Check your compliance with standards | Fluid Attacks Help

Check your compliance with standards

The platform offers a comprehensive view of how well your organization and individual groups are meeting various international cybersecurity standards, as validated by Fluid Attacks. You can find this information in Compliance, which offers two sections:
  1. Overview: Provides a high-level summary of your overall compliance posture and allows benchmarking it against other organizations
  2. Standards: Lets you drill down into unfulfilled standards in per group and generate detailed reports on any gaps that need to be addressed

Across Compliance, a header provides the following information:

  1. Compliance level: The percentage corresponding to fulfillment of security requirements within standards
  2. Weekly trend:  The change in compliance during the last week represented as a percentage
  3. ET to full compliance: A projection of the amount of days it might take to address all noncompliance issues, achieving a 100% compliance level
  4. Standard least complied with: The name of the specific standard where your organization is struggling the most
  5. Lowest % compliance: The percentage of fulfilled requirements associated to the standard you comply with the least

Check compliance with standards on the Fluid Attacks platform

See an overview of your compliance

Role requirement info
Role required: User, Vulnerability Manager or User Manager

Fluid Attacks' platform allows you to gauge your performance relative to your peers. In the Overview section within Compliance, you s ee how your organization stacks up against the best, worst, and average performance levels in terms of compliance with each of the standards validated by Fluid Attacks.

Check compliance with standards in your groups

Role requirement info
Role required: User, Vulnerability Manager or User Manager

The Standards section within Compliance allows you to zoom in on specific groups within your organization and assess their compliance with individual standards.

View standard compliance of groups on the Fluid Attacks platform

To examine compliance at a granular level within your groups, do the following:

  1. Use the dropdown menu next to the title Unfulfilled standards to choose the group you want to analyze. Only groups you have access to are listed.
    2. Choose group to assess compliance on the Fluid Attacks platform

  2. Once you have selected a group, you see a breakdown of the standards that the group is not currently meeting in full and the number of security requirements you are yet to implement.
    3. See group noncompliance with standards on the Fluid Attacks platform

    Click on the dropdown menu for the standard to see the names of unfulfilled requirements.
    View unfulfilled requirements on the Fluid Attacks platform
    Advice on requirement links
    Click on a requirement of interest to see Fluid Attacks' documentation about it that can give you an idea of what you need to implement.

Download reports of requirements needed to reach compliance

Role requirement info
Role required: User, Vulnerability Manager or User Manager
In the Standards section, the platform allows you to download comprehensive reports of areas of noncompliance for any selected group. These are the steps:
  1. In the Standards section within Compliance, select the group for which you need a report.
    2. Select group for compliance report on the Fluid Attacks platform

  2. Click on the Generate report button to the right.
    3. Find button for compliance reports on the Fluid Attacks platform

  3. In the pop-up window, select whether you want a PDF or CSV file. PDF is advised if you want the links to the security requirements in the report, whereas CSV is advised for further filtering the report (e.g., by requirements). Then choose which standards to include by using the toggle in the Action column.
    4. Download compliance report on the Fluid Attacks platform

    Advice on report toggle
    You can use the Exclude all/Include all toggle to select the desired items more quickly.
  4. You need a verification code to proceed. Select whether you would like to receive it via SMS or WhatsApp.
    5. Get verification code for reports on the Fluid Attacks platform
    Advice on registering phone before reports
    Make sure to have registered your mobile phone to the platform before this step.
  5. Enter the code you received and click on Verify.
    6. Enter verification code for reports on the Fluid Attacks platform

    Upon successful verification, the platform informs you that the report is ready, and your browser downloads it.
    Successfully download reports on the Fluid Attacks platform

The downloaded report provides a group-level overview, customized by you. The PDF version shows

  1. a brief description of the specific standard(s) that the group is not meeting;
  2. the name(s) of the associated requirement(s) which need to be addressed to achieve compliance, linking to the relevant documentation, and
  3. the name(s) of the type or types of vulnerabilities associated to the requirement(s), linking to the vulnerability URL(s) in the platform.
The CSV version shows
  1. the name(s) of the specific standard(s);
  2. the vulnerability URL(s);
  3. the name(s) of the type or types of vulnerabilities, and
  4. the three-number code(s) of the associated requirement(s).
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.