What is a Finding?
A compliance finding identifies a cloud resource that is non-compliant with an assigned compliance check. There are a few different types of findings:
- Active Findings. Active findings have identified cloud resources that are non-compliant and that have not had any action taken to bring them into compliance.
- Suppressed Findings. Suppressed findings are excluded from future scans. For example, you may have a check that looks for public S3 buckets, but you might suppress findings for a specific bucket because it contains data that is designed for public consumption.
- Archived Findings. Archived findings have been acknowledged and marked as remediated.
Compliance in Kion is made up of three pieces: compliance findings, compliance checks, and compliance standards.
- Findings identify specific resources that are not compliant. Findings cannot exist without checks, because checks define what is and isn't compliant. A check questions if a resource is compliant, and a finding is the answer to that question.
- Checks contain definitions for compliance that findings are based on.
- Standards group together related checks to meet larger compliance goals, guidelines, or requirements.