CoreStack has support for a growing list of Industry specific Regulatory Compliance standards and Industry benchmark standards necessary for modern corporations in various sectors. CoreStack is committed in bringing industry leading technology in cloud governance with the ease of use unrivaled in today’s complicated tech landscape.
Each Compliance standard contains various controls or rules which represents guideline to be implemented by the Organization for the resources to comply with.
Click on Compliance in the Left navigation menu and select Standards option to land in Compliance Controls screen.
The tabs at the top represent the scope of the standards. There are 2 tabs – Marketplace and My Standards.
CoreStack provides a wide range of Pre-defined standards which can help in achieving Compliance and Security standards. These are Pre-loaded for all subscriptions and can be executed on-demand or scheduled.
These standards are available across all tenants and are created by the Product Administrator. It is managed by CoreStack. In on-premises installations, it will be managed by the on-site administrator.
These standards can be created by end users. These standards would be visible only for users within the tenant. You can add more standards or edit/delete existing standards in this tab based on your role and access policies.
CoreStack offers search and filter functions to help quickly look for the standards you need. The Search bar is available just above the standards list and works based on the Name mapped to it. To Filter Standards, you can click on the Filter icon placed to the right end above the standards list. Filter by services and scope is available.
CoreStack also provides the option for users to create their own standards and control, which help them to assess their standards. The following steps need to be performed in the My Standards tab of the Compliance Controls screen to create a new standard.
A new compliance standard will be created and listed in the My Standards tab.
Note: If any control attribute needs to be added or deleted after the controls are loaded, then controls should be deleted along with created standard before a new control attribute is added.
You can manage the existing compliance standards in My Standards tab by using the below explained options.
You can perform the following operations in compliance standards.
Compliance controls are individual rules which are enforced by the organization. Each control can be created as required by individual auditing specification and needs. CoreStack by default provides few essential controls for each standard, these are essential controls which are required for any organization looking into getting a certification for the standard. Any additional controls can be created as need for a required scenario.
Note: To create a compliance control, the CoreStack user must have suitable role such as account_admin or ops_admin.
The following steps need to be performed to create and add control objectives to a compliance standard.
A new control will be created and listed in the Compliance Controls tab.
If the control created is automated type, suitable policies can be mapped to the controls from CoreStack polices. The New tenant created is only available in the tenant level, any custom policy created for the control should be available to the current tenant.
You can manage the existing control objectives by using the below explained options.
The controls which are not automatable are classified as manual type controls. CoreStack allows the end users to manually update the status of manual type controls.