Using The Compliance Center
The Dash Compliance Center is used to view, analyze, and take action on security and configuration issues that have been flagged within your cloud environments. Using Amazon Web Services SDKs and APIs, Dash performs a scan of your cloud environment on a daily basis. If there are any issues that should be addressed, Dash will create an issue to help you resolve this problem.
Compliance issues contain issues as related to HIPAA, SOC 2 and ISO 27001 technical safeguards (such as encryption and access control), and administrative safeguards (such as performing risk assessments and other reviews).
Scan Results Page
You can view all compliance findings by logging into Dash ComplyOps and navigating to “Compliance Center” > “Scan Results” in thee left sidebar.
If you have not already connected cloud account(s) to Dash ComplyOps you will want to follow this documentation for Connecting AWS Monitoring.
Here is an example of some potential issues as they would show up in your Scan Results:
The following options are provided for the Scan Results page:
Scanset Dropdown – Select which Scanset (or Cloud environment) to see findings from.
Scansets can be created for a specific cloud account/set of regions and use one or more rulesets for scanning.
You can follow these steps to create a new Scanset or edit an existing Scanset.
Filters – Apply or remove a set of filters for sorting findings (more info in the “Findings” section below)
Scan Settings – Take
Search - Search compliance issues within a specific Scanset.
Issue List - The table shows a list of compliance issues detected within the
Priority - The priority associated with the detected finding.
Name - The name of the compliance finding.
Assigned To - User assigned to the finding (if set).
Service - The affected cloud service (IE. EC2, S3, RDS).
Findings - The number of times this specific finding is found in your environment.
Filters
You can click the “Filters” button in the top right to view and sort issues based on a number of filters. The following filter options are available in this menu:
Issue Priority – Users can view issues based on issue priority (Sort by high, medium, low)
Cloud Region – Users can view issues that exist one or more specific AWS regions.
Services – Users can view issues based on the specific AWS cloud service (View issues related to S3, EC2, RDS.)
Show Only Snoozed Issues - Users can view a list of currently Snoozed Issues
Show Only My Assigned Issues – Users can view a list of all Compliance Center issues that are specifically assigned to them
To Apply Filters - Click on “Filters” button Enter any filter options and click the “Apply Filters” button to see all filtered issues.
To Reset Filters - Click on the “Filters” button and click the “Reset Filters” button in the top right.
Viewing Issues
Users may click on any individual row or issue to view more information about the compliance concern and resolution. Individual issue pages may look like this:
In the Compliance Center Issue View users can find the following information:
Compliance Standards – You will see how this issue relates to different compliance frameworks, including HIPAA, SOC 2 and ISO 27001 and applicable regulatory safeguards.
Related Policies – Some issues are related to the policies found in the Policy Center. If there is a related policy, it is because there is a connection between the issue and one or more of the questions in the given policy. You can click the related policy to navigate to the Documents page for the given policy.
Issue – This is a plain-English description of what has been detected during the scan. Should provide service context and help you to pinpoint the issue.
Recommendation – This is a suggestion on what should be done to bring this issue into compliance.
Additional Information – Additional links and documentation related to this issue.
Findings – This space outlines the AWS resource(s) that have been flagged for this particular issue
You can resolve a specific Finding once you have made the necessary change.
You can see the resource ID as well as resource metadata for the given affected object.
Assigned User – You can assign an issue to a specific team member or to yourself for future completion.
Events – Shows events relative to the issue, including events around detection and assignment.
Resolving Issues
After identifying compliance issues in your cloud environment, your team can work to address these concerns across infrastructure. Teams can mark individual “Findings/Items” as done by clicking “Resolve Item“.
Dash will continue to monitor your cloud environment and will validate that these issues are properly resolved or flag them again if they are still active.
Teams may see current Resolved Issues by navigating to the Compliance Issues page and selecting “Resolved” under the Issue Status Filter.
Please Note: Resolved Findings are removed from this list on the next scan if they have been correctly resolved, otherwise if the issue still exists it will reopen and show in the “active Findings” section again.
Ignoring Issues
When looking through identified compliance issues in your cloud environment, your team may sometimes find issues with specific “Active Findings” that are not relevant to your security profile or contain risks your team is willing to accept.
Ignoring a Finding will ensure that the specific cloud resource related to this finding is not identified as an “Active Finding” in future scans, and puts it in an Ignored List.
For Example:
Your team may find an identified issue related to a marketing website.
You may have a specific reason for keeping a specific port open for an application in your environment.
In these cases, your team can open an individual “Finding” and ignore the finding by clicking “Ignore Item”. Ignored items, will be moved to the “Ignored Findings” section of the findings list. Your team can later open this issue item and click “Re-open Item” if you would like to make the item visible again.
Snoozing Issues
If there are issues that your team wants to temporary hide, or check on a future date, it might make sense to “Snooze” an issue, and have Dash scan and check the issue at a later date.
For Example:
Your team may have corrected or resolved an issue via continuous integration or deployment which will update in X days
Your team has specific configuration changing in X days.
Dash provides the option to “Snooze” an issue for a certain amount of days. A Dash user can Snooze an issue by navigating to an individual issue in the Compliance Center and clicking the “Snooze” button.
You will be presented with a modal with options for snoozing the issue:
# of days to Snooze - The number of days that the issue will be snoozed
After confirming settings and clicking “Snooze Issue” the Issue will move to the “Snoozed” Issues state, for the Snooze period (X days snoozed).
You can view all Snoozed issues by filtering the “Scan Results” page.
After the period of time, the issue will return to the “Active” Issues state or “Resolved” state if the issue has been resolve/undetected.