Compliance

Overview

This document outlines the process for appropriately handling misconfigurations deemed acceptable to ignore temporarily or permanently. It ensures transparency and accountability while maintaining a robust security posture.

If a reported misconfiguration is not valid, you can ignore it. When you ignore the misconfiguration, ARMO Cloud does not consider it a violation.

Risk Acceptance for Compliance

  1. In the table of Controls, click the highlighted hyperlink for one of the failed controls
  2. On the page of the failed resources, click the ignore button for one of the failed resources
  3. On the Ignore rule dialog, type the reason you want to ignore that violation, and click Save
  4. You should see a confirmation message at the top of the screen, indicating the resource was ignored successfully, and the state of the button changed to Unignore.

ℹ️

Future scans will treat Ignored resources as passed resourced, and as a result, the Compliance score will increase.

When setting an expiration date, the resource is ignored until the ignore period expires.

Revoke an accepted risk

  1. Click on the Unignore button for a resource that was previously ignored
  2. Click on the trash button
  3. Confirm the deletion of the Ignore rule
  4. You should see a confirmation message at the top of the screen, indicating the Ignore rule deleted successfully, and the state of the button changed back to Ignore.