Skip to main content

Benchmarks

Clicking on a benchmark opens the detailed Benchmark View, which shows the status of various security controls and their compliance with the selected framework.

Benchmark View

Control list

On the left side, you see a list of control categories that have been checked, organized by sections of the benchmark. Each section is marked with an icon indicating its status.

Benchmark details

On the right side, you see details about the benchmark, including the framework name (e.g., ISO 27001), version, and a brief description of the standard. Below this, a summary shows the number of checks that have failed out of the total checks performed.

Failing checks

The table lists the failing checks with details such as severity, the number of failing resources, and the specific check name. This section allows you to identify which controls need attention and remediation to improve your compliance status.

Control details

When you open a section on the left and click on a specific control, detailed information about that control, as well as the affected resources, is displayed.

Benchmark Details

Control information

On the top of the right side, you see detailed information about the selected control. This includes:

  • Control Name: The specific control being examined, e.g., "Ensure All AWS RDS Cluster and Instance Snapshots Are Encrypted."
  • Description: An explanation of the control, defining its purpose and the rules for effective cryptography, such as using key management to secure data during storage and transmission.
  • Link to Inventory: The "Inspect Detection Search in Inventory" button takes you to the Inventory screen, using the same search this control uses to identify affected resources.

Why does it matter?

This section explains the importance of the control. For instance, it might highlight the risks associated with unencrypted RDS snapshots, such as potential data breaches, financial loss, and reputational damage if sensitive data is intercepted or accessed by unauthorized parties.

How to fix

Provides practical guidance on how to address the issue. For example, it may suggest encrypting all existing and future RDS snapshots using AWS Key Management Service (KMS) keys and creating new snapshots with encryption enabled for existing unencrypted snapshots.

Affected resources

This table lists the resources impacted by the failing control. Clicking on a resource opens the Resource View, where you can see more details about the resource and its connections to other resources in your cloud environment.

Resource View

Clicking on an affected resource in the Benchmark Control Details opens the Resource View, providing in-depth information about the selected resource.

Benchmark Resource

This view is identical to the Inventory Resource View, with the same sections for Basic Information, Tags, Resource Details, Security Issues, and Changes.