Use compliance frameworks to track organizational responsibility in VMware Aria Automation for Secure Clouds

Compliance frameworks are a hierarchical collection of Control Groups and Controls. A rule is not owned by a framework as it may be associated with multiple controls across different frameworks.

Framework is the top level compliance collection. The framework name will appear on the Compliance dashboard and findings pages, and in filters used throughout the product.

Control Group is a grouping of technical controls in a framework. This is intended for you to organize your controls into common themes. For example: mandatory and suggested controls or access and auditing controls. A framework requires a minimum of one control group. Major frameworks typically consist of multiple control groups.

Controls are the point requirements that must be adhered to. This is the technical control that VMware Aria Automation for Secure Clouds can validate with rules. One or more controls may be assigned to a control group.

Rules are the policy checks that are running to validate and prove that you are adhering to a Control. A rule is not owned by the Framework as it can be associated to different controls in the organization.

Compliance lifecycle

VMware Aria Automation for Secure Clouds strives to stay current with the latest compliance framework revisions. New versions of supported frameworks are added to service a reasonable period of time after they are published. Given the frequency with which many frameworks are updated, VMware Aria Automation for Secure Clouds maintains a policy of supporting the latest two versions of a framework at any one time.

This means that when a new compliance framework revision is added, the version directly preceding it remains supported, but any earlier version is retired shortly after release.

To continue using a native compliance framework older than the two most recent versions, you must clone the framework before it is retired and continue to manage it as a custom framework for your team. Refer to the Clone a framework section of this guide for more details.

Supported frameworks

VMware Aria Automation for Secure Clouds supports the most recent two versions of any compliance framework at a given time. A new compliance framework begins receiving support for two versions at the time of its next version update.


AWS

Azure

GCP

Kubernetes

AICPA SOC 2 2017

CCPA 2018

CIS AWS Foundations Benchmark 1.5.0

CIS AWS Foundations Benchmark 1.4.0

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark 1.4.0

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark 1.3.0

CSA CCM 4.0.3

CSA CCM 3.0.1

EU GDPR 2016-679

FedRAMP

HITRUST CSF 9.5.0

ISO IEC 27001 2013

MITRE ATT&CK Cloud v12.0

MITRE ATT&CK Cloud v13.0

MITRE ATT&CK Containers v12.0

MITRE ATT&CK Containers v13.0

NIST CSF 1.1

NIST SP 800-53 r5

NIST SP 800-171 r1

PCI DSS 4.0

PCI DSS 3.2.1

US HIPAA 164 2017-10-01

AICPA SOC 2 2017

CCPA 2018

CIS Azure Foundations Benchmark 2.0.0

CIS Azure Foundations Benchmark 1.5.0

CIS Azure Kubernetes Service (AKS) Benchmark 1.4.0

CIS Azure Kubernetes Service (AKS) Benchmark 1.3.0

CSA CCM 4.0.3

CSA CCM 3.0.1

EU GDPR 2016-679

FedRAMP

HITRUST CSF 9.5.0

ISO IEC 27001 2013

MITRE ATT&CK Cloud v12.0

MITRE ATT&CK Cloud v13.0

MITRE ATT&CK Containers v12.0

MITRE ATT&CK Containers v13.0

NIST CSF 1.1

NIST SP 800-53 r5

NIST SP 800-171 r1

PCI DSS 4.0

PCI DSS 3.2.1

US HIPAA 164 2017-10-01

AICPA SOC 2 2017

CCPA 2018

CIS GCP Foundations Benchmark 2.0.0

CIS GCP Foundations Benchmark 1.3.0

CIS Google Kubernetes Engine (GKE) Benchmark 1.4.0

CIS Google Kubernetes Engine (GKE) Benchmark 1.1.0

CSA CCM 4.0.3

CSA CCM 3.0.1

EU GDPR 2016-679

FedRAMP

HITRUST CSF 9.5.0

ISO IEC 27001 2013

MITRE ATT&CK Cloud v12.0

MITRE ATT&CK Cloud v13.0

MITRE ATT&CK Containers v12.0

MITRE ATT&CK Containers v13.0

NIST CSF 1.1

NIST SP 800-53 r5

NIST SP 800-171 r1

PCI DSS 4.0

PCI DSS 3.2.1

US HIPAA 164 2017-10-01

AICPA SOC 2 2017

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark 1.0.1

CIS Azure Kubernetes Service (AKS) Benchmark 1.0.0

CIS Google Kubernetes Engine (GKE) Benchmark 1.1.0

CIS Google Kubernetes Engine (GKE) Benchmark 1.0.0

CIS Kubernetes V.125 Benchmark 1.7.1

CIS Kubernetes V.126 Benchmark 1.8.0

CSA CCM 4.0.3

CSA CCM 3.0.1

EU GDPR 2016-679

FedRAMP

ISO IEC 27001 2013

MITRE ATT&CK Cloud v12.0

MITRE ATT&CK Cloud v13.0

MITRE ATT&CK Containers v12.0

MITRE ATT&CK Containers v13.0

NIST CSF 1.1

NIST SP 800-53 r5

NIST SP 800-171 r1

PCI DSS 4.0

PCI DSS 3.2.1







Managing compliance frameworks

To learn more about how to manage the native compliance frameworks relevant to your business (or create your own!), read the Compliance framework management section of this guide.

check-circle-line exclamation-circle-line close-line
Scroll to top icon