IBM Cloud Docs
Posture Controls

Posture Controls

You can use the IBM Cloud® Security and Compliance Center Workload Protection Posture Controls library to see the logic that is used to determine compliance results.

For more information about how an instance of IBM Cloud Security and Compliance Center Workload Protection can be integrated with Security and Compliance Center to run scans that validate your level of compliance, check out Connecting Workload Protection.

A control describes a rule, for example /etc/docker/certs.d/*/* owned by root:root, the code that is run to evaluate it, and a remediation playbook to fix the violation that might be detected.

There are different types of controls to address business, security, compliance, and operational requirements.

Posture Controls helps you:

  • Ensure that the compliance analysis fits your organization's needs.

  • Know what is evaluated.

  • Review specific controls and the logic in those controls and remediations.

For more information about compliance, see Compliance views and functions documentation.

Controls are built on the Open Policy Agent (OPA) engine that uses the Rego policy language.

The Posture Controls library shows you the code that is used to create the controls and the inputs they evaluate. You can download this code as a JSON file.

Accessing Posture Controls

To access the Posture Controls, do the following steps:

  1. Open the Workload Protection UI.

  2. Hover over the Policies icon Policies icon and click Controls. The controls are displayed.

    You can filter the list by:

    Severity
    The severity that is assigned to the control: high (H), medium (M), or low (L).
    Type
    The infrastructure type. For example, cluster, host, identity, or resource.
    Target
    The specfic platforms or distributions that a control evaluates resources against.

    You can also search on any word, or part of a word, in the control name.

    Multiple filters can be specified to create more specific filter expressions.

  3. Click a control to work with it. The control details are displayed.

    The details displays:

    • The control title.

    • The control severity.

    • The control type. For example, Host.

    • The control author. The author is Sysdig for IBM Cloud Security and Compliance Center Workload Protection provided controls.

    • A description of the control.

    • The policies that are linked to the control.

      Hovering over a policy displays the policy details. For example, the requirement number for the compliance standard.

  4. Click the Code tab.

    The code used to evaluate the objects and how the evaluation rules are structured is displayed. The code is shown in Rego format. Where appropriate, required inputs are included.

    You can copy or download this code to use as a template for other policies.

  5. Click the Remediation Playbook tab.

    The steps to resolve the failing control are displayed.