Fortinet black logo

online help

Compliance Policy

Copy Link
Copy Doc ID 58cdf477-b7d4-11ea-8b7d-00505692583a:724033

Compliance Policy

Compliance policies monitor cloud accounts in compliance with various Compliance standards (SOX-COBIT, PCI, HIPAA, etc.). The main purpose of Compliance Policy is to generate Compliance reports in accordance with your organization's compliance standard.

For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy enabled, FortiCASB will add the corresponding access logs in the Compliance report.

The prerequisite to generate Compliance report is to enable and configure Compliance Policies required by your organization. For more details on configuring Compliance policies, please refer to Policy Configuration

List of Compliance policies

SOX-COBIT

SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

PCI

PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing

HIPAA

HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

GDPR

GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.

ISO 270001

ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

NIST 800-53 V4

NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

NIST 800-171

NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.

Compliance Policy

Compliance policies monitor cloud accounts in compliance with various Compliance standards (SOX-COBIT, PCI, HIPAA, etc.). The main purpose of Compliance Policy is to generate Compliance reports in accordance with your organization's compliance standard.

For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy enabled, FortiCASB will add the corresponding access logs in the Compliance report.

The prerequisite to generate Compliance report is to enable and configure Compliance Policies required by your organization. For more details on configuring Compliance policies, please refer to Policy Configuration

List of Compliance policies

SOX-COBIT

SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

PCI

PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing

HIPAA

HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

GDPR

GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.

ISO 270001

ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

NIST 800-53 V4

NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

NIST 800-171

NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.