Cloud Security Compliance Accelerator

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 5 min. de leitura

    • Cloud Security Compliance Accelerator enables your organization to comply with cloud standards and benchmarks. The accelerator aids to monitor your organization’s applications and data hosted in cloud, to comply with regulatory standards set by industry guidelines, and local and international laws.

    Cloud Security Compliance Accelerator simplifies cloud security compliance by integrating with Cloud Security Posture Management (CSPM). It supports the Critical Security Controls (CIS) version 8, which are prioritized set of safeguards to mitigate the most prevalent cyber attacks against systems and networks. They are mapped to other security standards such as NIST 800-53, NIST 800-171, PCI DSS 4.0, ISO 27002, and others. This accelerator provides mapping between cloud controls from CIS version 8 and related controls from NIST 800-53, NIST 800-171, PCI DSS 4.0, and ISO 27002 and CSPM policies that are based on CIS benchmarks for Azure and AWS, enabling continuous monitoring of cloud controls.

    The users who can administer and manage this application are compliance manager (sn_compliance.manager) and compliance administrator (sn_compliance.admin).

    Pre-requisites for Cloud Security Compliance Accelerator

    The plugin applications that are required to import the mapped data between the control objectives coming from different sources and configuration tests are:

    GRC: Cloud Security Compliance Accelerator plugin
    The plugin enables mapping between the control objectives and the configuration tests to monitor cloud controls. GRC: Cloud Security Accelerator Config test record is also shipped with the application for the metadata information and staging logic.
    GRC: Policy and Compliance integrator plugin
    GRC: Cloud Security Compliance Accelerator plugin is dependent on GRC: Policy and Compliance integrator plugin for the underlying basic structural information of the mapped tables and the scheduled job to import the mapped data.
    Nota:
    Although GRC: Cloud Security Compliance Accelerator plugin is installed, at least one of the following dependent applications must be installed to ship the mapped data:
    • For control objectives that originate from Continuous Authorization and Monitoring (CAM), CAM must be installed.
    • For control objectives that originate from CIS, CyberSecurity Controls Monitoring application must be installed.
    • For control objectives that originate from UCF, either CIS V8, NIST 800-53, NIST 800-171, ISO 27002, or PCI DSS 4.0 authority document and related citations, and control objectives must be downloaded from UCF.

    Tables shipped to customers with Cloud Security Compliance Accelerator application

    The tables that are shipped to the customers are:
    Control objective to object staging table [sn_grc_pci_control_objective_object_staging]
    Staged table for control objective and configuration test mappings.
    Control objective mapping import configuration [sn_grc_pci_control_objective_mapping_import_configuration]
    Metadata table to store the configuration information required to ship the records from the staging table to the target table.
    Control objective mapping import additional fields configuration [sn_grc_pci_control_objective_mapping_import_additional_fields_configuration]
    Metadata table to store key-value pairs pertaining to any additional columns on the target m2m table.

    For more information on these tables, see Tables for control objective and config tests mapping and for the descriptions of the tables used in Cloud Security Compliance Accelerator, see Tables installed with Governance, Risk, and Compliance.

    Scheduled job to move data from staging to target table

    A scheduled job (Import control objective mappings to main table) is available for you to execute on demand, which picks up the mapped records in the Pending state from the Control objective to object staging table. The job is scheduled to run on demand because the user can import shared lists anytime, or when they have new control objectives generated with mappings or when there are new configuration tests.

    The job moves the record details to the appropriate columns in the Control objective mapping import configuration target table, and then marks the records as Processed in the Control objective to object staging table.

    As a compliance admin, if you do not want the record to be mapped between the control objective and the configuration test, then you can mark it as Inactive.

    After the records are processed, you can navigate to the target table, Control Objective to Configuration Controls [sn_compliance_m2m_policy_statement_configuration_control] to view the records.

    Importing UCF-related mapped data

    To import Unified Compliance Framework (UCF) shared list data into the Policy and Compliance Management tables, use GRC: Compliance UCF.

    You can import control objectives that are from a UCF-related shared list. If you have installed UCF and have control objectives originating from the UCF shared list or imported a new shared list, then execute the Import control objective mappings to main table scheduled job to get the new control objectives.

    You can run the scheduled job on demand whenever you import a new shared list. After the job is executed, all the UCF-related mappings between control objectives and configuration tests that were in Pending state in the Control objective to object staging table are processed. The mapped data are moved to the mapping table, which is Control Objective to Configuration Controls table.

    Nota:
    Controls will be generated after associating control objective to configuration tests only when:
    • The sn_compliance.auto_create_profile_and_control property is enabled.
    • The Creates controls automatically option must be enabled in the Control objective form.

    Importing UCF shared list that consists of NIST 800-53, NIST 800-171, ISO 27002, PCI DSS 4.0, CIS Controls V8 authority documents import corresponding control objectives.

    In a similar manner, mapped data between control objectives and configuration tests related to Azure and AWS CIS benchmarks are also imported from the staged table to the target table on executing the scheduled job.

    New CIS v8 content to GRC: Cybersecurity Controls Accelerator

    CIS Controls version 8 is the new authority document that is added to the Cybersecurity Controls Accelerator application. The authority document contains 171 citations, 171 control objectives, and a new content reference. The content reference is mapped to the authority document, citations, and control objectives.

    You can navigate to Technology Controls Monitoring and filter the records with source as CIS Controls to view the authority document, citations, and control objectives mapped to content reference. The Content Reference to Authority Document table has the mapped data between the content reference and authority document. The Content Reference to Citation table stores the mapped data between the new citations and the content reference. Similarly, the Content Reference to Control Objectives table has the mapped data between the content reference and control objectives. For more information, see Cybersecurity Controls Accelerator.