Trend Micro Cloud One™ – Conformity provides a number of tools to help organizations
quickly assess their infrastructure’s compliance posture against various compliance
standards and frameworks:
Compliance tools:
- Standard and Framework checks report - view how your organization’s infrastructure is tracking against rules filter by various Standards and Frameworks
- Compliance and Conformity Reports - view and download a report assessing how your cloud infrastructure security and governance posture is tracking against controls from various Standards and Frameworks.
- Compliance Excel Report - Downloadable Excel report of your infrastructure’s compliance posture.
- Compliance Score – health metric of your cloud infrastructure measured against Conformity’s entire 1,100+ rule set.
Supported Standards and Frameworks 
Cloud Conformity currently offers reports for the following standards and
frameworks. Each standard or framework is made up of controls that specify security
and governance requirements. Conformity rules are mapped to
these controls and the resulting checks can be
filtered to display only the rules relevant to a particular standard or
framework.
|
Standard or Framework
|
|||
|
AWS Well-Architected Framework
|
|
|
|
| Azure Well-Architected Framework |
|
|
|
| Google Cloud Architecture Framework |
|
|
|
| CIS Amazon Web Services Foundations Benchmark v4.0.1 |
|
|
|
| CIS Amazon Web Services Foundations Benchmark v5.0.0 |
|
|
|
| CIS Microsoft Azure Foundations Benchmark v2.1.0 |
|
|
|
| CIS Microsoft Azure Foundations Benchmark v3.0.0 |
|
|
|
| CIS Google Cloud Platform Foundation Benchmark v3.0.0 |
|
|
|
| CIS Google Cloud Platform Foundation Benchmark v4.0.0 |
|
|
|
| CIS Alibaba Cloud Foundation Benchmark v1.0.0 |
|
|
|
| CIS Alibaba Cloud Foundation Benchmark v2.0.0 |
|
|
|
| CIS Oracle Cloud Infrastructure Foundation Benchmark v3.0.0 |
|
|
|
| CIS Controls Version 8 |
|
|
|
| NIST 800-53 Rev4 |
|
|
|
| NIST 800-53 Rev5 |
|
|
|
| System and Organization Controls (SOC 2) Nov 2019 |
|
|
|
| NIST Cybersecurity Framework v1.1 |
|
|
|
| NIST Cybersecurity Framework v2.0 |
|
|
|
| ISO 27001:2013 |
|
|
|
| ISO 27001:2022 |
|
|
|
| AusGov ISM Sep 2024 |
|
|
|
| HIPAA Feb 2023 |
|
|
|
| HITRUST CSF v11.3.0 |
|
|
|
| ASAE 3150 Security of CDR Data |
|
|
|
| PCI DSS v3.2.1 |
|
|
|
| PCI DSS v4.0.1 |
|
|
|
| APRA CPS 234 |
|
|
|
| FEDRAMP Rev 4 |
|
|
|
| Monetary Authority of Singapore MAS-TRM 2021 |
|
|
|
| NIS 2 Directive v2 |
|
|
|
| FISC Security Guidelines V12 |
|
|
|
| LGPD (Brazil) |
|
|
|
| GDPR |
|
|
Standard and Framework checks report
- Open All checks report
- Select View by Rule or by Resource
- Expand Filter checks
-
Check a standard or framework in Standards & Frameworks.
For Example: Monetary Authority of Singapore
TRM
We currently support the following Standards & Framework filters:
- AWS Well-Architected Framework
- Azure Well-Architected Framework
- Google Cloud Architecture Framework
- CIS Amazon Web Services Foundations Benchmark v4.0.1
- CIS Amazon Web Services Foundations Benchmark v5.0.0
- CIS Microsoft Azure Foundations Benchmark v2.1.0
- CIS Microsoft Azure Foundations Benchmark v3.0.0
- CIS Google Cloud Platform Foundation Benchmark v3.0.0
- CIS Google Cloud Platform Foundation Benchmark v4.0.0
- CIS Alibaba Foundations Benchmark v1.0.0
- CIS Alibaba Foundations Benchmark v2.0.0
- CIS Oracle Cloud Infrastructure Foundation Benchmark v3.0.0
- CIS Controls Version 8
- System and Organization Controls (SOC 2) Nov 2019
- NIST Cybersecurity Framework v1.1
- NIST Cybersecurity Framework v2.0
- ISO 27001:2013
- ISO 27001:2022
- AusGov ISM Sep 2024
- HIPAA Feb 2023
- HITRUST CSF v11.3.0
- ASAE 3150 Security of CDR Data
- PCI DSS v3.2.1
- PCI DSS v4.0.1
- APRA CPS 234
- FEDRAMP Rev 4
- Monetary Authority of Singapore MAS-TRM 2021
- NIS 2 Directive v2
- FISC Security Guidelines V12
- LGPD (Brazil)
- Scroll down to the checks list, which will display the standard or framework selected. Click on a rule to see the check result (success or failure) against the rule for each resource. See Rules for more info.
-
[ Optional ] Download the result as a PDF or CSV report.
- Generate and download new Standard & Framework Checks results
- Click on Generate report
- Download previously generated reports from the history
- Expand Other reports from the Configured reports list
- Select either CSV or PDF format for the report
Note
Standard and Framework checks reports can also be downloaded from All Generated Reports list. To know more about standards in a particular Standard and Framework report, in most cases you will need to register with the standard from their website to be able to access a detailed PDF about the standards. - Generate and download new Standard & Framework Checks results
CIS Benchmarks
Not all recommendations from the CIS Benchmarks have been applied. Please refer
to the CIS website to access the free CIS Benchmarks PDFs for more detail on the
recommended settings.
Compliance Excel Report
A Compliance Excel Report is mapped in the same way as a Compliance & Conformity Reports however this report is available
in XLS format. Currently only supported for the following CIS AWS Foundations:
- CIS Amazon Web Services Foundations Benchmark
- CIS Microsoft Azure Foundations Benchmark
- CIS Google Cloud Platform Foundation Benchmark
- CIS Alibaba Cloud Foundation Benchmark
- CIS Oracle Cloud Infrastructure Foundation Benchmark
Example CIS AWS Foundations report
