The Dash Report Center provides teams with a way to view compliance with security and regulatory standards, including HIPAA, SOC 2, PCI DSS, ISO 27001, NIST 800-53 and GDPR. Alongside the Compliance Center, the Report Center provides another view into the organization’s state of compliance. Teams can utilize these reports to determine active controls and track evidence for security audits and questionnaires.
Reports are available for Dash provided security programs.
Reports provide an inventory for all requirements for the compliance framework and the show the current status of your organization's security controls.
Report Center controls and mappings are displayed alongside Compliance Center findings.
To view a report and all related/current controls, you can follow these steps:
Login to Dash ComplyOps
Click the “Report Center” in the Left Sidebar
Click the “View Controls” button for the Compliance Framework you want to view (HIPAA, SOC 2, etc)
Select the Scanset (environment) you want to see the current controls for.
After selecting a scanset you will see a full list of controls
Controls are organized and listed in order based on the compliance framework requirements.
Controls are shown with an overall status as:
“Green” if there are no current Compliance Center or Policy Center issues
“Red” if there are policies missing or uncreated for this control
You can expand any individual control/requirement by clicking on the row.
Policy Controls - A list of policies mapped to this control.
Policies show as “Red” if they have not been created in the Dash Policy Center. You can click on the policy name to be taken to this policy.
Policies show as “Green” if they have been adopted in the Policy Center
Technical Controls - A list of Compliance Center scans mapped to this control.
Scans show as “Red” if there are active findings in the Compliance Center. You can click on the policy name to be taken to this active finding.
Scans show as “Green” if there are no active findings
Cloud Provider Controls - A list of all cloud provider related controls
This may include architecture information, cloud service provider policies, or provided safeguards.