Check your compliance with standards

The platform offers a comprehensive view of how well your organization and individual groups are meeting various international cybersecurity standards , as validated by Fluid Attacks. You can find this information in Compliance, which offers two sections:

1. Overview : Provides a high-level summary of your overall compliance posture and allows benchmarking it against other organizations
2. Unfulfilled : Lets you drill down into unfulfilled standards per group and generate detailed reports  on any gaps that need to be addressed

Across Compliance, a header provides the following information:

1. % Compliance of [organization]: The percentage corresponding to fulfillment of security requirements  within standards
2. ET to full compliance: A projection of the amount of days it might take to address all noncompliance issues, achieving a 100% compliance level
3. Standard least complied with: The name of the specific standard where your organization is struggling the most
4. Lowest % compliance: The percentage of fulfilled requirements associated to the standard you comply with the least

See an overview of your compliance

Fluid Attacks’ platform allows you to gauge your performance relative to your peers. In the Overview section within Compliance, you see how your organization stacks up against the best, worst, and average performance levels in terms of compliance with each of the standards validated by Fluid Attacks .

Check unfulfilled standards in your groups

The Unfulfilled section within Compliance allows you to zoom in on specific groups within your organization and assess their compliance with individual standards.

To examine compliance at a granular level within your groups, do the following:

1. Use the dropdown menu next to the title Unfulfilled standards (#) in group to choose the group you want to analyze. Only groups you have access to are listed.

1. Once you have selected a group, you see a breakdown of the standards that the group is not currently meeting in full and the number of security requirements you are yet to implement.

Click on the dropdown menu for the standard to see the names of unfulfilled requirements .

Download reports of requirements needed to reach compliance

In the Unfulfilled section, the platform allows you to download comprehensive reports of areas of noncompliance for any selected group. These are the steps:

1. In the Unfulfilled section within Compliance, select the group for which you need a report.

1. Click on the Generate report button to the right.

1. In the pop-up window, select whether you want a PDF or CSV file. PDF is advised if you want the links to the security requirements in the report, whereas CSV is advised for further filtering the report (e.g., by requirements). Then choose which standards to include by using the toggle in the Action column.

1. You need a verification code to proceed. Select whether you would like to receive it via SMS or WhatsApp.

1. Enter the code you received and click on Verify.

Upon successful verification, the platform informs you that the report is ready, and your browser downloads it. The file becomes available in the platform for seven days thanks to the Downloads  feature.

The downloaded report provides a group-level overview, customized by you. The PDF version shows

1. a brief description of the specific standard (s) that the group is not meeting;
2. the name(s) of the associated requirement (s) which need to be addressed to achieve compliance, linking to the relevant documentation, and
3. the name(s) of the type or types of vulnerabilities  associated to the requirement(s), linking to the vulnerability URL (s) in the platform.

The CSV version shows

1. the name(s) of the specific standard(s);
2. the vulnerability URL(s);
3. the name(s) of the type or types of vulnerabilities, and
4. the three-number code(s) of the associated requirement(s).