Policy Packs guarantee compliance across existing infrastructure for a given cloud provider like Azure. Policy Packs are based on sets of rules/benchmarks provided by security organizations like the Center for Internet Security with the objective of keeping your infrastructure up-to-date with industry security standards. Once you have added a policy pack using the 

) each time you run a scan CloudGraph will 

 execute all your configured policies. Those results will be stored at Dgraph and linked to your existing resources, making it easy to query your compliance results alongside your resources.

Azure Policy Packs

CIS Microsoft Azure Foundations Benchmark 1.3.1

CloudGraph

Overview

Quick Start

Supported Services

Running CloudGraph in EKS

Rules Engine

Compliance

Querying AWS Data

CIS AWS Foundations 1.2.0

CIS AWS Foundations 1.3.0

CIS AWS Foundations 1.4.0

PCI Data Security Standard V 3.2.1 for AWS

NIST 800-53 Rev. 4 for AWS

AWS Policy Packs

Billing Data

AppSync

API Gateway

Route53

Client VPN Endpoint

Cloudwatch Log

Configuration Recorder

Customer Gateway

ElastiCache Cluster

Lambda

NAT Gateway

Network ACL

Network Interface

RDS Db Cluster

RDS Db Instance

Security Group

Subnet

Transit Gateway

Transit Gateway Attachment

VPN Connection

VPN Gateway

Services

Querying Azure Data

Active Directory

App Service

Authorization

Azure Cosmos DB

Disk

DNS Zone

Firewall

Function App

Event Grid

Event Hub

Key Vault

Monitor

Policy

Private DNS Zone

Public IP

Resource Group

Security Center

Security Group (Network)

Storage

Virtual Machine

Virtual Machine Scale Set

Virtual Network

Querying GCP Data

CIS Google Cloud Platform Foundations 1.2.0

PCI Data Security Standard V 3.2.1 for GCP

NIST 800-53 Rev. 4 for GCP

GCP Policy Packs

Storage Bucket

VM Instance

VPC Connector

Project

Querying Kubernetes Data

Service

Storage Class

Secret

Ingress

Role

Network Policy

Service Account

Persistent Volume Claim

Persistent Volume

Namespace

Deployment