Compliance Resources, Templates and Reports
under review
J
Josh
We would like the platform to include industry-standard security compliance templates that can be used to assess and verify whether a client is complying with common security standards such as:
- HIPAA (Health Insurance Portability and Accountability Act)
- GDPR (General Data Protection Regulation)
- SOC 2 (System and Organization Controls)
- PCI-DSS (Payment Card Industry Data Security Standard)
- ISO 27001 (Information Security Management System)
- NIST CSF (National Institute of Standards and Technology Cybersecurity Framework)
- CIS Controls (Center for Internet Security)
These templates should allow for a checklist-style audit or compliance assessment where the platform can automatically compare a client’s environment against the necessary security requirements for each framework.
We also need a feature that allows us to check and monitor compliance in real-time or through periodic assessments. This should involve:
- An easy-to-read dashboard or portal view where we can quickly see if a client is in compliance or if there are any gaps.
- The ability to track and alert when a client falls out of compliance or needs an update (e.g., outdated encryption, insufficient data protection measures, etc.).
- Automated reminders and alerts for upcoming compliance deadlines, audits, or renewals.
It would also be incredibly helpful to generate a professional, high-level executive report on a client’s security compliance status. This report should include:
- An overview of compliance with industry standards.
- A summary of security gaps or issues preventing full compliance.
- Risk assessment and priority actions required to close any gaps.
- Visual elements (e.g., graphs, risk heatmaps, compliance scores) to make the report more digestible for business decision-makers.
- A clear executive summary with high-level insights that are suitable for stakeholders without technical expertise.
- We would greatly appreciate the ability to generate these reports at the click of a button and have them available in a polished, client-friendly format (PDF or similar).
CyberStrategy1
Please add CMMC, NIST 800-171, MITRE ATT&CK Framework, consistent with the CNAPP cloud implementation.
This is inline with this concept: [CODEV-8935] MITRE ATT&CK Visibility that is supposedly "In-Progress"
Umut
under review
Hi Josh
Thank you for the detailed suggestion.
At this time, we do not have a feature like this on our roadmap. However, we will evaluate the request for future consideration.
Best Regards.
CyberStrategy1
Umut This would be very helpful, as a huge pain point for clients is reporting their compliance state to insurrance and proving to their boards and executives their overall risk scores. Its vital that we present this type of information on demand as well as in intervals that support the organizations vision and mission. I have added other visuals in other submissions.