Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Adding Compliance Frameworks - AskJ1 Community
<main> <article class="userContent"> <p>A security compliance framework is a structured set of guidelines that details the processes and procedures your organization implements to be in accordance with established regulations, specifications or legislation. Frameworks can include communication processes, risk controls, and governance practices for maintaining compliance.</p> <p>The first step in compliance management is to select the frameworks with which you want to be compliant. You can select the preset standards provided by J1 or import your own configuration.</p> <p><strong>Note:</strong> You must have the adminCompliance permission to be able to import frameworks.</p> <p>Open the J1 Compliance app by clicking <img src="https://us.v-cdn.net/6035534/uploads/0UNX0806J3K2/apps.png" alt="" class="embedImage-img importedEmbed-img"></img> and select Compliance. To add a framework:</p> <ol><li>Select <strong>Frameworks</strong> from the left navigation panel and click <strong>Add Framework</strong>.<br> <br> <br><img src="https://us.v-cdn.net/6035534/uploads/6NHB1VD26878/compliance-frmwk-overview.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Choose one of the templates that J1 provides, or click <strong>Import JSON/CSV</strong> and paste your compliance framework file in JSON or CSV format. <br> <br> J1 provides <a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/tree/main/templates/standards">community example files</a> for you to use as references.</li> </ol><p><strong>Note</strong>: You must have the necessary license and permission to use a framework for your organization. <strong>Licensing is not provided by JupiterOne</strong>, except for CIS Controls and Benchmarks.</p> <h3 data-id="json-structure">JSON Structure</h3> <p>If you want to import a JSON file, follow <a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/tree/main/templates/standards">this schema</a>.</p> <h3 data-id="csv-import">CSV Import</h3> <p>If you want to import a compliance standard specification from a CSV file, the CSV header must contain the following as column headers:</p> <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">ID</code></li> <li><code class="code codeInline" spellcheck="false" tabindex="0">Requirement</code> or <code class="code codeInline" spellcheck="false" tabindex="0">Control</code></li> <li><code class="code codeInline" spellcheck="false" tabindex="0">Section</code> or <code class="code codeInline" spellcheck="false" tabindex="0">Domain</code></li> </ul><h2 data-id="filter-on-scope">Filter on Scope</h2> <p>When you select the frameworks with which you want to be compliant, you can narrow the scope by using filters. You can determine what J1 monitors for compliance to save time and resources.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/3GF6BCWTLDM6/compliance-scope-filters.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>You can filter on:</p> <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">_type</code>: Type of asset, such as datastore or persons</li> <li><code class="code codeInline" spellcheck="false" tabindex="0">_class</code>: Class of asset, such as____________</li> <li><code class="code codeInline" spellcheck="false" tabindex="0">_integrationClass</code>: Category of integration, such as Data Loss Prevention or App Hosting</li> <li><code class="code codeInline" spellcheck="false" tabindex="0">_integrationType</code>: Type of integration, such as ____________</li> <li><code class="code codeInline" spellcheck="false" tabindex="0">integrationInstanceId</code>: Your integration account ID</li> <li>A custom filter of your own<br> </li> </ul><p><img src="https://us.v-cdn.net/6035534/uploads/XXTXL3F7DVQ9/compliance-add-filters.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>After you set the filters, they take effect the next time J1 evaluates the framework requirements.</p> </article> </main>