Compliance Framework
Introduction
The Compliance Framework is a structured collection of controls and metadata, defined in YAML format.
Controls are organized in Control Groups within the framework similar to folders. Each Control Group can contain subgroups or individual Controls (similar to files) that specify specific compliance requirements.
Below is a visual representation of the Compliance Framework’s structure:
This hierarchical organization enhances readability, enables clear categorization, simplifies compliance management across teams, facilitates the correlation of audit findings, and ensures accessibility for users from diverse backgrounds.
Key Features
Auditable Perform scheduled or manual audits for flexible compliance monitoring. Audit VMs, PaaS, and GitHub repositories, generating detailed reports to effectively assess compliance status.
Avoid Coverage Gaps Automatically assign Compliance Frameworks to workloads based on conditions to ensure comprehensive coverage.
Vendor-Agnostic Define Compliance Frameworks that span multiple platforms and vendors.
Compliance as Code Manage your Frameworks using Git for version control and collaboration.
Reusable Reuse Control Groups across frameworks to reduce redundancy by referencing existing groups with an "id."
Last updated