Monitor your frameworks for compliance

After you apply a framework to your resources, you can view a monitoring dashboard that shows the status of your environment's compliance with the framework. The monitoring dashboard also provides guidance on how to further align your environment to relevant industry standards and regulatory requirements. You can use the monitoring dashboard to assess your workloads' compliance with multiple frameworks over time. Compliance specialists and privacy teams can use the dashboard to monitor, track, and consult on issues.

The monitoring dashboard for Compliance Manager provides a detailed overview of the following:

• Whether your environment is in compliance with applied cloud controls and regulatory controls.
• Information about how to remediate any violations.
• Mapping information between cloud controls and regulatory controls.
• Shared responsibilities status for cloud controls.
• Current compliance status, as well as compliance status trends over time.
• The ability to download a report, in CSV format.

Before you begin

• To get the permissions that you need to monitor frameworks, ask your administrator to grant you the Compliance Manager Viewer (roles/cloudsecuritycompliance.viewer) IAM role on your organization. For more information about granting roles, see Manage access to projects, folders, and organizations.

  You might also be able to get the required permissions through custom roles or other predefined roles.

• Apply the frameworks that you want to monitor to the appropriate organization, folders, and projects.

Monitor your framework

1. In the console, go to the Compliance page.

   Go to Compliance

2. Select your organization.

3. Click Monitor (Preview).

   The main dashboard appears. This dashboard provides a summary of applied frameworks and the percentage of cloud controls that don't have any associated findings.

4. For details about a framework, click the framework.

   In the Framework details page, the following details are available:

   • The time when the framework was applied, in your timezone.
   • A timeline that shows the trends of passing controls.
   • A mapping between the regulatory controls and the cloud controls in the framework.
   • The findings that are associated with the cloud controls.

   This page might take some time to update the findings. For the latest information about findings, use the Findings page. The Summary tab for findings shows the applied frameworks and cloud controls that are related to the finding.

5. To view information from an earlier date, use the date picker.

6. To download a report about the framework, click Download report. The report is downloaded in CSV format. The filename is [framework name and version]_[CSP]_[yyyy]-[mm]-[dd].csv

What's next

• Create a custom framework that better matches your organization's security and compliance objectives.
• Create an audit report for your environment.