Compliance Management

Welcome to our in-depth guide on the Compliance Management module, a key feature of our cybersecurity software platform. This module aids organizations in achieving and maintaining compliance across various industry-specific regulations. By accommodating a multitude of standards, our Compliance Management module provides a holistic view of your organization’s regulatory compliance status.

Each standard is categorized. By default, the categories available are:

• Account Management
• Device Activity
• Application Audit
• Alerts and Incidents

Each standard has its dedicated section.

For example, if you wish to monitor the Office 365 Account Activity regarding successful logins, you can navigate to the relevant category. Upon selecting it, you’ll receive a detailed description of the report and the compliance standards it addresses.

Supported Compliance Standards

Compliance with the latest regulations often requires generating reports for internal use and auditors. UTMStack simplifies compliance management by combining essential security tools into a single database and providing several built-in reports and interactive dashboards. It is reinforced by an event and logs explorer for advanced analysis and a report/dashboard builder that helps visualize and display data.

1. Health Insurance Portability and Accountability Act (HIPAA)

Security management process and audit controls report include accounts validation, relevant security alerts, login reports, relevant windows events, file and system access, cloud reports (Azure, AWS), Office365 threat Intelligence, account validations, firewall relevant activity, relevant system statistics, unsuccessful logon, privilege escalation.

2. General Data Protection Regulation (GDPR)

Logon Activity, Logon failure, vulnerability report, potential data exposure, relevant Security alerts, data retention, and potential data privacy compromises.

3. Gramm-Leach-Bliley Act (GLBA)

§§6801(b)(3) Successful Login / Logoff, §§6801(b)(1) File Access, §§6801(b)(2) Policy Changes in Active Directory, §§6801(b)(2) New and enabled user Accounts in Active Directory, §§501B(2)(3) GLBA Login section

4. System and Organization Controls 2 (SOC 2)

SOC 2 report focuses on a business’s non-financial reporting controls relating to security, availability, processing integrity, confidentiality, and privacy of a system. The software provides essential reports aligned with the Control Criteria (CC) of SOC 2 to facilitate the achievement and maintenance of SOC 2 compliance.

5. Federal Information Security Management Act (FISMA)

FISMA is a U.S. federal law that mandates federal agencies to develop, document, and implement an information security and protection program. The module provides pre-defined reports monitoring compliance with FISMA’s crucial sections.

6. Cybersecurity Maturity Model Certification (CMMC)

CMMC certification is a requirement for businesses bidding on U.S. Government contracts. The CMMC section within the module provides reports specifically designed to monitor compliance with different CMMC Levels.

7. Payment Card Industry Data Security Standard (PCI-DSS)

PCI-DSS is a set of standards for managing and securing credit card-related personal data. The PCI-DSS section in the Compliance Management module provides reports aligned with specific PCI requirements, ensuring that your credit card data processing activities remain within the bounds of PCI-DSS standards.

Export a Report

Upon accessing the Platform Menu, you’ll find the Compliance submenu. Here, you can choose to either create a new compliance report or delve into various compliance standard dashboards.

By selecting a standard, you’ll be directed to the Compliance Template Section. This is where you decide which report to export.

Upon clicking on a report, you’ll be presented with an overview, options to modify the date range, and the capability to generate a PDF using a professionally designed template available on the platform.

Comprehensive Compliance Management

Beyond the features described above, the Compliance Management Dashboard—located in the application management section—grants complete control over compliance standards. You’re equipped to edit, remove, or append sections and reports to meet specific needs.

Add Standard

Understanding that each organization has unique compliance requisites, our module is engineered for flexibility. It allows the addition of new compliance standards aligning with specific business needs.

To introduce a new standard, proceed to the Compliance Management section. Here, the ‘Add Standard’ button will guide you through a straightforward interface for detailing the new standard.

Adding Reports

We appreciate the importance of detailed reporting for each compliance standard. Our module thus empowers you to supplement new reports to an existing compliance standard.

To do this, pick the preferred standard and section to which the report should belong. Next, select from a list of existing report dashboards to incorporate into your chosen compliance segment. This ensures thorough coverage of all regulatory facets.

Import/Export

Acknowledging the need for system interoperability, the Compliance Management module boasts a robust import/export function. This tool aids in the proficient handling and transfer of compliance data.

To export the prevailing compliance information, a comprehensive JSON file is produced, encapsulating all essentials of your standards, sections, and reports. By utilizing the ‘Export All’ button, a complete portrayal of your compliance configuration is readily compiled, ensuring data integrity.

For importing, should there be a necessity to infuse the module with compliance data from an alternative system, the ‘Import All’ button facilitates this. Simply upload the corresponding JSON file, and the module will fluidly merge the data, aligning with your prior system’s setup.