Manage and edit compliance frameworks in CloudHealth Secure State

To review the available compliance frameworks, go to Dashboard > Compliance. Here you can see all of the native frameworks that CloudHealth Secure State manages. A framework has two states, published and unpublished. By publishing a framework, it will be visible in the platform, on the compliance dashboard, and as a filter option. Unpublishing the framework will remove it from the compliance dashboard and the filter panel. This option is used to toggle whether a compliance framework is assessed for your environment.

To change the state of a framework:

  1. Navigate to the compliance list page, Governance > Compliance.
  2. Identify the framework and toggle the slider in the publish column.

publish framework

Associating custom rules to native frameworks

To preserve accuracy and consistency of a CHSS-defined compliance framework, we do not allow changing of native frameworks, control groups, and control settings. However, you can add custom rules to a native framework by associating custom rules that you have created to a native control. This table shows when rules and controls can be associated.

rule association table

To associate a rule to a control:

Note: You must first create a custom rule before proceeding.

  1. Navigate to Governance > Compliance and then choose the compliance framework you want to extend.
  2. Click on the Control tab and choose a control that you intend to associate with a custom rule.
  3. Click on the Rule tab and click Associate Rule.
  4. Select the rule from the list.

associate rule

After the rule is associated to the control, you can edit its properties by clicking on the rule and selecting Options, then Edit.

Create a custom framework

Before creating a custom framework, begin by creating an outline of the controls you plan to have in place and how you plan to group similar controls. This is the best way to add compliance frameworks that are relevant to your business but not natively supported by CloudHealth Secure State. Once you have created a custom framework, you can filter the various views and reports to display only the information about the rules you have associated with it. You should document this in an internal wiki or other document that can be linked to when creating a framework as a reference.

Here is an example of a custom framework based on a specific service:

custom framework

  1. Navigate to Governance > Compliance.
  2. Start by clicking on Create Framework and walk through the wizard. Now click on framework you just created and click Control groups in the sub-menu.
  3. Click Add Control Group and walk through the form.
  4. Choose the control group you created and click Controls.
  5. Click Add Control and walk through the wizard.
  6. Choose the control you created and click Rules.
  7. Click Associate Rule and select the rules that you would like to associate to this control. You can choose either native or custom rules you have created.

Repeat these steps for all control groups and controls you have identified. You are allowed up to 50 control groups and 1100 controls per custom framework, and 20 custom frameworks total. You can request increases on these limits if necessary.

Any findings for rules associated with your framework are part of the compliance assessment for the framework.

Edit a custom framework

You can edit the properties for a custom framework and its individual controls groups or controls from the details pages for each respective area. Note that you can edit only one custom framework, control group, or control at a time.

  • To edit a custom framework, click the checkbox next to it in the Governance > Compliance page and select Edit Framework.
  • To edit a control group, click on a custom framework, then click the checkbox next to the desired control group and click Edit Control Group.
  • To edit a control, click on a control group, then click the checkbox next to the desired control and click Edit Control.

Clone a framework

You can also clone an existing native or custom framework if you would like to use it as a template for another framework you're developing for your company. The process is simple and streamlined for user convenience.

  1. Navigate to Governance > Compliance.
  2. Choose the framework you would like to clone.
  3. Click on Clone Framework and walk through the wizard.
  4. Edit the Name, Author, and Version fields as necessary (other fields are optional).
  5. Click on Clone.

You should now have a copy of the selected framework with the attributes you entered, along with copies of all the control groups and controls associated with the framework. Modify them further as necessary to fit the needs of your organization.

View framework changes

Any update to a native or custom framework, its control groups, and its controls are recorded under the Change Log tab for each area, along with the user that made the update and the time the update occurred at.

Framework change log

compliance changelog

Control group change log

control group changelog

Control change log

control changelog

Review the change log to keep track any changes your team makes to custom frameworks you may have.

Using the Compliance API

Compliance is a component of the Rules API.  A reference guide to using the rules API can be found at https://docs.securestate.vmware.com/api/rules-api/

You can write and test the API calls on a local machine with your tool of choice or try out our swagger documentation at https://api.securestate.vmware.com/rules.

check-circle-line exclamation-circle-line close-line
Scroll to top icon