Compliance [Beta]

The Compliance module in Sysdig Secure comprises a validator tool that checks selected controls from various compliance standards, and the reports it compiles. The first release provides checks against specific controls in PCI 3.2. Future releases will include SOC2, NIST-800-53, and more.

The validator checks many Sysdig Secure features, including image scanning policies, Falco runtime policies and rules, scheduled benchmark testing, and more. Over time we will add new compliance coverage.

Disclaimer: Sysdig cannot check all controls within a framework, such as those related to physical security.

Note

This feature is a beta release. A Sysdig Secure admin must enable it from the Sysdig Labs interface under Settings.

labs.png

Use Compliance Reports

Access the Compliance Module

  1. Sysdig Secure admin: Enable the feature under Settings > Sysdig Labs.

  2. Click the Compliance icon in the left-hand navigation.

Review a Report

Each of the standards controls is checked when you visit the Compliance page and it always shows the current state in your environment.

compliance_1.png

Compliance Report Summary

The top section of the page presents the compliance report summary, with the Pass|Fail summary data.

  • Pass %: Total percentage of all available checks that have passed

  • Passed: Total number of controls implemented that Sysdig was able to validate

  • Failed: Total number of controls not implemented that Sysdig was able to validate

  • Unchecked: Total number of controls that Sysdig configured to check but unable to validate (i.e. unavailable API at the time of validation)

  • Total Controls: Total number of controls Sysdig is configured to check

Control Report and Common Fixes

The controls are grouped together under collapsable sections of “control families."

compliance_2.png

Open them to see each control description with a link to either the:

  • Proof: Link to the implemented Sysdig feature that permitted the control to pass, or the

  • Remediation: Link to the Sysdig feature that must be implemented to pass a check within the control

The Rationale is the reason an implemented Sysdig feature will pass a check within the control.

The Common Fixes section on the left consolidates the links for enabling Sysdig features in order to pass the control checks.

Reference: PCI Controls Implemented

The PCI Quick Reference describes the full range of controls required to pass a PCI 3.2 audit. In this release, Sysdig Secure will check the following subset:

1.1.2

Current Network Diagram

1.1.3

Diagram Data flow

1.1.6.b

Identify insecure services, protocols, and ports allowed

2.2

Configuration standards: CIS, ISO, SANS, NIST

2.2.1

One function per server isolation

2.2.2

Enable only necessary services, protocols, daemons

2.2.a

System Configuration Standards

2.4

Inventory of system components

2.6

Shared hosting isolation protection

4.1

Encrypt transmission of cardholder data across open, public networks

6.1

Identify security vulnerabilities with ranking

6.2

Install Vendor Security Patches

6.4.2

Separation development/test/production

6.5.1

Inspect flaws like SQL Injection and others

6.5.6

High-risk Vulnerabilities

6.5.8

Improper Access Control

7.1.2

Restrict access to privileged user IDS

7.2.3

Default deny-all setting

10.1

Implement audit trails to link access to each individual user

10.2

Implement automatic audit trails to reconstruct events

10.2.1

All individual user access to cardholder data

10.2.2

All actions taken by any individual with root or administrative privileges

10.2.3

Access to all audit trails

10.2.6

Init, stop, or pausing logs

10.2.7

Creation and deletion of system-level objects

10.3

Record audit trail for events

10.5.5

Logs cannot be changed

10.6.1

Daily review of all security events

11.4

Network intrusion detection/prevention to monitor traffic

11.5.a

Monitor change detection

11.5.b

Respond to alerts of change detection