Compliance View

The Compliance Standards view helps you get a big picture of your overall compliance to a particular standard without having to generate a report every time.

Disclaimer: Horangi Warden’s compliance features and reports are designed to help organisations with compliance-related security activities, in particular with assessing and helping maintain compliance to a given standard, but can neither fully replace internal efforts nor guarantee that an organization will pass a compliance audit.
Horangi recommends working with an approved auditor to obtain any official compliance certifications.

compliance2

Why Compliance?

With more organizations migrating to cloud infrastructure, the risk landscape for infrastructure and security teams is changing. Making sure that organizations comply with governing laws and regulations is one of the biggest challenges in cloud security.

It’s no secret that the cost of non-compliance is extremely high. Here at Horangi, we believe in being proactive about managing compliance instead of scrambling when it’s too late.

Warden's Compliance feature makes becoming and staying compliant easier, from a bird's eye view to the technical details, it simplifies the compliance workflows between your DevOps, Security and Compliance teams.

Compliance Tagging

To quickly filter through your findings and focus on the compliance standard that matters to you, findings have been tagged to the following standards that they relate to. 

  • CIS-AWS: Center of Internet Security (CIS) Benchmarks, a set open source, consensus-based guidelines that provide a baseline for assessing your AWS security.
  • MAS-TRM: The Monetary Authority of Singapore's Technology Risk Management guidelines, based on their public consultation paper dating from 2019.
  • MAS Cyber Hygiene Notices: The Monetary Authority of Singapore's Cyber Hygiene Notices, a legally binding subset of MAS-TRM targeting specific industries.
  • PCI DSS:  Payment Card Industry Data Security Standard, a security standard for organizations that handle credit cards from the major card schemes.
  • NIST: National Institute of Standards and Technology (NIST) Cybersecurity Framework, which provides guidelines for US-based organizations in securing data and infrastructure.
  • AWS-WAF: AWS Well-Architected Framework, a framework to help cloud architects secure their AWS infrastructure based on best practices.
  • BNM-RMiT: Bank Negara Malaysia - Risk Management in Technology (BNM-RMiT) framework, a set of legally binding standards aimed to make financial institutions operating in Malaysia resilient to cybersecurity threats.
  • ISO 27001: International Standards Organization 27001 (ISO 27001), a standard providing the requirements for an information security management system (ISMS).
  • APRA: The Australian Prudential Regulation Authority (APRA) is an independent statutory authority that governs banking, insurance, and other financial institutions in Australia.

Control Mapping

For the compliance standards below, Horangi has mapped findings to the individual control items that they relate to for a particular compliance standard.

  • CIS-AWS: Center of Internet Security (CIS) Benchmarks, a set open source, consensus-based guidelines that provide a baseline for assessing your AWS security.
  • MAS-TRM: The Monetary Authority of Singapore's Technology Risk Management guidelines, based on their public consultation paper dating from 2019.
  • MAS Cyber Hygiene Notices: The Monetary Authority of Singapore's Cyber Hygiene Notices, a legally binding subset of MAS-TRM targeting specific industries.
  • AWS-WAF: AWS Well-Architected Framework, a framework to help cloud architects secure their AWS infrastructure based on best practices.
  • BNM-RMiT: Bank Negara Malaysia - Risk Management in Technology (BNM-RMiT) framework, a set of legally binding standards aimed to make financial institutions operating in Malaysia resilient to cybersecurity threats.
  • ISO 27001: International Standards Organization 27001 (ISO 27001), a standard providing the requirements for an information security management system (ISMS).

Parts of Compliance Standards View

Compliance Brief

An overview of your overall compliance risk posture.

Compliance Standards Tab

1. Section: Compliance control items are grouped by the section of the compliance standard that they belong to.

2. Section Number: The number (or identifier) of the section or control item as per the compliance standard's documentation.

3. Scoring: Scoring displays whether a Warden rule checking for a misconfiguration has passed or failed a check on a resource.

Navigating Compliance Standards View

  1. Select a compliance standard in the Standards dropdown list.
  2. View a list of all the compliance controls the rules map to and your compliance scoring for that control.
  3. Click on the compliance control you want to drill down into. You can then see the rules that are associated with your compliance to that control.