Achieve Regulatory Compliance

Prisma Cloud provides security teams with full visibility into all of their cloud assets and simplifies compliance reporting. With support for more than 50+ compliance standards, including PCI DSS, HIPAA, GDPR, SOC2, NIST 800-171, NIST 800-53, NIST CSF, ISO 27002, CCPA, CCM, and custom frameworks, you have one-click audit-ready reporting. Whether you want to detect a misconfiguration or you want to continually assess your security posture and adherence to specific compliance standards Prisma Cloud provides out-of-the-box policies (auditable controls) for ongoing reporting and measurement of security and compliance risks in your cloud environment.

1. View Compliance Standards and Set your Baseline

Start in the Compliance Standards View for an overview of the compliance posture of the cloud assets across your organization. Each row refers to a compliance standard and includes the number of assets that passed and failed the compliance controls.

When setting up an account group, if you had mapped it to a Business Unit (BU), you can review your compliance posture for each BU because you can easily filter the Standards view by Account groups. Generally, when you map an account group to a Business Unit (BU), you can review your compliance posture for each BU.

If you want to create views for specific compliance standards, add a new view to track the state for your auditing needs.

You should also create a custom dashboard using the compliance widgets to monitor trends.

2. Generate Compliance Reports

Generate—on-demand or recurring reports — filtered to customer’s requirements based on regions, clouds, accounts and send the reports to all the relevant stakeholders to measure your compliance over time.

3. Review Policies and Adjust Compliance Mapping

Prisma Cloud automatically maps out of box policies to specific compliance
controls that belong to compliance standards. You can also edit the policies and
map to existing compliance standards or to a custom standard.
If you want to map policies to a custom compliance standard, first complete step 4. Then, when a policy violation occurs, it will be captured against the compliance control to which you assigned the policy and enable you to track and report on it.

4. Customize Compliance to Enforce your Business Goals

Create custom compliance frameworks specific to your environments or auditing needs, and map any of the existing out-of- box or custom policies to the specific controls within the framework.