Creating an attachment
To start evaluating your resources, you must create an attachment by specifying which profile you want to evaluate against which scope. To learn more about scopes and profiles, see How does Security and Compliance Center work.
Running an evaluation does not ensure regulatory compliance. An evaluation provides a point in time statement of your current posture for a specific resource. It is your responsibility to review and interpret the results to ensure that your organization is adhering to the controls that are required for your industry.
Before you begin
Before you get started be sure that you have the following prerequisites.
- A scope.
- A profile.
- A storage configuration.
- The required level of access to create and manage attachments. To create attachments, you must have the Writer service role or higher.
Creating an attachment
To create an attachment, you can use the Security and Compliance Center UI.
-
In the IBM Cloud console, go to the Resource list page and select your instance of Security and Compliance Center.
-
In your instance of Security and Compliance Center, go to the Attachments page and click Create.
-
Provide a name and description for your attachment. Then, click Next.
Be sure that this is as descriptive as possible so that other members of your team can quickly find the information that they're looking for.
-
Select the profile that you want to evaluate. Then, provide the information for any of the configurable parameters that you want to adjust.
-
Click Next.
-
Select the scope that you want to target. Then, click Next.
The scopes that are available in this view are filtered only to those scopes that contain resources that can be evaluated against your selected profile. If you aren't seeing the scope that you created, select a different profile or adjust the resources included in your scope.
-
In the annotation section, add custom annotations to individual controls. These annotations are for reference only and do not affect the evaluation process. Then, click Next.
An annotation is a note that a user can add to a control. While these can be anything, typically they are used to highlight how your organization manages, mitigates, or remediates a control. For example, if you are looking at Control ID A.10.11 - Encryption of data, you might add the following test procedures as an annotation.
- Verify that encryption is enabled on all storage volumes containing sensitive data by inspecting system configurations.
- Review a sample of transmission logs to ensure data in transit is being encrypted using TLS 1.2 or higher.
- Conduct a key management audit to confirm that keys are being stored securely and are rotated as required.
-
Define your scan settings.
- Select the Frequency at which you want your evaluation to be conducted.
- Configure notifications regarding failures that are identified.
- Click Next.
-
Review your selections. If everything looks correct, click Create.
When you create your attachment, a scan is scheduled. When the scan completes, your results are available in the Security and Compliance Center dashboard.
Running a scan on demand
If you already have an attachment that is being evaluated on a schedule, but you don't want to wait for your next evaluation, you can initiate a scan on-demand.
- In the IBM Cloud console, go to the Resource list page and select your instance of Security and Compliance Center.
- In your instance of Security and Compliance Center, go to the Attachments page.
- From the overflow menu on row of the attachment that you want to scan, select Run scan.
After your scan completes, your results are available in the Security and Compliance Center dashboard.