Articles on: Compliance

Compliance Page

The compliance page allows you to monitor and manage your organization's compliance status across multiple targets in one place. It provides an overview of various compliance standards (e.g., SOC 2, PCI-DSS, ISO 27001, GDPR, HIPAA, OWASP 2021) and displays any vulnerabilities affecting your compliance.




What are the different compliance standards Astra complies with?





SOC2: SOC 2 (System and Organization Controls 2) compliance is a critical framework for managing customer data. It is based on five key "trust service principles": security, availability, processing integrity, confidentiality, and privacy. This framework ensures that a company's systems are secure and that sensitive information is handled appropriately.

By complying to SOC 2 standards, companies can demonstrate their commitment to protecting customer data, reassuring clients and stakeholders of their dedication to maintaining high standards of data security and privacy. SOC 2 reports are commonly used to provide transparency and assurance about a company's internal controls and data handling practices.

PCI-DSS: PCI-DSS (Payment Card Industry Data Security Standard) is a comprehensive set of security standards designed to safeguard cardholder data and ensure secure transactions for credit card payments. This standard applies to all organizations that handle, process, store, or transmit credit card information. The primary goal of PCI-DSS is to prevent data breaches and fraud by enforcing best practices for data security.

By adhering to the PCI-DSS standards, organizations can protect sensitive information, build trust with customers, and maintain a secure payment environment.


ISO27001: ISO 27001 is a global standard for information security management systems (ISMS). It offers a structured framework for establishing, implementing, maintaining, and continuously improving information security practices within an organization. This standard helps organizations safeguard sensitive information by identifying and managing risks, and ensuring that effective security controls are in place.

Complying to ISO27001 demonstrates a strong commitment to information security, which can build trust with clients and stakeholders.


GDPR: GDPR (General Data Protection Regulation) is a data protection law established by the European Union. It sets out rules for how organizations must collect, process, store, and manage personal data of EU citizens. The primary goals of GDPR are to strengthen privacy rights, ensure data security, and provide individuals with greater control over their personal information.

Organizations operating within the EU or handling data of EU residents must comply with GDPR requirements.


HIPAA: HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law established to protect the privacy and security of individuals' medical information. It sets specific standards for how health data should be handled, stored, and transmitted. These standards are designed to ensure the confidentiality of medical information and prevent unauthorized access.

By complying to HIPAA guidelines, organizations can help safeguard sensitive health data and maintain trust with individuals.


OWASP 2021: OWASP 2021 refers to the latest version of the OWASP Top Ten, a crucial list published by the Open Web Application Security Project. This list identifies the ten most critical web application security risks. The 2021 edition focuses on the most significant vulnerabilities and threats impacting web applications today.

OWASP 2021 offers valuable guidance for organizations to enhance their security practices and protect against these prevalent risks.


Breakdown of Compliance Table





Name: The specific vulnerability detected.

Standard: The compliance standard associated with the vulnerability.

Severity: The level of risk posed by the vulnerability (e.g., Info, Low, Medium, High, Critical).

Risk Score: A numeric score representing the risk level.


Table Section





Failed: This section lists vulnerabilities that have failed the compliance checks, which needs to be fixed.
Passed: This section lists vulnerabilities that fixed have passed the compliance checks.

Vulnerabilities that do not meet the compliance requirements will appear in the Failed section. These are issues that need to be addressed to achieve or maintain compliance. If a vulnerability does not pose any compliance risk or has been resolved, it will be listed in the Passed section.


By clicking on any row in the table, you can access the vulnerability details sheet

Updated on: 24/09/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!