Compliance Reports

Some applications have compliance requirements such as workload isolation, ensuring dev cannot talk to prod, and implementing network zones (e.g. microservices in the DMZ can communicate with the public internet but not directly with your backend databases). More advanced controls like building a moat around PCI-DSS workloads or logging HIPAA data transactions.

Auditors need proof that you are upholding these controls. Generating the right documentation can be challenging. Auditors will want to know

  • What security controls are currently implemented?
  • How do you detect when your security controls change?
  • Can you show me that you were compliant last Saturday?

Calico Enterprise continuously monitors compliance and retains a daily history of your compliance standing that can be exported and shared with auditors in a format they are familiar with.

Calico Enterprise installs a GlobalReport resource that can be used to define custom compliance reports. Predefined compliance reports are also included:

  • Inventory Report: identifies which in-scope workloads are protected by your security controls and those which are not
  • Network Access Report: What each microservice has access to
  • Policy Audit: shows the change history of your security policies
  • Configuration Auditing: Reports on configuration compliance using CIS Level 1 and 2 benchmarks

Reports are run periodically, and default to daily runs. A history of all reports is maintained that you can query to get the compliance status of your cluster for any historical point in time.

All compliance data can be exported as spreadsheets that are ready for auditor review.

Interested in trying Calico Enterprise Compliance Reports?

Sign up for our free trial – we’ll even provide sample workloads to test with.