The Dash Compliance Center is used to view, analyze, and take action on the issues that have been flagged within your cloud environment. Using Amazon Web Services SDKs and APIs, Dash performs a scan of your cloud environment on a daily basis. If there are any issues that should be addressed, Dash will create an issue to help you resolve this problem.
Compliance issues may contain issues related to HIPAA technical safeguards (such as encryption and access control), and administrative safeguards (such as performing risk assessments and other reviews).
Here is an example of some potential issues as they would show up in your Compliance Center:
Users may click on any individual row or issue to view more information about the compliance concern and resolution. Individual issue pages may look like this:
In the Compliance Center Issue View users can find the following information:
- Compliance Standards – You will see how this issue relates to different compliance frameworks, namely HIPAA and NIST and the applicable regulatory safeguards.
- Related Policies – Some issues are related to the policies found in the Policy Center. If there is a related policy, it is because there is a connection between the issue and one or more of the questions in the given policy. You can click the related policy to navigate to the Documents page for the given policy.
- Issue – This is a plain English description of what has been detected during the scan. Should provide service context and help you to pinpoint the issue.
- Recommendation – This is a suggestion on what should be done to bring this issue into compliance.
- Assignments – You can assign an issue to a specific team member or to yourself for future completion
- Affected Objects – This space outlines the AWS resources that have been flagged for this particular issue
- You can resolve a specific affected object once you have made the change necessary.
- You can see the resource ID as well as resource metadata for the given affected object.
- Issue Timeline – Shows events relative to the issue. Events include:
- Issue Opened
- Issue Resolved
- Issue Assigned
- Event History – Shows all the times the issue was detected during a scan and how many affected objects were detected during each scan.
After identifying compliance issues in your cloud environment, your team can work to address these concerns across infrastructure. Teams can mark individual “Affected Objects” as done by clicking “Resolve Issue Item“. Additionally, once teams have resolved all affected objects, they can mark the entire issues as complete by clicking “Resolve Issue” in the top right.
Dash will continue to monitor your cloud environment and will validate that these issues are properly resolved or flag them again if they are still active.