Fortinet black logo

Online Help

Compliance Policy

Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:455687

Compliance Policy

Compliance policies monitor cloud accounts in compliance with various compliance standards (SOX-COBIT, PCI, HIPAA, etc.).

Only polices with in Alert column will generate alerts. All other compliance polices will generate data in compliance report.

The compliance reports are designed to fulfill the compliance requirements of your organization.

For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy enabled, FortiCASB will add the corresponding access logs in the Compliance report.

The prerequisite to generate Compliance report is to enable and configure compliance policies required by your organization. For more details on configuring compliance policies, please refer to Policy Configuration.

List of Compliance policies

See Policy Configuration for instructions/examples on setting policies.

SOX-COBIT

SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

PCI-DSS

PCI-DSS (Payment Card Industry Data Security Standard) utilizes the current industry standard version 3.2.1 to help your organization track and stay in compliant with the current industry payment standard. FortiCNP uses these policies to monitor your cloud applications for PCI-DSS compliance, and use the Reporting feature to generate reports.

HIPAA

HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

GDPR

GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Personal data type can be setup inside GDPR policy configuration for monitoring.

ISO 270001

ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

NIST 800-53 V4

NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

NIST 800-171

NIST 800-171 can help to protect controlled unclassified information in non-federal Information systems and organizations.

Compliance Policy

Compliance policies monitor cloud accounts in compliance with various compliance standards (SOX-COBIT, PCI, HIPAA, etc.).

Only polices with in Alert column will generate alerts. All other compliance polices will generate data in compliance report.

The compliance reports are designed to fulfill the compliance requirements of your organization.

For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy enabled, FortiCASB will add the corresponding access logs in the Compliance report.

The prerequisite to generate Compliance report is to enable and configure compliance policies required by your organization. For more details on configuring compliance policies, please refer to Policy Configuration.

List of Compliance policies

See Policy Configuration for instructions/examples on setting policies.

SOX-COBIT

SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

PCI-DSS

PCI-DSS (Payment Card Industry Data Security Standard) utilizes the current industry standard version 3.2.1 to help your organization track and stay in compliant with the current industry payment standard. FortiCNP uses these policies to monitor your cloud applications for PCI-DSS compliance, and use the Reporting feature to generate reports.

HIPAA

HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

GDPR

GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Personal data type can be setup inside GDPR policy configuration for monitoring.

ISO 270001

ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

NIST 800-53 V4

NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

NIST 800-171

NIST 800-171 can help to protect controlled unclassified information in non-federal Information systems and organizations.