Trend Micro Cloud One™ – Conformity provides a number of tools to help organizations quickly assess their infrastructure’s compliance posture against various compliance standards and frameworks:
Compliance tools:

Procedure

  1. Standard and Framework checks report - view how your organization’s infrastructure is tracking against rules filter by various Standards and Frameworks
  2. Compliance and Conformity Reports - view and download a report assessing how your cloud infrastructure security and governance posture is tracking against controls from various Standards and Frameworks.
  3. Compliance Excel Report - Downloadable Excel report of your infrastructure’s compliance posture.
  4. Compliance Score – health metric of your cloud infrastructure measured against Conformity’s entire 750+ rule set.

Supported Standards and Frameworks Parent topic

Cloud Conformity currently offers reports for the following standards and frameworks. Each standard or framework is made up of controls that specify security and governance requirements. Conformity rules are mapped to these controls and the resulting checks can be filtered to display only the rules relevant to a particular standard or framework.
Standard or Framework
AWS Well Architected Framework
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Azure Well Architected Framework
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Google Cloud Architecture Framework
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIST 800-53 (Rev.4)
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIST 800-53 (Rev.5)
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) AWS Foundations Benchmark v1.5.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) AWS Foundations Benchmark v2.0.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) AWS Foundations Benchmark v3.0.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Payment Card Industry Data Security Standard (PCI DSS) v4
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
General Data Protection Regulation (GDPR)
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Australian Prudential Regulation Authority (APRA) CPS 234
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
Monetary Authority of Singapore Technology Risk Management Guidelines (MAS TRM) 2021
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIST Cybersecurity Framework v1.1
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIST Cybersecurity Framework v2.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
System and Organization Controls (SOC 2)
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
ISO 27001 2013
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
AusGov ISM March 2021
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
AusGov ISM Sep 2024
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
ASAE 3150 Security of CDR Data
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
HITRUST CSF v11.3.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
FEDRAMP Rev4
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIS Europe OES-2019
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
NIS 2 Directive v2
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
FISC Security Guidelines v9
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
LGPD Brazil
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) GCP Foundations Benchmark v1.3.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) GCP Foundations Benchmark v2.0.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) GCP Foundations Benchmark v3.0.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.0.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.1.0
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
CIS Critical Security Controls Version 8
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
ISO 27001:2022
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png
check=c0ac712e-8485-46cf-ba14-b6043fb05ff6.png

Standard and Framework checks report Parent topic

Procedure

  1. Open All checks report
  2. Select View by Rule or by Resource
  3. Expand Filter checks
  4. Check a standard or framework in Standards & Frameworks. For Example: Monetary Authority of Singapore TRM
    We currently support the following Standards & Framework filters:
    • AWS Well Architected Framework
    • Azure Well Architected Framework
    • Google Cloud Architecture Framework
    • NIST 800-53 (Rev. 4)
    • NIST 800-53 (Rev. 5)
    • CIS Amazon Web Services Foundations Benchmark v1.5.0
    • CIS Amazon Web Services Foundations Benchmark v2.0.0
    • CIS Amazon Web Services Foundations Benchmark v3.0.0
    • CIS Microsoft Azure Foundations Benchmark v2.0.0
    • CIS Microsoft Azure Foundations Benchmark v2.1.0
    • CIS Google Cloud Platform Foundations Benchmark v1.3.0
    • CIS Google Cloud Platform Foundations Benchmark v2.0.0
    • CIS Google Cloud Platform Foundations Benchmark v3.0.0
    • CIS Critical Security Controls Version 8
    • PCI DSS v3.2.1
    • PCI DSS v4
    • HIPAA
    • ASAE 3150 Security of CDR Data
    • GDPR
    • APRA CPS 234
    • Monetary Authority of Singapore (MAS) TRM 2021
    • System and Organization Controls 2 (SOC2)
    • NIST Cyberscecurity Framework v1.1
    • NIST Cyberscecurity Framework v2.0
    • ISO 27001 2013
    • ISO 27001:2022
    • AusGov ISM March 2021
    • AusGov ISM Sep 2024
    • HITRUST CSF v11.3.0
    • FEDRAMP Rev 4
    • NIS Europe OES-2019
    • NIS 2 Directive v2
    • FISC Security Guidelines v9
    • LGPD (Brazil)
  5. Scroll down to the checks list, which will display the standard or framework selected. Click on a rule to see the check result (success or failure) against the rule for each resource. See Rules for more info.
  6. [ Optional ] Download the result as a PDF or CSV report.
    • Generate and download new Standard & Framework Checks results
      1. Click on Generate report
    • Download previously generated reports from the history
      1. Expand Other reports from the Configured reports list
      2. Select either CSV or PDF format for the report
    Note
    Note
    Standard and Framework checks reports can also be downloaded from All Generated Reports list. To know more about standards in a particular Standard and Framework report, in most cases you will need to register with the standard from their website to be able to access a detailed PDF about the standards.

Compliance Excel Report Parent topic

A Compliance Excel Report is mapped in the same way as a Compliance & Conformity Reports however this report is available in XLS format. Currently only supported for the following CIS AWS Foundations:
  • CIS Amazon Web Services Foundations Benchmark v1.5.0
  • CIS Amazon Web Services Foundations Benchmark v2.0.0
  • CIS Amazon Web Services Foundations Benchmark v3.0.0
  • CIS Microsoft Azure Foundations Benchmark v2.0.0
  • CIS Microsoft Azure Foundations Benchmark v2.1.0
  • CIS Google Cloud Platform Foundations Benchmark v1.3.0
  • CIS Google Cloud Platform Foundations Benchmark v2.0.0
  • CIS Google Cloud Platform Foundations Benchmark v3.0.0

Example CIS AWS Foundations report Parent topic

compliance-excel-report-gkb4tk=1710caba-8a99-4e97-a2f7-3e7c53e9821c.png