Requesting Compliance Finding Suppression


Requesting Compliance Finding Suppression

You can request suppression of a compliance finding found in an OU/project that you work on. You can request that the finding be suppressed for a specific time frame or indefinitely.

For example, you may have a check that looks for public S3 buckets, but you might want to suppress findings for a specific bucket, because it contains data that is designed for public consumption. Directly suppressing a finding requires ownership of the OU/project where it was found, so, if you are not an owner, you would request a suppression instead.

For more information about compliance findings, see What is a Finding?

Compliance checks added by our compliance jumpstarts may not have assigned owners. Suppression requests for these checks will go to users with Global_Manage_Compliance permissions. If you would like to send requests for any of these checks to specific people, you can add them as owners of the check. For information on adding owners to compliance checks, see Managing Compliance Checks.

Requesting that a Compliance Finding be Suppressed

  1. Navigate to the OU or project's details page by clicking on its name on the All OUs or All Projects page.
  2. Select the Compliance.
  3. On the Findings card, click View All.
  4. Click the ellipsis menu next to the finding you want to suppress and select Request Suppression. If this is not an option, you may not have the necessary permissions for this action.
  5. (Optional) Enter a comment for the request.
  6. (Optional) Configure a Suppression Timeout time frame. Once the time frame elapses, the finding will start showing in compliance scan results again if it has not been addressed.
  7. Click OK.

Your request is sent to owners the OU/project for review.

Checking a Compliance Finding Suppression Request

  1. Click Requests > My Initiated Requests
  2. In the Request Typedropdown menu, select Compliance Finding Suppression

Canceling a Compliance Finding Suppression Request

  1. Click Requests > My Initiated Requests
  2. In the Request Type dropdown menu, select Compliance Finding Suppression
  3. Click the ellipsis menu button next to the status and select Cancel Request .
  4. Enter a reason for the cancellation.
  5. Click Cancel Request to confirm.