What is the "Check" page?

The Check page is a high level overview of your fixes. Using the information on this page, you can see what resources require remediation, as well as the rationale behind them.

After clicking on any fix in the "Highest-Impact Fixes" section from the dashboard, you can find a detailed report of these fixes. See the key below for more information about this page. 

You can also access checks by going to the Compliance Checks page from the Compliance Dashboard.


Screenshot 2023-09-19 at 11.39.08 AM

A) Resource information
View and sort through information like Resource Names, Accounts, Regions, Status, and Portals. Click on any resource name for more information on that specific report. 
Note: You can also bulk mark resources by hitting the upper left check box. 


B) Remediation Steps
These are the steps required to fix each individual resource. 
Note: Under the Portal column in section A, you can easily navigate to each specific resource by clicking the Cloud provider "expand" icon (In this case, Google Cloud) 

C) Framework Controls
View and click into any Framework associated with your fix. 

D) Rationale
Read how these fixes would directly affect your Cloud environment, and why it is important. 

E) Add Exception or Mitigation
Used to add an exception or mitigation for the check. See the policy migration or exception information for more information. 

F) Manage 

Used to disable one or multiple Cloud accounts for that specific check. This allows you to easily organize your applicable Cloud accounts. 

Compliance Status

Compliant

This resource is compliant with the requirements in the associated check. 

Not Compliant

This resource does not meet the requirements to be compliant. See our remediation steps to make this compliant.

Not Checked
There are several reasons OpsCompass may not check a resource:

  • The check does not apply to this resource. For example, the check "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password" will show all IAM users but will not scan those without console passwords. If a console password is assigned to the user, then the check will scan the resource.
  • OpsCompass does not have enough information to run the check. This primarily applies to Oracle and SQL databases connected through our Licenses platform. Contact your OpsCompass representative to learn more about how to enable Security and License scanning.
  • Your company has disabled this check for one or more accounts. Click on the "Manage" button and clear the checkboxes for the appropriate accounts to re-enable the check.