Custom Compliance Standards

The custom compliance standards feature allows you to define and create a mapping of rules to controls tailored to your organisation’s unique business needs and operational constraints.

This is an experimental feature and is currently in a public preview.

 

List All Custom Compliance Standards

get/compliance-standards/custom

This endpoint allows you to get all the custom compliance standards in your organisation.

SecurityApiKeyAuth
Responses
200

OK

403

Forbidden. This error occurs when your organisation does not have access to custom compliance standards.

Response samples
application/json
{
  • "data": [
    ]
}

Create Custom Compliance Standard

post/compliance-standards/custom

This endpoint allows you to create custom compliance standard for your organisation by passing the custom compliance standard definition.

This endpoint is only available to ADMIN users.

Some Important Concepts:

  1. A Compliance Standard is generated from a list of controls that map to rules.
  2. A Control is an automated or manual process designed to help safeguard an organisation and minimise risks to its objectives through preventative or detective measures.
  3. A Rule is either an AWS, GCP, Azure or Conformity Rule.
SecurityApiKeyAuth
Request
Request Body schema: application/vnd.api+json
object (custom-compliance-standards-payload)
Responses
201

Created

400

Bad Request. This error likely occurs when there is syntax issues in your compliance standard.

403

Forbidden. This error occurs when your organisation or user does not have access to a specific custom compliance standard.

422

Unprocessable Entity

Request samples
application/vnd.api+json
{
  • "data": {
    }
}
Response samples
application/json
{
  • "data": {
    }
}

Get Custom Compliance Standards

get/compliance-standards/custom/{id}

This endpoint allows you to query your organisation custom compliance standards definition by custom compliance standard ID. The response from this endpoint can serve as a payload for both POST and PUT endpoints.

SecurityApiKeyAuth
Request
path Parameters
id
required
string
Responses
200

OK

403

Forbidden. This error occurs when your organisation or user does not have access to a specific custom compliance standard.

Response samples
application/json
{
  • "data": {
    }
}

Delete Custom Compliance Standard

delete/compliance-standards/custom/{id}

This endpoint allows you to delete a custom compliance standard. This is a permanent action.

This endpoint is only available to ADMIN users.

SecurityApiKeyAuth
Request
path Parameters
id
required
string
Responses
200

OK

403

Forbidden. This error occurs when your organisation or user does not have access to a specific custom compliance standard.

409

Conflict. This error occurs when you try to delete the custom compliance standard that is used by existing report-configs.

Response samples
application/json
{
  • "meta": {
    }
}

Update Custom Compliance Standards

put/compliance-standards/custom/{id}

This endpoint allows you to update the custom compliance standard for your organisation by passing the custom compliance standard definition. Its structure is shown on the payload of the request body.

This endpoint is only available to ADMIN users.

SecurityApiKeyAuth
Request
path Parameters
id
required
string
Request Body schema: application/vnd.api+json
object (custom-compliance-standards-payload)
Responses
200

OK

400

Bad Request. This error likely occurs when there is syntax issues in your compliance standard.

403

Forbidden. This error occurs when your organisation or user does not have access to a specific custom compliance standard.

409

Conflict. This error occurs when you try to disable the custom compliance standard that is used by existing report-configs.

422

Unprocessable Entity

Request samples
application/vnd.api+json
{
  • "data": {
    }
}
Response samples
application/json
{
  • "data": {
    }
}