Compliance - Cloud permissions ↗
Configure access to Cloud compliance.
Configure access to Cloud compliance, which allows organizations to track adherence against regulatory frameworks (e.g., CIS, NIST, PCI DSS), monitor cloud compliance violations, and manage compliance assessment schedules
Notice
Requires Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license.
System-provided (OOTB) standards and controls are immutable. They cannot be edited or deleted by any user, regardless of whether they hold View/Edit permissions
Compliance permissions include Catalog and assessment Profiles, and Reports. Users access Assessment/Reports by going to → .
Catalog and Assessment Profiles
Controls access to the building blocks of Compliance ( → ):
Standards Catalog: A library of compliance frameworks (for example, CIS Benchmarks, NIST 800-53, PCI DSS, SOC 2). Standards can be pre-built (OOTB/system) or custom-created.
Controls Catalog: The individual security checks and requirements that make up a standard.
Assessment profiles: Configurations that define how compliance is assessed.
For more information, see Monitor and track compliance adherence.
Permission | Description | Roles Example |
|---|---|---|
None | No access to the Standards, Controls, or Assessment Profiles pages. | |
View | The user can navigate to the Standards Catalog, Controls Catalog, and Assessment Profiles pages. They can view the list of standards, browse controls and their details (severity, category, linked rules), and see assessment profile configurations (name, standard, schedule, targets). |
|
View/Edit | The user has full access. In addition to all View capabilities, they can create, edit, and delete custom standards, custom controls, and custom profiles. | Security Engineer: Responsible for defining and maintaining compliance standards, controls, and assessment profiles. Needs full access to configure the compliance framework. |
Reports
Reports provide the results and outputs of compliance assessments.
Assessment: The live compliance posture view shows the latest evaluation results for each assessment profile, including scores, control status breakdowns, failed controls by severity, and drill-downs into rules, controls, and assets.
Reports: Historical compliance reports that have been generated and stored. These can be viewed, exported (PDF/CSV), or deleted.
For more information, see View and manage compliance assessments and reports.
Permission | Description | Roles Example |
|---|---|---|
None | The user cannot access the Assessment or Reports pages. Navigation menu items for these sections are hidden. | |
View | The user can navigate to the Assessment and Reports pages. They can view the compliance posture dashboard with scores, control status breakdowns, and failed control severity widgets. They can drill down into profile results to see controls, rules, and asset results. They can view historical reports and export reports to PDF or CSV. They cannot delete reports. |
|
View/Edit | The user has full access. In addition to all View capabilities, they can delete reports. |