Compliance

Overview

This document outlines the process for appropriately handling misconfigurations deemed acceptable to ignore temporarily or permanently. It ensures transparency and accountability while maintaining a robust security posture.

If a reported misconfiguration is not valid, you can accept it as a risk. When you accept the risk, ARMO Cloud does not consider it a violation.

Risk Acceptance for Compliance

  1. In the table of Controls, click the highlighted hyperlink for one of the failed controls
  2. On the page of the failed resources, click the Accept the risk button for one of the failed resources
  3. On the Accepting the risk dialog, type the reason, and click Save
  4. You should see a confirmation message at the top of the screen, indicating the risk was accepted successfully, and the state of the button changed to Edit accepted risk.

ℹ️

Future scans will treat Accepted resources as passed resourced, and as a result, the Compliance score will increase.

When setting an expiration date, the resource is Accepted until the expiration period expires.

Revoke an accepted risk

  1. Click on the Edit accepted risk button for a resource that was previously risk accepted
  2. Click on the trash button
  3. Confirm the revoke of the accepted risk
  4. You should see a confirmation message at the top of the screen, indicating the accepted risk revoked successfully, and the state of the button changed back to Accept the risk.