Monitor Compliance Violations - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

The Attack Surface Compliance Violations Dashboard helps customers better understand how the issues on their external network impact compliance controls.


Not all attack surface rules are mapped to the compliance frameworks as they are released. Cortex Xpanse continues to update the mapping as frequently as possible in order to ensure the dashboard is up to date based on the latest policies released in the platform.

The Attack Surface Compliance Violations dashboard takes a compliance-focused lens and applies it to the attack surface rules in Cortex Xpanse, so customers can better understand how the alerts and incidents on their external network impact compliance controls. The dashboard displays assessments for the following control families:

  • NIST 800-53

  • NIST 800-171

  • CMMC L1-L5

  • CMMC L1-L3

To view the Attack Surface Compliance Violations Dashboard, navigate to DashboardsOther DashboardsAttack Surface Compliance Violations Dashboard. Within each widget, select a control family from the drop-down menu to filter the data.

Cortex Xpanse worked with its internal subject matter experts as well as third party experts to develop these mappings against our attack surface rules assuming that all assets have been inventoried already. The mapping focuses on which rules may need to be reviewed because they could have led to a given service or issue being exposed to the Internet. As part of your investigation via the security impact analysis (SIA), give consideration for each control in each framework that is mapped as applicable to your security and compliance objectives.

Note that not all compliance violations can be detected from our scan data. Cortex Xpanse provides an external view of your attack surface. Some controls require data from internal scans or checks against internal controls and processes where Xpanse does not have visibility. The following sections list these specific controls for which Xpanse cannot make a determination regarding compliance: