Perimeters
  • ✨Getting Started
    • Overview
    • Quick Start
      • First Login
      • Connecting things up
        • Prioritize IdP Integration
        • Integrating Response & Automation Applications
        • Following Compliances
      • Extend your Coverage
        • Integrate Additional SaaS Services
        • Integrate Supported Shadow Applications
        • Close Some Issues
      • First Use
    • Making the most of Perimeters
  • 🚪Perimeters Portal
    • Dashboard
      • Use Cases
    • Inventory
      • Applications
      • Users
      • Shadow Applications
    • Rules
      • Use Case Issues
    • Threats
      • Rules
      • Event Activity
    • Compliance
      • Single Framework
    • Settings
      • Domain Management
      • Report
    • Account Settings
  • 🪢Connecting Perimeters
    • General Instructions
    • SaaS Applications
      • Atlassian Guard (Previously Access)
      • Bitbucket
      • BambooHR
      • Cisco Duo
      • Confluence
      • Datadog
      • DocuSign
      • Dropbox
      • EntraID
      • GitHub
      • Gitlab
      • Google Workspace (G Suite)
      • Hubspot
      • Intune
      • Jira Software
      • Microsoft 365
      • Monday
      • MongoDB (Atlas Mongo)
      • Okta
      • Sentry
      • OneLogin
      • OpenAI
      • Salesforce
      • ServiceNow
      • SharePoint
      • Slack
      • Teams
      • Trello
      • Zendesk
      • Zoom
    • Response & Automation
      • custom Email
      • eMail
      • Jira Software
      • Slack
      • Webhook
      • Splunk
      • Zendesk
  • Release Notes
    • June 2024
  • Additional
    • Glossary
    • FAQ
    • Support
Powered by GitBook
On this page
  1. Perimeters Portal

Compliance

The Compliance Screen is from where you can manage your compliance, see detailed compliance checks, and monitor and automate compliance.

Compliance with regulations and standards is crucial for businesses of all sizes for several reasons:

  • Security and Risk Management: Compliance frameworks often outline best practices for data security, access controls, and incident response. Following them helps mitigate security risks and protect sensitive information.

  • Customer Trust: Demonstrating compliance with relevant regulations builds trust with customers who know their data is being handled responsibly. This can be a significant competitive advantage.

  • Legal and Regulatory Avoidance: Non-compliance can lead to hefty fines, legal repercussions, and reputational damage.

Perimeters support all major compliance frameworks.

A few are detailed hereby:

  1. CIS Controls (Center for Internet Security)

  • Overseeing Organization: Center for Internet Security (CIS) - Non-profit organization

  • Focus/Applicability: CIS Controls are a recommended set of best practices for cybersecurity across various IT assets like servers, endpoints, and cloud environments. They are not official regulations but are widely adopted by organizations of all sizes.

  • Principles: CIS Controls are based on a defense-in-depth approach, focusing on prioritizing critical security controls to mitigate the most common cyber threats.

  1. SOC 2 (Service Organization Controls)

  • Overseeing Organization: American Institute of Certified Public Accountants (AICPA)

  • Focus/Applicability: SOC 2 is an auditing standard for service providers that store or process customer data. It focuses on internal controls related to security, availability, integrity, confidentiality, and privacy.

  • Principles: SOC 2 reports come in three trust service principles (TSPs): Security, Availability, and Confidentiality (or Privacy). Organizations can choose which principles to be audited for based on their specific services and customer requirements.

  1. HIPAA (Health Insurance Portability and Accountability Act)

  • Overseeing Organization: U.S. Department of Health and Human Services (HHS)

  • Focus/Applicability: HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses that handle the protected health information (PHI) of individuals.

  • Principles: HIPAA focuses on protecting the privacy, security, and integrity of PHI. It outlines requirements for administrative, physical, and technical safeguards to achieve these goals.

  1. GDPR (General Data Protection Regulation)

  • Overseeing Organization: European Union (EU)

  • Focus/Applicability: GDPR is a regulation that governs the processing of personal data of individuals residing in the European Economic Area (EEA). It applies to any organization processing this data, regardless of the organization's location.

  • Principles: GDPR emphasizes individual control over personal data. It outlines principles like transparency, accountability, and data subject rights (access, rectification, erasure, restriction of processing).

  1. ISO 27001:2022 (International Organization for Standardization)

  • Overseeing Organization: International Organization for Standardization (ISO)

  • Focus/Applicability: ISO 27001 is an information security management system (ISMS) standard that can be applied by any organization regardless of size or industry. It provides a framework for implementing and maintaining a comprehensive information security program.

  • Principles: ISO 27001 follows a risk-based approach, requiring organizations to identify information assets, assess security risks, implement controls, and continuously improve their ISMS.

  1. NIST SP 800 - 53

  • Overseeing Organization: National Institute of Standards and Technology (NIST) - U.S. Department of Commerce.

  • Focus/Applicability: NIST SP 800-53 provides a catalog of security and privacy controls designed to protect information systems and organizations. It is applicable to U.S. federal agencies, contractors, and organizations that handle government data, but it is also widely used in the private sector as a best-practice framework.

  • Principles: NIST SP 800-53 emphasizes a risk-based approach to cybersecurity, organizing controls into families (e.g., Access Control, Risk Assessment, Incident Response). Key principles include implementing multiple layers of security (defense-in-depth), continuous monitoring of risks and compliance, and tailoring controls to specific organizational needs (flexibility).

  1. CSA STAR (Cloud Security Alliance Security Trust Assurance and Risk)

  • Overseeing Organization: Cloud Security Alliance (CSA)

  • Focus/Applicability: CSA STAR is a certification and assurance program designed to address cloud security. It applies to cloud service providers (CSPs) and their customers, offering transparency and assurance of security practices in cloud environments.

  • Principles: CSA STAR emphasizes transparency by requiring CSPs to provide clear details about their security controls. It incorporates a three-level assurance model (self-assessment, third-party audit, and continuous monitoring), aligning with frameworks like ISO 27001 and the Cloud Controls Matrix (CCM). Additionally, it supports organizations in evaluating and managing cloud-related risks (risk management).

8. PCI DSS (Payment Card Industry Data Security Standard)

  • Overseeing Organization: Payment Card Industry Security Standards Council (PCI SSC)

  • Focus/Applicability: PCI DSS is a global standard that applies to all entities involved in storing, processing, or transmitting credit card information. It is designed to protect payment card data and prevent fraud.

  • Principles:

    PCI DSS focuses on protecting cardholder data through measures like encryption, masking, and tokenization (data protection). It emphasizes restricting access to sensitive data to authorized personnel (access control) and regularly monitoring and testing networks to detect vulnerabilities (monitoring and testing). Organizations must comply with stringent controls to ensure safe handling of payment data (compliance enforcement).

Compliance Landscape is the screen where you land after selecting compliance tab, here you can enable and disable compliance frameworks.

Each Compliance framework has it's own tile, by clicking follow you can follow a compliance framework.

It takes up to 3 minutes to calculate your compliance stats, by clicking see all on a tile you can see details about followed and selected compliance.

PreviousEvent ActivityNextSingle Framework

Last updated 1 month ago

🚪