Using The Compliance Center
The Dash Compliance Center is used to view, analyze, and take action on the issues that have been flagged within your cloud environment. Using Amazon Web Services SDKs and APIs, Dash performs a scan of your cloud environment on a daily basis. If there are any issues that should be addressed, Dash will create an issue to help you resolve this problem.
Compliance issues contain issues as related to HIPAA, SOC 2 and HITRUST technical safeguards (such as encryption and access control), and administrative safeguards (such as performing risk assessments and other reviews).
Here is an example of some potential issues as they would show up in your Compliance Center:
Filtering and Navigation
The right sidebar allows users to view and sort issues based on a number of filters:
Issue Status – Users can view issues based on whether they are “Open Issues”, “Resolved Issues”, or “Ignored Issues”.
Issue Priority – Users can view issues based on issue priority (Sort by high, medium, low)
AWS Accounts – For organizations monitoring several AWS accounts in Dash ComplyOps, organizations can view issues for a specified AWS account(s).
Source – Users can view issues based on the source of issue finding (scan, policy, etc)
Service – Users can view issues based on the specific AWS cloud service (View issues related to S3, EC2, RDS.)
My Issues – Users can view a list of all Compliance Center issues that are specifically assigned to them
Remediation Available – Users can view a list of issues that have Dash automated remediations available
Viewing Issues
Users may click on any individual row or issue to view more information about the compliance concern and resolution. Individual issue pages may look like this:
In the Compliance Center Issue View users can find the following information:
Compliance Standards – You will see how this issue relates to different compliance frameworks, namely HIPAA, SOC 2 and HITRUST and the applicable regulatory safeguards.
Related Policies – Some issues are related to the policies found in the Policy Center. If there is a related policy, it is because there is a connection between the issue and one or more of the questions in the given policy. You can click the related policy to navigate to the Documents page for the given policy.
Issue – This is a plain English description of what has been detected during the scan. Should provide service context and help you to pinpoint the issue.
Recommendation – This is a suggestion on what should be done to bring this issue into compliance.
Assignments – You can assign an issue to a specific team member or to yourself for future completion
Affected Objects – This space outlines the AWS resources that have been flagged for this particular issue
You can resolve a specific affected object once you have made the change necessary.
You can see the resource ID as well as resource metadata for the given affected object.
Issue Timeline – Shows events relative to the issue. Events include:
Issue Opened
Issue Resolved
Issue Assigned
Event History – Shows all the times the issue was detected during a scan and how many affected objects were detected during each scan.
Resolving Issues
After identifying compliance issues in your cloud environment, your team can work to address these concerns across infrastructure. Teams can mark individual “Affected Objects” as done by clicking “Resolve Issue Item“. Additionally, once teams have resolved all affected objects, they can mark the entire issues as complete by clicking “Resolve Issue” in the top right.
Dash will continue to monitor your cloud environment and will validate that these issues are properly resolved or flag them again if they are still active.
Teams may see all current Resolved Issues by navigating to the Compliance Issues page and selecting “Resolved” under the Issue Status Filter. This list contains all recently resolved issues and scans where no issues have been detected and may be considered “non-issues” validated scans.
Ignoring Issues
When looking through identified compliance issues in your cloud environment, your team may sometimes find issues with specific “Affected Objects” that are not relevant to your security profile or contain risks your team is willing to accept.
For Example:
Your team may find an identified issue related to a marketing website.
You may have a specific reason for keeping a specific port open for an application in your environment.
In these cases, your team can open an individual “Affected Object” and ignore the finding by clicking “Ignore Issue Item”. Ignored issue items/objects, will drop to the bottom of the issue list and become more transparent colored. Your team can later open this issue item and click “Track Issue Item” if you would like to make the item visible again.
Snoozing Issues
If there are issues that your team wants to temporary hide, or check on a future date, it might make sense to “Snooze” an issue, and have Dash scan and check the issue at a later date.
For Example:
Your team may have corrected or resolved an issue via continuous integration or deployment which will update in X days
Your team has specific configuration changing in X days.
Dash provides the option to “Snooze” an issue for a certain amount of days. A Dash user can Snooze an issue by navigating to an individual issue in the Compliance Center and clicking the “Snooze Issue” button.
You will be presented with a modal with options for snoozing the issue:
# of days to Snooze - The number of days that the issue will be snoozed
Email assigned user - Whether the assigned user for an issue will receive an email after the snooze period ends and the issue becomes “unsnoozed”. (A user must be assigned to the issue, for an email to be sent)
After confirming settings and clicking “Snooze Issue” the Issue will move to the “Ignored” Issues state, for the Snooze period (X days snoozed). After the period of time, the issue will return to the “Active” Issues state or “Resolved” state if the issue has been resolve/undetected.