Compliance

The compliance view provides a structured overview of the status and measures to ensure system hardening in order to meet security and regulatory standards. It helps to identify vulnerabilities, minimize risks and comply with legal standards.

Dashboard

Under Dashboard, you will find the most important findings relating to your compliance topics at a glance. Get a quick insight into hosts in particular need of attention as well as scoring and compliance levels relating to hardenings and checklists.

Automatic System Hardening

Compliance checks can be defined, automated and rolled out globally with just a few clicks. This means that your security policies are always up to date, even for newly created hosts.

Thanks to ready-made checklists, you can flexibly adapt your security standard. The platform supports you in adhering to ISO and compliance requirements. All hardening processes are fully automated.

Select the checklists you want to import. Click on the corresponding button and choose from a large number of ready-made checklists.

Checklists

You can predefine your own scripts to detect and rectify security vulnerabilities - without any manual effort. To do this, click on the Add checklist button in the view.

Add Checklists

1. Provide a name and a brief description.

2. Decide whether the policy should be actively applied.

3. Select assigned controls and/or choose applicable Tags.

4. Optionally, choose automatic rollout. Only the controls specified here will be automatically deployed to the references defined in the following.

1. In the last step, you can define assigned hosts for which the settings should apply by specifying the host or tag directly.

2. Add your configuration by clicking on Add checklist.

Audits

Under Audits, you can see at any time whether a check has been successfully completed or whether it is still pending. You can use the filter options and free text search to find specific entries. Thanks to the combination of automatic checks, dynamic checklist management and flexible audits, the compliance module ensures that your company continuously meets the highest security standards - with minimal administrative effort.

Select entries from the platform and apply them manually using the corresponding button.

Organizational system hardening

Organizational system hardening focuses on the non-technical guidelines and processes within your organization that contribute to the security of your IT infrastructure. In particular, this involves the management of systems and organizational processes that cannot be managed automatically via the platform, but above all require human intervention. This approach ensures that everyone involved follows the correct security guidelines and that compliance issues, such as those within ISO 27001, can be documented and monitored.

Checklists

Checklists are a practical tool for ensuring that all safety-related measures are implemented systematically and in full. They provide a clear structure and make it possible to track and check all the necessary steps. As no managed checklists are used, they can be flexibly adapted to your individual needs.

Create checklists

With the Add checklist function, you can use checklists you have created yourself to effectively control and monitor your IT security processes.

1. Assign a name and a brief description.

2. Then determine if the policy should be actively applied.

3. Next, select appropriate assigned controls from the dropdown list and/or by Tags. Also, you have the option to define excluded controls and Tags.

4. In the final step, you can specify assigned hosts by providing a direct host or tag specification for which the settings should apply. You also have the option to define exceptions here.

5. Add your configuration by clicking on Add Checklist.

Audits

As part of organizational system hardening, audits offer an effective way of monitoring the security standards of your systems. You receive a clear overview of all audits containing important information such as severity level, affected controls, hosts, responsible persons, auditors and the risk value. This allows you to keep track of the status of your security measures at all times.

By simply selecting one or more entries using the checkbox, you can select specific audits and specify the status of all selected controls by clicking on the “Audit” button. Use this to quickly document several controls as fulfilled and add comments or a link if required.

Controls

Controls are important security mechanisms that are implemented in your organization to meet specific security requirements. They help to minimize risks and ensure compliance with security guidelines.

Create controls

You can create controls in the platform to systematically monitor and manage the requirements of your security strategy. Each control is an important building block for securing your IT infrastructure and enables a clear assignment of responsibilities.

Click on the Add control button to create a new control.

1. Enter a descriptive Name and a brief Description for the control to clearly define its purpose and function.

2. Set the Severity of the control. This is important to determine the risk score and set priorities for remediation.

3. Link Tags to effectively categorize the controls.

4. Define a Test Text that describes how the control will be tested and how compliance can be verified. This ensures clear and traceable verification processes.

5. Provide clear Guidelines on how to remediate the control in case of non-compliance, so all parties know how to proceed.

6. Assign a default Responsible Party (technical or subject matter expert responsible for the host) and a Deputy, who will assume responsibility in case of absence.

7. Secure your configuration by clicking Save Changes.