Controls Management

Updated 5 days ago by admin

A Control is an entity that the Posture Management service checks within an account of an integrated connector.

The Posture Management controls are based on the security best practices and other industry standards and compliance.

Posture Management is a tool to help you adhere to best practice. It is not intended as a replacement for a formal audit.

You can find onboarding guides for each available connector by the links below.

Managing Controls

To view and manage controls:

  1. Visit the USS Dashboard.
  2. Click Products ⟶ Posture Management. You will be redirected to the Posture Management dashboard.
  3. Open the Controls page.

Controls Menu

On the left sidebar menu, you can see the list of your integrated connectors.

Connectors Menu

Refer to the onboarding guides to familiarize yourself with the integration steps.

If a connector is integrated but disabled, you will see the yellow triangle badge near the connector name.

Connectors sidebar menu

To see the list of all available connectors, turn on the Show available integrations toggle. Connectors available for integration will be displayed with a badge.

The Show available integrations toggle is displayed if you have at least one non-integrated connector. 
Show available integrations

Controls Grid

The Controls grid displays all controls currently available for scanning. It includes the following columns:

  • Connector
  • Service
  • Category
  • Resource Group
  • Compliance Standards
  • Control
  • Risk Level
  • Activation Checkbox

You can customize the grid by hiding or displaying specific columns using the Columns filter.

Column filter
Controls

These are specific security or compliance requirements designed to address potential vulnerabilities or enforce best practices.

Each control defines a particular action or configuration to be implemented, helping organisations reduce risks and ensure compliance. Click the  icon near a control name to review the purpose of the control.

Controls with Additional Configuration

Some controls require additional configuration to help the Posture Management service understand which settings are considered legitimate for your environment. All such controls are listed at the top of the controls list.

Such controls have a red asterisk in the name and the prompt.

Control Configuration

Connectors

See the article Connectors.

A connector represents the integration point between the Posture Management service and a specific service provider or cloud platform. Each control is associated with one connector.

Service

It refers to the functional unit provided by a connector to which controls are applied. Services represent specific components or capabilities within a cloud or infrastructure platform that require security configurations, e.g. AWS S3, Azure Virtual Machines, etc.

Category

It is a thematic grouping that organizes controls based on their primary focus or intent. Categories ensure that controls addressing similar concerns (e.g., Identity Management, Data Security, or Network Security) are logically grouped. It helps quickly identify controls related to specific security or compliance goals.

Resource Group

It refers to the type of infrastructure, service, or technology to which a control applies. A resource group ensures that each control is relevant to specific resource types, such as cloud services, databases, or virtual machines.

Risk Level

It is a classification reflecting the potential impact of not implementing a specific control. It helps prioritize controls by indicating the severity of associated risks and guiding remediation efforts. Posture Management service controls can have one of the following risk levels:

  • Critical
  • High
  • Medium
  • Low

Each control is assigned a default risk level based on the likelihood of the misconfiguration occurring and its potential impact on infrastructure security. However, you can adjust the risk level to better align with your specific business needs.

Risk Level
Reset Risk Level

You can restore the risk levels of all modified controls to their default values by clicking the Reset Risk Levels button.

Compliance Standards

These are formal frameworks or regulations to which controls are mapped to ensure that their implementation helps organizations meet regulatory and industry expectations.

Posture Management is a tool to help you adhere to best practice. It is not intended as a replacement for a formal audit.

Currently, the Posture Management service supports the following compliance standards:

ISO 27001:2022 – Information security management standard.

PCI DSS v4.0.1 – Payment Card Industry Data Security Standard.

NIST CSF v2.0 – Cybersecurity Framework by the National Institute of Standards and Technology.

Cyber Essentials v3.1 – A UK government-backed framework aimed at helping organizations protect against the most common cyber threats.

Enable Controls

By default, all newly added controls are enabled. You can disable a specific control by unchecking the box next to it. Additionally, you can use the Active checkbox to enable or disable all controls with a single click.

Important: Make sure to click the Apply Changes button to save and apply all modifications.
Enable Controls

Filters

To search for a specific control, use the available filters on the filter bar. The available filters are:

  • Category – Filter by a category name.
  • Resource Group – Filter by a resource group name.
  • Service – Filter by a service name.
  • Risk Level – Filter by a risk level.
  • Compliance Standard – Filter by a compliance standard.
  • Control – Search by a control name.


How did we do?