Table of contents

Compliance Reports

Location

Main Dashboard > Select {Account} or {All Accounts} or {Group} > Browse all checks > View by Standard or Framework > Select {Standard or Framework}

The Compliance and Conformity Report scores your cloud infrastructure as PASS or FAIL for each control within supported Standards and Frameworks.

  • All controls are organized into sections and headers that map to those within the Standards and Frameworks itself as set by the standard or framework authority.
  • The report comes with % pass and % fail scores based on the total checks that have passed and failed for Trend Micro Cloud One™ – Conformity rules mapped to the standard or framework controls.
  • Using the report, you can get an instant assessment of your organization’s cloud infrastructure compliance, and accordingly, take remediation measures to improve compliance levels, thereby potentially avoiding non-compliance reactive fixes and expenditures.

What is a control?

A control is the passable element of a standard or framework that can be determined to PASS, FAIL, or be otherwise assessed.

How is PASS or FAIL determined for each control?

Each Conformity rule that is applicable to control within the selected standard or framework is run against your selected account(s) and Checks are sent back and totaled as PASS or FAIL for each control.

Supported Standards and Frameworks:

  1. AWS Well-Architected Framework
  2. Azure Well Architected Framework
  3. Google Cloud Architecture Framework
  4. NIST 800-53 (Rev.4)
  5. NIST 800-53 (Rev.5)
  6. The Center of Internet Security (CIS) AWS Foundations Benchmark v1.5.0
  7. The Center of Internet Security (CIS) AWS Foundations Benchmark v2.0.0
  8. The Center of Internet Security (CIS) AWS Foundations Benchmark v3.0.0
  9. PCI DSS v3.2.1
  10. PCI DSS v4
  11. HIPAA Feb 2023
  12. GDPR
  13. APRA CPS 234
  14. Monetary Authority of Singapore MAS-TRM 2021
  15. NIST Cybersecurity Framework v1.1
  16. NIST Cybersecurity Framework v2.0
  17. System and Organization Controls 2 (SOC 2)
  18. ISO 27001 2013
  19. ISO 27001:2022
  20. AusGov ISM 2021
  21. ASAE 3150 Security of CDR Data
  22. HITRUST CSF v9.3
  23. FEDRAMP Rev4
  24. NIS Europe OES-2019
  25. FISC Security Guidelines v9
  26. LGPD Brazil
  27. The Center of Internet Security (CIS) GCP Foundations Benchmark v1.3.0
  28. The Center of Internet Security (CIS) GCP Foundations Benchmark v2.0.0
  29. The Center of Internet Security (CIS) GCP Foundations Benchmark v3.0.0
  30. The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.0.0
  31. The Center of Internet Security (CIS) Microsoft Azure Foundations Benchmark v2.1.0
  32. CIS Critical Security Controls Version 8
  33. NIS 2 Directive v2

User Access

User Role Can Access
Administrator
Power User
Custom - Full Access
Read Only
Custom - Read Only

Compliance and Conformity Report Layout

In the Compliance and Conformity Report, the grouping of the controls is defined by the control family. Conformity interprets the standards and frameworks and map rules to each control and control family. Each rule has a pre-existing category assigned to it based on an assessment of which pillar of the AWS Well-Architected framework a rule belongs to. These pillars may or may not align with the categorizations used by a framework or standard Conformity audits against.



Improve your organization's compliance

Clicking on the Resolve button against the failed Checks will direct you to the related rule and remediation steps on the Conformity Knowledge Base, which provides a step-by-step guide on how to resolve the failure.

You also have the following options on clicking the expand button on a rule:

  1. Send rule to
  2. Configure rule
  3. Suppress
  4. Create tickets depending on communication channels configured

Customize and Download your Compliance and Conformity Report

  1. You can create customized views of the rules and checks on your All accounts, Individual accounts, or Groups using filters.

    • Some controls might return 0 checks i.e. 0 under Total Counts columns because
      • You have selected a filter that excludes services, rules, or checks that map to that specific control
      • Or, you do not have access to applicable services for rules within the control
      • Or controls that aren't applicable to cloud infrastructure or immeasurable by Conformity will not have any rules
  2. Download the report result

    1. Click on Generate report to generate and download Compliance and Conformity report


  3. Download previously generated reports from the history

    1. Click to expand Other reports from the Configured reports list
    2. Select either CSV or PDF format to download

    Compliance and Conformity Reports can also be downloaded from_ the All Generated Reports list