Not all policies are mapped to the compliance frameworks as they are released. Cortex Xpanse continues to update the mapping as frequently as possible in order to ensure the dashboard is up to date based on the latest policies released in the platform.
The Compliance Assessment dashboard takes a compliance-focused lens and applies it to the Issues policies in Cortex Xpanse, so customers can better understand how the issues on their external network impact compliance controls.
Currently available assessments:
Cortex Xpanse worked with its internal subject matter experts as well as third party experts to develop these mappings against our policies assuming that all assets have been inventoried already. The mapping focuses on which policies may need to be reviewed which could have led to a given service or issue being exposed to the Internet. On the summary tab, a reviewer may notice similar sets of detections for all issues. This is intentional as more information gathering and investigation via a security impact analysis (SIA) should be conducted to rule out the worst case scenario. As part of your investigation via the SIA, give consideration for each control in each framework that is mapped as applicable to your security and compliance objectives.