Compliance Policy
Compliance policies monitor cloud accounts in compliance with various Compliance standards (SOX-COBIT, PCI, HIPAA, etc.). The main purpose of Compliance Policy is to generate Compliance reports in accordance with your organization's compliance standard.
For example, if a user accesses a file containing private health information and you have the corresponding HIPAA policy enabled, FortiCWP will add the corresponding access logs in the Compliance report.
The prerequisite to generate Compliance report is to enable and configure Compliance Policies required by your organization. For more details on configuring Compliance policies, please refer to Policy Configuration |
List of Compliance policies
SOX-COBIT
SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.
PCI
PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing
HIPAA
HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.
GDPR
GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.
ISO 270001
ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.
NIST 800-53 V4
NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.
NIST 800-171
NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.