DocumentationAPI ReferenceRelease Notes

Compliance Calculation

Suggest Edits

Panoptica's Compliance Framework helps ensure security best practices across all the key platforms and frameworks. Panoptica calculates compliance based on the percentage of the rules and standards that have passed assessment. The calculation methods vary for single accounts versus on the scope level.

Single Account

At the account level, compliance percentage is a simple average of the controls that make up the compliance framework of that account. We take the number of compliant assets or resources, and divide it by the total number of assets or resources.

Delving down to the control level, compliance is a simple average of the sub-controls that have passed compliance assessment.

Automatic

Under a sub-control, things start getting interesting. The sub-control percentage is based on the simple average of all rules where we found matches. When we don’t see any matches on a rule, we don’t include it in the calculation of the sub-control.

Manual

Manual sub-controls are rules that Panoptica is not able to assess automatically. To gain a complete picture, you will need to verify whether a sub-control is compliant or not. By default, sub-controls are set to 0%, until you set it as compliant, at which point it will be 100%.

Special “One response” rules

Some of the rules are so called “one response” rules, meaning that the rule is compliant if there is at least one asset or resource that is correctly configured according to the rule. If Panoptica finds at least one asset or resource that is correctly configured according to the rule, then all of the assets or resources are considered compliant.

If there are no assets or resources configured according to the rule, that rule receives a score of 0%, and we list all the assets or resources that are not compliant. The compliance percentage for “one response” rules can be either 0% or 100%.

Scope

When calculating compliance for multiple accounts in a defined scope, the percentage at the account level is the same: a simple average of all accounts. This applies to the control level as well.

At the sub-control level, however, Panoptica examines the number of rules that are compliant, which can vary greatly between accounts. If one account has few assets or resources correctly configured, but another account has many assessments that fail compliance, the score will be lower than that at the account level.

For example, if there are two accounts in a scope—one compliant and one not—the average is 50%. However, if the compliant account has 10 rules that have passed, and the non-compliant one has 90 that have failed, the score will be 10% (10/100).

See Compliance Framework for more details.

Updated 5 months ago