Policy Frameworks

A security framework is a structured set of controls designed to ensure that your information systems and processes meet security standards or compliance requirements specific to your industry, or internal policies specific to your organization. Panoptica's Compliance Framework is an example of applying industry-standardized frameworks to your cloud environment. Here is where you can create your own frameworks.

πŸ“˜

Permissions required

Users must have an Owner or Ops role in Panoptica to create custom frameworks.

An Ops user can edit/delete custom frameworks that they created; an Owner can edit/delete any custom framework in your tenant. Panoptica system frameworks cannot be edited or deleted.

See User Management for details on User Roles.

Add Frameworks

Click the + Add Custom Framework button at the top of the Policies tab to start defining customized frameworks and categories.

In addition to the overall framework, you can also define a hierarchy of structured categories, which could provide visibility into whether your organization is compliant with each and every category. A category (sometimes called a "section") is a set of controls in a single security framework containing a list of specific rules organized by a logical unit or purpose. For example, categories in the "AWS CIS framework" include IAM, Storage, and Logging.

Any custom framework you define will only be available in your own environment.

  • Framework Name
    A short textual name given to a framework. The name must be unique across your environment.
  • Description
    A longer text that explains the motivation for this framework. This is also where you can store notes regarding the categories, etc.
  • Created by
    This will always default to the logged-in user.
  • + Add Category
    You can add up to two levels of categories to any framework.
    You also have the option of associated rules to categories here. You can select either built-in system rules, or the custom rules that you have defined.

Click Save Changes when you're done.

Manage Frameworks

To manage policy frameworks, browse to the Settings tab in Panoptica's main navigation pane, and select Policy Frameworks.

As with Policy Rules, the Policy Frameworks table lists both built-in and custom frameworks.

The default view displays all of the frameworks available for viewing. You can use the drop-down Filters option to narrow the results by Status and Type.

You can also use the Search bar to look for a text string in a framework name. To clear the search bar, click the Γ—.

Policy frameworks can be disabled or enabled by selecting the record and clicking Enable/Disable. You can disable or enable multiple frameworks at the same time by selecting multiple items. When enabling a framework, all rules of the framework are enabled and executed. When disabling a framework, all rules of the framework are disabled, except the rules that are also part of another enabled framework. Rules that are part of another enabled framework remain enabled.

Click the three dots (⁝) at the end of any record to open a drop-down list of further actions.

The following actions can be performed:

  • Select Disable to disable the framework.
  • Select Enable to enable the framework.
  • Select Duplicate & Edit to open a New Framework dialog box with the name, description, and parameters pre-filled for editing.
  • Select Edit to open a dialog box where you can edit the framework name, description, and parameters.
  • Select Delete to remove a framework.

    🚧

    Deleting a framework cannot be undone.

Framework Types and Permissions

Panoptica supports the following types of frameworks:

  • Custom frameworks can be managed by the Ops user that created the framework. The Owner can manage any custom frameworks in the tenant.
  • Compliance frameworks can be enabled or disabled by the Owner but cannot be deleted. They can be duplicated by the Owner and Ops users. For more information, see Supported Frameworks.
  • Global frameworks (such as Panoptica system frameworks) cannot be edited or deleted.