OpsCompass Compliance Overview

Compliance reporting in OpsCompass helps developers and administrators realize cybersecurity framework compliance by providing views and details targeted to your needs.

OpsCompass examines your connected cloud resources for cybersecurity framework compliance. Each resource is evaluated using 'checks' (cloud, resource-type and configuration-specific evaluation criteria), and compared to the requirements of each framework. Results are reported in the OpsCompass Compliance Module, the OpsCompass Dashboard, and reported via report exports and the OpsCompass API. Several compliance frameworks are supported, and OpsCompass can quickly add new frameworks to suit your needs.

Compliance Dashboard

OpsCompass features a compliance dashboard that provides a comprehensive overview of all compliance frameworks in your company. The compliance dashboard is a helpful overview when you are subscribed to multiple frameworks. To reach the compliance dashboard, click the Compliance title in the left navigation pane.

OpsCompass Compliance Dashboard

The number of frameworks on display in your dashboard is based on those that are activated. If you would like additional frameworks enabled, contact OpsCompass.

Each section of the compliance dashboard displays important information. The Totals Bar displays the number of checks involved with evaluating all resources, all checks, all controls, and all frameworks enabled.

Totals Bar

 In the example above, 44,159 unique checks were required to satisfy every check for every resource type for every control in every framework. These numbers are often much greater than the count of connected resources because each resource is evaluated against many checks, and many checks are redundant within frameworks.

A compliance graphic illustrates the number of failed checks over time. 

A line that is trending "up" indicates an increasing level of failed checks. A red line indicates high severity check failures, orange for medium severity, and yellow for low severity check failures. A drop down control at the top of the graphic allows you to switch the graphic view between frameworks enabled frameworks.

The pie chart area shows framework-specific reports on compliant and failed resource checks.

Pie Chart Area

For each enabled pie chart, the green area indicates the total number of checks that successfully 'passed' or are compliant. In the case of CIS Controls v8, there were a total of 8,040 checks evaluated, where 6,578 passed successfully. 646 high severity check failures were found, 462 medium severity failures, and 75 low severity failures were also discovered. Clicking the pie chart or any of the numeric values will direct you to the Compliance Framework view for that framework. 

The Compliance Table beneath the pie chart area displays a tabular view of compliance data. 

Compliance Table

The table indicates the last compliance evaluation, the total number of checks evaluated, and the number of high, medium and low severity check failures. 

Compliance Framework Page

The Compliance Framework page provides a convenient display for administrators looking to report on compliance problems relative to a specific compliance framework. This page lists the compliance framework name, the appropriate controls and sub-controls, and the status of checks within each control or sub-control. 

Compliance Framework Page

The totals row on the Compliance Framework page indicates different conditions depending on what information is most relevant.

  • Framework Metrics - these figures indicate the number of checks that were evaluated for this framework. In this example, evaluating NIST800-171 for all included resources required 2,219 unique examinations, with 826 high severity check failures, 1300 medium and 93 low. Clicking on any of the counts in the total bar filters the Compliance Framework view to only those checks.
  • Resource Problems indicates the count of resources with compliance check failures. Clicking on any of the counts in the total bar filters the Compliance Framework view to only those checks.
  • Checks indicate the number of checks executed for processing a framework, and the number of check failures present in the framework. Check-based views are most useful for developers / administrators who simply need to "show me the problems" because they eliminate the redundancy of the framework, leaving only the items that need to be fixed. Clicking on any of the counts in the total bar filters the Compliance Framework view to only those checks.

Clicking on a row in the framework opens the control to show the list of affected resources.

This view shows the name of the resource, the resource type, the last scan date, and the account membership. Each item in the list has a clickable link. Following the clickable link directs you to the Resource Page. More compliance check information is available. 

By selecting a specific failed check in the Resource Page, you can see the problem, the rationale, and the recommended actions. The Controls section illustrates all of the frameworks where a given check failure causes a violation report. 

From this view, you can indicate an exception or mitigation for this particular check. You can also navigate to the specific Check Page to learn more about all the resources that are subjected to this check.