How do I define threshold for compliance reports?

In Security Center, you can create Compliance reports of various frameworks.
Depending on your organization and the sensitivity of your data the thresholds for compliance could vary a lot.

Therefore Holm Security offers the flexibility to set your own thresholds for the compliance reports, in this article, we will cover how.

  1. log in to Security Center.
  2. Click Reports in the main menu.
  3. Click Templates > +Add template > Compliance.
  4. Under the headline General settings enter the following:
  • Name: the name of the report template, e.g. "GDPR Compliance report".
  • Owner: the owner of the report template.
  1. Under the headline Compliance make sure the framework you wish to report on is selected. 
  2. Set your Thresholds:
    • Set the Max. vulnerabilities in Total (for all selected assets) and the Max. vulnerabilities per asset.
    • This will make it possible to have more granular threshold levels which can be applied to each asset that is evaluated against the compliance thresholds. This enables you to both track compliance on a summarized level across all assets included in the report, together with a more granular tracking for each asset. 
    • Max vulnerability in total is the global threshold.
    • Max vulnerability per asset can't be greater than global threshold.
    • E.g. if the critical severity is set to max vulnerabilities in total 10 and the max vulnerabilities per asset to 5 then there were 6 critical vulnerabilities detected for an asset under a scan then the report will fail.

Below you will find a general recommendation on thresholds:

  • 0 Critical severity vulnerabilities.
  • 0 High severity vulnerabilities.
  • Info, Low and Medium severities can be left unchecked.
  1. When you feel satisfied with your thresholds click Save.
  2. Done!