Compliance

A list of assessments associated with the compliance requirements evaluation

A list of reference KB articles that provide information to help organizations understand, interpret, and implement compliance standards. They provide guidance, best practices, and examples.

A list of established guidelines or criteria that define specific requirements an organization must follow.

A Control is prescriptive, prioritized, and simplified set of best practices that one can use to strengthen their cybersecurity posture. e.g. AWS SecurityHub Controls, CIS Controls.

The list of control parameters evaluated in a Compliance check.

Group:context
The event data as received from the event source.

Group:primary
Unique identifier for the object

A list of requirements associated to a specific control in an industry or regulatory framework. e.g. NIST.800-53.r5 AU-10

Compliance standards are a set of criteria organizations can follow to protect sensitive and confidential information. e.g. NIST SP 800-53, CIS AWS Foundations Benchmark v1.4.0, ISO/IEC 27001

The resultant status of the compliance check normalized to the caption of the status_id value. In the case of 'Other', it is defined by the event source.

The resultant status code of the compliance check.

The contextual description of the status, status_code values.

🚧 WARNING: DEPRECATED

Status Detail has been deprecated since 1.4.0. Use the status_details attribute instead.

A list of contextual descriptions of the status, status_code values.

The normalized status identifier of the compliance check.

• 0: Unknown (UNKNOWN)
• 1: Pass (PASS)
• 2: Warning (WARNING)
• 3: Fail (FAIL)
• 99: Other (OTHER)

Data from the source that was not mapped into the schema.