Getting Started with Compliance In the Cloud

Compliances Offered in Cloudlytics

  • CIS AWS Foundation Checklist.
  • GDPR readiness Checklist for AWS.
  • MAS (Monetary Authority of Singapore) Scan.
  • AWS Security Compliance Check.
  • The Payment Card Industry Data Security Standard (PCI DSS) Compliance.
  • Health Insurance Portability and Accountability Act (HIPAA) Compliance.
  • ISO 27001.
  • The National Institute of Standards and Technology (NIST) 800 53 Rev 4.
  • AWS Security Group Health Check.
  • S3 Bucket Health Check.
  • BETA SOC2 Compliance.
  • AWS Well Architected Review (WAR).

Recently Added compliances

  • Azure Cis
  • Health Insurance Portability and Accountability Act (HIPAA) Compliance for Azure.
  • The National Institute of Standards and Technology (NIST) 800 53 Rev 4 for Azure.
  • ISO 27001 for Azure.
  • Azure PCI DSS
  • Azure GDPR

Additionally customers can also create and configure their own custom compliance at root and admin level.

End-to-End Compliance Monitoring

Cloudlytics makes it easy for you to identify, prioritize, and remediate compliance risks with insights that drive action. It also ensures end-to-end compliance monitoring by running a scheduled scan on a daily, weekly, or customized time-span basis with reports directly sent through emails.

Report Dashboard

Get a detailed view of your compliance issues that are tracked, compiled and monitored in a graphical format. All the previous reports are stored in the dashboard for your convenience.

Rule Suppression

Our solution enables temporary suppression of a rule, in case you have to skip the known reason for a rule failure.

Downloadable Report from Console

The reports on the dashboard – current and old – can be downloaded with just a click away.

Compare Reports

Cloudlytics is an all-inclusive compliance assurance and threat protection solution. Get reports on the compliance posture of your cloud and compare it with previous reports to take necessary actions moving forward.

Steps to configure Compliance in Cloudlytics

  1. Login to Cloudlytics
  2. Select Compliance Monitoring from the menu and click on Configurations.
  3. Existing scan configurations configured for your account are listed on the screen.
  4. Now to add a new compliance configuration, click on Add Configuration button on the top right of the window as shown below.
  1. Enter the following fields for the new scan to be configured:
  • Name: Name the scan to be configured
  • Platform: AWS/Azure
  • Scan type: Select scan type to be configured from the list
  • Credentials: Select credentials for which scan
  • Notification Endpoint: Select endpoint to which the scan report needs to be sent/Create a new Notification endpoint by clicking on ‘+’ button
  • Scan Frequency Type: Select scan frequency from the options given. Using the custom option, the report can be generated for the number of days entered.
  1. Click on the Next button.
  2. Scan rules are displayed for the specific services for which the new scan needs to be configured.
  3. If the CloudWatch is displayed in the red color as shown in the screenshot below, click on it and fill the fields Namespace and Metric Name from the table below:
Rule verboseNamespaceMetric Name
Ensure a log metric filter and alarm exist for unauthorized API callsCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.01 Unauthorized API Calls
Ensure a log metric filter and alarm exist for Management Console sign-in without MFACIS-3-MONITORINGCIS Benchmark v.1.1 – 3.02 Management Console Sign-in Without MFA
Ensure a log metric filter and alarm exist for usage of root accountCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.03 Usage of root Account
Ensure a log metric filter and alarm exist for IAM policy changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.04 IAM Policy Changes
Ensure a log metric filter and alarm exist for CloudTrail configuration changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.05 CloudTrail Config Changes
Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.06 AWS Management Console Authentication Failures
Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.07 Disabling or Scheduled Deletion of Customer Created CMKs
Ensure a log metric filter and alarm exist for S3 bucket policy changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.08 S3 Bucket Policy Changes
Ensure a log metric filter and alarm exist for AWS Config configuration changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.09 AWS Config Configuration Changes
Ensure a log metric filter and alarm exist for security group changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.10 Security Group Changes
Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)CIS-3-MONITORINGCIS Benchmark v.1.1 – 3.11 Changes to Network Access Control Lists NACL
Ensure a log metric filter and alarm exist for changes to network gatewaysCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.12 Changes to Network Gateways
Ensure a log metric filter and alarm exist for route table changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.13 Route Table Changes
Ensure a log metric filter and alarm exist for VPC changesCIS-3-MONITORINGCIS Benchmark v.1.1 – 3.14 VPC Changes

Ensure that these Namespace and Metric Name are same in aws account as well.

  1. Once all rules are entered, click on the Save button.
  2. You will get the popup with the message ‘Compliance has been configured successfully. Do you want to attach it to any group?’
  3. You can continue or skip this step.
  4. Now you can see the compliance has been configured and the scan has been started for the same. The scanning status gets changed to ‘in the queue’ for that scan.
  5. The scan report will be generated once the scan gets completed and the generated report will be sent to the notification endpoint configured for your scan.

You can also create a customized scan type, where you can include the specific set of controls as per your requirements.

Steps to create customized compliance in Cloudlytics

  1. Select Compliance Monitoring from the menu and click on Customize.
  2. Choose your platform.
  3. Click on the +Add Compliance button on the top right of the screen.
  4. Enter the following fields as shown below for the new scan type to be configured:
  • Scan Type:Name the scan type to be created
  • Platform:Aws/Azure
  1. Check the box Set Default Logo or you can give url of logo your logo.
  2. Select the Section and the Service for which you want the new scan type to be created.
  1. As shown below, you can add the rule by clicking on the green ‘+’ icon.
  1. Now you can see the rules added for the selected service.
  2. You can also remove the added rule by clicking on Remove rule.
  3. Click the ‘Next’ button on the top right of the screen.
  4. Now you see the controls to be added to the new scan type to be configured.
  1. Click Save button
  2. The popup is displayed with the message ‘Compliance created successfully.’

If you want your compliance to be configured for the newly created scan type, you just need to follow the steps from the section ‘Steps to configure a Compliance in Cloudlytics’ mentioned above and select the newly created scan type from the options for the field ‘Scan type.’

Table of Contents

A Trusted Security Partner of Global Businesses

Simplify Management of Your Cloud Operations With Us.

Living on the Edge LOGO