Compliance Settings


Compliance Settings

Settings > System Settings > Application Settings > Compliance

Severity Weights

Customize the weight given to compliance severity levels for determining your compliance score. Adjusting severity weights helps Kion create a compliance score that is accurate to your unique compliance goals and chosen industry metrics.

Compliance scores are values that indicate the total weight of all findings for non-compliant checks. This gives you a quick way to evaluate which resources most urgently need your attention to restore compliance. A lower score is better, and a score of 0 means no compliance issues.

When setting severity weights, their values must be between 0 – 100, with critical being the highest and informational being the lowest. If a severity rating is set to 0, findings with that severity rating will not impact your compliance score.

For more information about compliance scores, see Compliance Score.

Compliance Resource Cache Timeout

Customize how long your cloud compliance details are cached. This feature improves compliance scan performance by caching details that are unlikely to change more frequently than once an hour. This prevents compliance scans from backing up in large environments. In most cases, this results in more up-to-date information, as scans can complete more frequently.

Because caching details means some compliance findings can become stale over the length of the configured period, you can choose to exclude critical severity checks from the compliance resource cache. This ensures that critical findings are always current.

POST Token Life

Customize the POST token life for compliance webhooks. This sets the amount of time allowed to execute your Cloud Custodian compliance policies.

If you have compliance scans that take longer than an hour to run, a token set to one hour would expire before the scan completes, and the results wouldn't successfully POST within the API. This means that any compliance issues in that scan wouldn't be registered and the findings wouldn't appear in your compliance overview. To ensure these long-running scans are captured, you can increase the compliance POST token life to a maximum value of four hours.

The default value for the compliance token life is one hour, which is sufficient for most setups and follows best practices by limiting the token life.