Compliance Assessments Dashboard - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

The Compliance Assessment dashboard helps customers better understand how the issues on their external network impact compliance controls.

Note

Not all policies are mapped to the compliance frameworks as they are released. Cortex Xpanse continues to update the mapping as frequently as possible in order to ensure the dashboard is up to date based on the latest policies released in the platform.

The Compliance Assessment dashboard takes a compliance-focused lens and applies it to the Issues policies in Cortex Xpanse, so customers can better understand how the issues on their external network impact compliance controls.

Currently available assessments:

  • NIST 800-53

  • NIST 800-171

  • CMMC L1-L5

Cortex Xpanse worked with its internal subject matter experts as well as third party experts to develop these mappings against our policies assuming that all assets have been inventoried already. The mapping focuses on which policies may need to be reviewed which could have led to a given service or issue being exposed to the Internet. On the summary tab, a reviewer may notice similar sets of detections for all issues. This is intentional as more information gathering and investigation via a security impact analysis (SIA) should be conducted to rule out the worst case scenario. As part of your investigation via the SIA, give consideration for each control in each framework that is mapped as applicable to your security and compliance objectives.