About Warden Compliance

Why Compliance?

With more organizations migrating to cloud infrastructure, the risk landscape for infrastructure and security teams is changing. Making sure that organizations comply with governing laws and regulations is one of the biggest challenges in cloud security.

It’s no secret that the cost of non-compliance is extremely high. Here at Horangi, we believe in being proactive about managing compliance instead of scrambling when it’s too late.

Warden's Compliance feature makes becoming and staying compliant easier, from a bird's eye view to the technical details, it simplifies the compliance workflows between your DevOps, Security and Compliance teams.

Compliance Tagging

To quickly filter through your findings and focus on the compliance standard that matters to you, findings have been tagged to the following standards that they relate to. 

  • CIS-AWS: Center of Internet Security (CIS) Benchmarks, a set open source, consensus-based guidelines that provide a baseline for assessing your AWS security.

  • MAS-TRM: The Monetary Authority of Singapore's Technology Risk Management guidelines, based on their public consultation paper dating from 2019.

  • MAS Cyber Hygiene Notices: The Monetary Authority of Singapore's Cyber Hygiene Notices, a legally binding subset of MAS-TRM targeting specific industries.

  • PCI DSS:  Payment Card Industry Data Security Standard, a security standard for organizations that handle credit cards from the major card schemes.

  • NIST: National Institute of Standards and Technology (NIST) Cybersecurity Framework, which provides guidelines for US-based organizations in securing data and infrastructure.

  • AWS-WAF: AWS Well-Architected Framework, a framework to help cloud architects secure their AWS infrastructure based on best practices.

  • BNM-RMiT: Bank Negara Malaysia - Risk Management in Technology (BNM-RMiT) framework, a set of legally binding standards aimed to make financial institutions operating in Malaysia resilient to cybersecurity threats.

  • ISO 27001: International Standards Organization 27001 (ISO 27001), a standard providing the requirements for an information security management system (ISMS).

Control Mapping

For the compliance standards below, the Horangi team has mapped findings to the individual control items that they relate to for a particular compliance standard.

  • CIS-AWS: Center of Internet Security (CIS) Benchmarks, a set open source, consensus-based guidelines that provide a baseline for assessing your AWS security.

  • MAS-TRM: The Monetary Authority of Singapore's Technology Risk Management guidelines, based on their public consultation paper dating from 2019.

  • MAS Cyber Hygiene Notices: The Monetary Authority of Singapore's Cyber Hygiene Notices, a legally binding subset of MAS-TRM targeting specific industries.

  • AWS-WAF: AWS Well-Architected Framework, a framework to help cloud architects secure their AWS infrastructure based on best practices.

  • BNM-RMiT: Bank Negara Malaysia - Risk Management in Technology (BNM-RMiT) framework, a set of legally binding standards aimed to make financial institutions operating in Malaysia resilient to cybersecurity threats.

  • ISO 27001: International Standards Organization 27001 (ISO 27001), a standard providing the requirements for an information security management system (ISMS).

Compliance Views

You can view compliance on Warden in multiple ways depending on your needs:

  1. Compliance Brief: An overview of your overall compliance risk posture. This is available on all compliance views.

  2. Warden Rules View: A list of all the rules that check your compliance risk posture and allows you to zoom in on what rules need to be resolved to help you stay compliant.

  3. Resources View: Provides visibility of compliance posture on the resource by resource level.

  4. Compliance Standards View: Helps you get a big picture of your overall compliance in a particular standard without having to generate a report every time.