an Export Name.
Select a cloud storage container Resource to send the scorecard to.
Optionally, provide a Prefix to store the scorecard in. If no prefix is provided, the scorecard will be stored at the root level of the container.
Optionally, include tags or badges. These are represented as columns in the Excel file.
Optionally, select Export to storage container as .xlsx file to not send the file in a .zip archive.
Click Create. The export runs every day at 03:00 UTC.

Shareable link

You can share a direct link to your scorecard that's hosted by InsightCloudSec. You can only generate and access the link if you are a Domain or Organization Admin user.

To generate a share link:

From the Compliance Scorecard page, generate a scorecard.
Click Options > Generate Share Link.
Provide a name for the scorecard view.
Click Generate. A link is generated. Click View to load the scorecard view.

Copy the link now!

This window presents the only opportunity to access the unique link to the scorecard view, so you should copy it now and save it to a secure place.

Did this page help you?

Visibility & Reporting

Scope with Application Context

Visibility & Reporting

Understand and Prioritize with Layered Context