GDPR

The General Data Protection Regulation, or GDPR, is a regulation established by the European Union (EU) for the purpose of data protection and privacy for the citizens of the EU and the European Economic Area (EEA). 

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other cloud service provider (CSP), compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within the GDPR framework. 

Ensuring continuous compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate compliance with GDPR. DivvyCloud provides dozens of out-of-the-box policies as part of our GDPR compliance pack that map back to specific directives within GDPR. For example, DivvyCloud’s policy “Database Instance Publicly Accessible With Attached Exposed Security Group” supports compliance with the “Article 25: Data protection by Design and by Default” directive in GDPR. You can immediately use the GDPR compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like GDPR, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with GDPR and other important standards. 

HIPAA

A growing number of healthcare providers, payers, and other organizations are using cloud service providers (CSPs) to process, store, and transmit protected health information (PHI). The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding PHI.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within HIPAA. 

Ensuring continuous compliance across one or more CSPs can be extremely challenging. 

With DivvyCloud you can automate compliance with HIPAA. DivvyCloud provides dozens of out-of-the-box policies as part of our HIPAA compliance pack that map back to specific directives within HIPAA. For example, DivvyCloud’s policy “Snapshot With PHI Unencrypted” supports compliance with the “Encryption Controls – §164.312(a)(2)(iv)” directive in HIPPA. You can immediately use the HIPAA compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like HIPAA, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with HIPAA and other important standards. 

CIS AWS

The Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmark offers a collection of best practices for the secure configuration of AWS. CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts. 

When using AWS, security is a shared responsibility between AWS and the customer. You as the customer are responsible for configuring and using AWS cloud services in a way that is secure, and the CIS AWS Benchmark provides a framework for how to do this. 

Ensuring continuous security in AWS can be extremely challenging. With DivvyCloud you can automate compliance with CIS AWS. DivvyCloud provides dozens of out-of-the-box policies as part of our CIS AWS compliance pack that map back to specific directives within CIS AWS. For example, DivvyCloud’s policy “Encryption Key Not Supporting Key Rotation” supports compliance with the “Logging 2.8” directive in CIS AWS. You can immediately use the CIS AWS compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like CIS AWS, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with CIS AWS and other important standards.

 

CIS Azure

The Center for Internet Security (CIS) Microsoft Azure Benchmark offers a collection of best practices for the secure configuration of Microsoft Azure. CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts. 

When using Microsoft Azure, security is a shared responsibility between Microsoft and the customer. You as the customer are responsible for configuring and using Azure cloud services in a way that is secure, and the CIS Microsoft Azure Benchmark (CIS Azure) provides a framework for how to do this. 

Ensuring continuous security in Azure can be extremely challenging. With DivvyCloud you can automate compliance with CIS Azure. DivvyCloud provides dozens of out-of-the-box policies as part of our CIS Azure compliance pack that map back to specific directives within CIS Azure. For example, DivvyCloud’s policy “Security Center Automatic Provisioning Of Monitoring Agent Is Off” supports compliance with the “Security Center 2.2” directive in CIS Azure. You can immediately use the CIS Azure compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like CIS Azure, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with CIS Azure and other important standards. 

CIS GCP

The Center for Internet Security (CIS) Google Cloud Computing Platform Benchmark offers a collection of best practices for the secure configuration of Google Cloud Platform (GCP). CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts. 

When using GCP, security is a shared responsibility between Google and the customer. You as the customer are responsible for configuring and using GCP cloud services in a way that is secure, and the CIS Google Cloud Computing Platform Benchmark (CIS GCP) provides a framework for how to do this. 

Ensuring continuous security in GCP can be extremely challenging. With DivvyCloud you can automate compliance with CIS GCP. DivvyCloud provides dozens of out-of-the-box policies as part of our CIS GCP compliance pack that map back to specific directives within CIS GCP. For example, DivvyCloud’s policy “Google User With Unauthorized Role” supports compliance with the “Identity and Access Management 1.5” directive in CIS GCP. You can immediately use the CIS GCP compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like CIS GCP, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with CIS GCP and other important standards. 

CIS Kubernetes

The Center for Internet Security (CIS) Kubernetes Benchmark is a reference document that can be used by system administrators, security and audit professionals, and other IT roles to establish a secure configuration baseline for Kubernetes. CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts. 

When using Kubernetes, including Containers as a Service (CaaS) solutions such as Google Kubernetes Engine (GKE) from Google, Elastic Container Service for Kubernetes (EKS) from Amazon, and Azure Container Service (AKS) from Microsoft, security is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using Kubernetes in a way that is secure, and the CIS Kubernetes Benchmark (CIS Kubernetes) provides a framework for how to do this. 

Ensuring continuous security in Kubernetes can be extremely challenging. With DivvyCloud you can automate compliance with CIS Kubernetes. DivvyCloud provides dozens of out-of-the-box policies as part of our CIS Kubernetes compliance pack that map back to specific directives within CIS Kubernetes. For example, DivvyCloud’s policy “Container Instance API-Server Anonymous-Auth Set To True” supports compliance with the “Master Node Security Configuration – API Server 1.1.1” directive in CIS Kubernetes. You can immediately use the CIS GCP compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like CIS Kubernetes, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with CIS Kubernetes and other important standards. 

ISO 27001

ISO/IEC 27001 is a security management standard that specifies security management best practices and comprehensive security controls. It is an optional standard that some organizations choose to implement to benefit from the best practices it contains and to reassure customers that its recommendations have been followed.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within ISO 27001. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with ISO 27001. DivvyCloud provides dozens of out-of-the-box policies as part of our ISO 27001 compliance pack that map back to specific directives within ISO 27001. For example, DivvyCloud’s policy “Access List Exposes Windows RDP to World (Security Group)” supports compliance with the “A.11.4.4 – Remote diagnostic and configuration port protection” directive in ISO 27001. You can immediately use the ISO 27001 compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like ISO 27001, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with ISO 27001 and other important standards.

NIST CSF

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST)

Cybersecurity Framework is a voluntary framework – based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure. The NIST Cybersecurity Framework (NIST CSF) was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within NIST CSF. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with NIST CSF. DivvyCloud provides dozens of out-of-the-box policies as part of our NIST CSF compliance pack that map back to specific directives within NIST CSF. For example, DivvyCloud’s policy “Cloud Account Password Policy Missing” supports compliance with the “PR.AC-1” directive in NIST CSF. You can immediately use the NIST CSF compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like NIST CSF, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with NIST CSF and other important standards. 

NIST 800-53

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. The NIST 800-53 controls set the baseline for security for federal agencies and contractors and are continuously updated to address new threats and to prevent major cyber security incidents.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within NIST 800-53. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with NIST 800-53. DivvyCloud provides dozens of out-of-the-box policies as part of our NIST 800-53 compliance pack that map back to specific directives within NIST 800-53. For example, DivvyCloud’s policy “Load Balancer Without SSL Listener” supports compliance with the “SC-8” directive in NIST 800-53. You can immediately use the NIST 800-53 compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like NIST 800-53, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with NIST 800-53 and other important standards. 

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards.  PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within PCI DSS. 

Ensuring continuous compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate compliance with PCI DSS. DivvyCloud provides dozens of out-of-the-box policies as part of our PCI DSS compliance pack that map back to specific directives within PCI DSS. For example, DivvyCloud’s policy “Database Instance Not Encrypted” supports compliance with the “Requirement 3: Protect stored cardholder data” directive in PCI DSS. You can immediately use the PCI DSS compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards like PCI DSS, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to an AWS or GCP storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with PCI DSS and other important standards. 

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal government initiative that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services. FedRAMP simplifies security by providing a standardized approach to security for the cloud through a core set of processes to ensure effective, repeatable cloud security for the government.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within FedRAMP. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with FedRAMP. DivvyCloud provides dozens of out-of-the-box policies as part of our FedRAMP compliance pack that map back to specific directives within FedRAMP. For example, DivvyCloud’s policy “Cloud Root Account API Access Key Present” supports compliance with the “IVS-11” directive in FedRAMP. You can immediately use the FedRAMP compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like FedRAMP, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with FedRAMP and other important standards. 

 

CSA CCM

The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) provides a controls framework that gives a detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundation of the CSA CCM align with other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP.  It is an optional standard that some organizations choose to implement to benefit from the best practices it contains and to reassure customers that its recommendations have been followed.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within CSA CCM. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with CSA CCM. DivvyCloud provides dozens of out-of-the-box policies as part of our CSA CCM compliance pack that map back to specific directives within CSA CCM. For example, DivvyCloud’s policy “Cloud Account Without Root Account MFA Protection” supports compliance with the “AIS-04, EKM-01, EKM-02, EKM-03, GRM-06, IAM-01, IAM-02, IAM-04, IAM-05, IAM-10, IAM-11, and IAM-12” directives in CSA CCM. You can immediately use the CSA CCM compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like CSA CCM, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with CSA CCM and other important standards.

SOC 2

The American Institute of CPAs (AICPA) Service and Organization Controls (SOC) 2 reporting standard defines criteria for how organizations should manage customer data. Many organizations, especially SaaS companies, choose to establish and follow strict information security policies and procedures that adhere to the SOC 2 standard and to undergo regular third-party audits to certify their compliance.

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within SOC 2. 

Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with SOC 2. DivvyCloud provides dozens of out-of-the-box policies as part of our SOC 2compliance pack that map back to specific directives within SOC 2. For example, DivvyCloud’s policy “Storage Container Exposed To The Public” supports compliance with the “C1.2, C1.3, C1.7, and CC5.6” directives in SOC 2. You can immediately use the SOC 2 compliance pack to identify and remediate policy violations in real-time.   

DivvyCloud’s Compliance Scorecard helps you audit compliance with important standards, like SOC 2, and identify risks in your cloud environments in a simple, transparent way. Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and a history of noncompliant resources, customers can readily see where they are failing compliance checks.

 

 

Conveniently, DivvyCloud’s Compliance Scorecard is exportable in multiple ways: 

  • Downloading an .XLSx file 
  • Via email subscription 
  • Uploading to a storage container

With DivvyCloud you can accelerate innovation through the use of cloud and container services while maintaining continuous compliance with SOC 2 and other important standards. 

Acquire the freedom to innovate

Request a Demo