All About Compliance Packs and Exports on Resmo

Cloud can muddy the compliance waters, and when accompanied by the addition of SaaS resources, it becomes a monumental challenge to see through. Well, at least without the right solution.

With sets of controls that come in packs for varying compliance requirements, from cloud security best practices to industry standards, Resmo streamlines the art of staying compliant. 

You can create custom packs containing an array of security checks or use Resmo's managed packs to assess your compliance posture and take faster actions. This way, automating categorized controls and collecting compliance evidence becomes easier. Let's see this feature in detail and pack a punch.

What are compliance packs on Resmo?

Packs are logical collections of rules that continuously evaluate your resource conformance while providing compliance scores, controls' statuses, and export functionality. We designed Packs to streamline your security best practices and compliance checks. There are three kinds of packs on Resmo; managed, standard, and custom.

Managed packs: As the name suggests, Resmo manages the default packs, so you won't need to worry about configuring them. Like other types of packs, managed packs group together related rules under top-level controls and compare your resources with security best practices or industry. One example is AWS Startup Security Baseline (AWS SSB) pack. 

Standard packs: Standard packs check your assets against industry standards like CIS Benchmarks. These packs are also managed by Resmo.

Custom packs: In case you have custom compliance requirements, Resmo offers you the flexibility to create your custom packs using custom and/or managed rules. 

How you can benefit

Now that you know what packs are, we can get a closer look at how you can utilize them.

  • See the compliance scores and quickly learn the overall status of a collection of controls.
  • Packs are the fastest route to assessing your cloud resources' compliance with industry standards like CIS Benchmarks. Plus, you may use the results as compliance evidence.
  • With the export function, users on your Resmo account can export pack results as HTML and download them as PDFs. This comes in handy, especially when sharing or presenting the evaluation results or periodically comparing the snapshots.
  • Creating custom packs allows you to combine controls of your choice and execute packs that continuously evaluate those controls. 

Use cases for Compliance Packs

You can always mold packs into your specific needs with the custom packs ability, but we'll give a few pack examples to help you get a general idea for starters.

1. AWS CIS 1.4.0 Level 1.2 Benchmark pack

Packs can be used to evaluate your assets' conformance with compliance standards.

This benchmark ensures that your AWS account conforms to the AWS CIS 1.4.0 Level 1.2 Benchmark. The benchmark is a set of security controls designed to help you improve and maintain the security of your AWS account. Resmo's managed AWS CIS 1.4.0 Level 1.2 Benchmark pack aggregates related rules under top-level controls, showing you each one's status and general compliance score.

AWS CIS benchmark pack on Resmo

Top controls of the pack include:

  • Identity and Access Management
  • Storage
  • Logging
  • Monitoring
  • Networking

Suggested reading: Common Amazon S3 Mistakes

2. AWS Startup Security Baseline (AWS SSB) pack

Packs can be used to conform with your cloud service provider's suggested security controls.

AWS Startup Security Baseline (AWS SSB) is a set of controls to help you implement a minimum foundation to build securely on AWS. It is designed with early startups in mind, alleviating the most common security risks. The controls in AWS SSB are separated into two categories, account and workload, defined as top-level controls on Resmo.

AWS SSB pack on Resmo
  • Obtain a compliance score*
  • Detect rules that fail and see the remediation steps for each
  • Export results at different times to compare*
  • Export as HTML or PDF to present to your team or share*

* These benefits comprehend all packs.

3. Multi-factor Authentication (MFA) pack

Packs can be used to validate if a specific security best practice, valid for multiple services, is in place.

Multi-factor authentication is a way of protecting your accounts by requiring two or more pieces of information to gain access. It's a way of verifying that you are who you say you are, and it helps to prevent unauthorized access to your accounts. The Multi-factor Authentication (MFA) pack brings together all MFA rules for your integrated services and checks them at once, providing a compliance score in the meantime. 

MFA compliance pack
  • Swift and automated method for checking MFA for all services you use
  • Ability to see how many of your service configurations pass or fail MFA controls

You might also like Reasons Behind Attack Surface Expansion.

Must-know pack basics

Compliance score: Resmo automatically runs the designated controls inside a pack and estimates a compliance score on a scale of a hundred. Additionally, you can see the compliance scores for different resource groups (if there are any) for a specific pack.

Overview: The Overview tab on a pack detail page is there to help you get an overview of that specific pack and charts showing changes over time.

Controls: The Controls tab shows all the top and sub controls inside your pack with their statuses and remediation information, if any.

Export: If you need to export your pack reports, you can quickly generate exports from the Export tab on that pack's detail page. The pack export feature deserves a dedicated section, so let's walk you through it.

What are Pack Exports?

Pack results can be exported as HTML or downloaded as PDFs, containing rule details, results, and suppressions. In addition, Resmo emails the export link to the user who generates it. 

compliance pack export

Optional export components:

  • Rule Details: rule details such as description
  • Control Results: detailed rule results and matched resources for the current snapshot
  • Suppressions: suppressed resources for the current snapshot
ℹ️ You can choose whether you want to include the components above or not.

Advantages of generating pack exports

  • Obtaining a snapshot of your control results to compare with previous ones
  • Ability to download as PDF to save, present, or share outside Resmo
  • Getting an entire overview of your pack in detail

How to export your pack results

Step 1: Log in to your Resmo account and navigate to the Packs page.

compliance packs page on Resmo

Step 2: From there, click on the pack that you wish to export.

Step 3: Go to the Export tab and hit the Generate Export button. 

generate export button

Step 4: Select what to include or exclude from the opening modal and click Submit.

Step 5: Your export will be listed in the Export tab once it's generated. Click it to open it as HTML in your browser. 

  • To download it as a PDF, click the Download PDF button.
  • Resmo will email the export link to the user who generated it.

Time to check your compliance score

As discussed earlier in this article, packs will elevate how your team handles security and compliance checks. Whether you use packs for:

  • Preparatory checks before periodical compliance audits
  • Keeping up with security best practices and compliance requirements for multi-cloud and SaaS  
  • Gathering compliance evidence

Packs improve your security and compliance posture; better yet, they will make it continuous. If you haven't signed up yet, create your Resmo account with the free trial and give Packs a try.

Continue Reading