What is a Compliance Standard?
A compliance standard groups together compliance checks. Compliance standards can align with established security frameworks. For example, you could have a NIST compliance standard containing compliance checks reviewing resources for alignment with NIST security guidelines.
If you build standards based on specific compliance frameworks, it is easy to quickly see if you are meeting the framework's requirements.
Compliance standards are applied to cloud rules, which are applied to OUs or projects. The compliance checks included in the standard are run against all resources within that OU or project.
Compliance in Kion is made up of three pieces: compliance standards, compliance checks, and compliance findings.
- Standards group together related checks to meet larger compliance goals, guidelines, or requirements.
- Checks contain definitions for compliance that findings are based on.
- Findings identify specific resources that are not compliant. Findings cannot exist without checks, because checks define what is and isn't compliant. A check questions if a resource is compliant, and a finding is the answer to that question.
- Take a look at our pre-made collections of compliance standards. All of these checks and standards come ready to be applied to resources. For more information, see Managed Resources & Compliance Jumpstarts.
- To create a compliance standard, see Add a Compliance Standard.
- To add compliance standards to a cloud rule and apply the cloud rule to resources, see Create a Cloud Rule.