Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
Compliance Gap Analysis - AskJ1 Community
<main> <article class="userContent"> <p>Compliance gaps are defined as deficiencies in the security framework of your organization between fulfilled compliance requirements and outstanding remediation.</p> <p>Your compliance department, your compliance officer, or security lead decides the security frameworks with which your organization must be compliant. Frameworks comprise benchmarks, standards, and security questionnaires as part of your comprehensive compliance program.</p> <p>You have compliance gaps when:</p> <ul><li>There is no external evidence (such as notes, links, file uploads) that you have completed a framework requirement.</li> <li>There are J1QL question queries whose results show there is no evidence that a framework requirement is complete.</li> </ul><p>At any time, you can review where the gaps are in your compliance by clicking the information icon next to gap analysis in a selected framework.</p> <h2 data-id="accessing-gap-analysis">Accessing Gap Analysis</h2> <p>If you have access to J1 Compliance, you have access to the gap analysis view. If you do not have access to J1 Compliance, your J1 administrator can grant you access to the gaps table by adding a special, read-only permissions role to the group permissions for group to which you belong. With this role, you can see the compliance gap information but are not able to perform any other actions in J1 Compliance.</p> <p>From the selected framework details view, click the filter icon next to the gap category to see where the gaps are in your compliance status.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/WLUZKDU06AF1/compliance-gaps.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>Each query in a saved question has a property to indicate whether the results from the query are good, bad, unknown, or informative. You can configure this property in the J1Query Language UI or via the J1 API.</p> <p>At the API level, this value is set with the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">resultsAre</code> property. For example:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">- id: managed-question-access-password-policy title: Show me the current password policy and compliance status. queries: - name: Compliant policies resultsAre: GOOD query: | Find PasswordPolicy with minLength >= 8 and requireLowercase = true and requireUppercase = true and requireSymbols = true and maxAgeDays <= 90 and historyCount >= 12 - name: Non-compliant policies resultsAre: BAD query: | Find PasswordPolicy with minLength < 8 or requireLowercase != true or requireUppercase != true or requireSymbols != true or maxAgeDays > 90 or historyCount < 12 </pre> <h2 data-id="gap-analysis-queries">Gap Analysis Queries</h2> <p>Queries with the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">resultsAre</code> property in a question that is mapped to a compliance requirement trigger automated gap analysis, as follows:</p> <ul><li><p><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">GOOD</code>:</p> <p>Results from a "good" query indicates <strong>expected configuration is present</strong>.</p> <p>For example, a list of critical data stores that are encrypted.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find DataStore with classification='critical' and encrypted=true </pre></li> <li><p><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">BAD</code>:</p> <p>Results from a "bad" query indicates <strong>gaps or misconfigurations</strong>.</p> <p>For example, a list of critical data stores that are <em>not</em> encrypted.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find DataStore with classification='critical' and encrypted!=true </pre></li> <li><p><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">UNKNOWN</code>:</p> <p>Results from an "unknown" query indicates <strong>resources with an unknown scope or state</strong>.</p> <p>For example, a list of data stores that do <em>not</em> have classification tags.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find DataStore with classification=undefined </pre></li> </ul><p><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">INFORMATIVE</code> queries are not used in compliance gap analysis. A question can have one or all of the above named queries.</p> <p><a rel="nofollow" href="https://jupiterone.vanillacommunities.com/kb/articles/1192-compliance-status-and-maturity">Read more about gap analysis statuses</a>.</p> </article> </main>