Guides

Compliance

Suggest Edits

The Compliance object contains information about Industry and Regulatory Framework standards, controls and requirements.

Attributes

CaptionNameTypeDescription
Complaince References Articles compliance_references KB Article[] A list of sources of information or tools that help organizations understand, interpret, and implement compliance standards. They provide guidance, best practices, and examples.
Compliance Standards Articles compliance_standards KB Article[] A list of established guidelines or criteria that define specific requirements an organization must follow.
Security Control control String A Control is prescriptive, prioritized, and simplified set of best practices that one can use to strengthen their cybersecurity posture. e.g. AWS SecurityHub Controls, CIS Controls.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Compliance Requirements requirements String[] A list of requirements associated to a specific control in an industry or regulatory framework. e.g. NIST.800-53.r5 AU-10
Security Standards standards String[] Security standards are a set of criteria organizations can follow to protect sensitive and confidential information. e.g. NIST SP 800-53, CIS AWS Foundations Benchmark v1.4.0, ISO/IEC 27001
Status status String The resultant status of the compliance check normalized to the caption of the status_id value. In the case of 'Other', it is defined by the event source.
Status Code status_code String The resultant status code of the compliance check.
Status Details status_detail String The contextual description of the status, status_code values.
Status ID status_id Integer The normalized status identifier of the compliance check.
  • 0: Unknown (UNKNOWN)
  • 1: Pass (PASS)
  • 2: Warning (WARNING)
  • 3: Fail (FAIL)
  • 99: Other (OTHER)
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Compliance shown in context

Inbound Relationships

These objects and events reference Compliance in their attributes:

Outbound Relationships

Compliance references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 1 month ago