GET /cspm/system_compliance
This endpoint returns information on your overall system compliance based on the requirements of one or more standards.
Request
Format
Request information on system compliance for one or more standards.
GET/cspm/system_compliance/{id}Parameters
Parameter | Type | Optional | Description |
|---|---|---|---|
| String | No | The ID of the standard you want to display the compliance information for. If this parameter is not specified in the request, the response will include compliance information for all available standards. |
Examples
Request information on system compliance for the GDPR standard:
GET/cspm/system_compliance/GDPR
Response
Format
{
"data": [
{
"id": "string",
"type": "system_compliance",
"attributes": {
"title": "string",
"controls": [
{
"id": "string",
"description": "string",
"section_id": "string",
"section_title": "string",
"rules": [
{
"id": "string",
"name": "string",
"version": 0
}
]
}
]
},
"relationships": {
"rules": {
"data": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f******",
"type": "rule",
"meta": {
"name": "string",
"version": 0
}
}
]
}
},
"links": {
"self": "string"
}
}
],
"links": {
"self": "string",
"next": "string"
},
"meta": {
"total": 0,
"elapsed": 0
}
}Attributes
Attribute | Type | Description |
|---|---|---|
| Array | A list of attributes containing information on a specific standard. |
| String | The ID of the standard. |
| String | The type of the standard. Possible values: |
| Array | Provides standard information. |
| String | The title of the standard. |
| Array | A list attributes providing information on the controls included in the standard. |
| String | The ID of the control. |
| String | The description of the control. |
| String | The section ID the control is located under. |
| String | The section title the control is located under. |
| String | A list of information regarding the rules created to verify that the requirements specified in the control are met. |
| String | The ID of the rule. |
| String | The name of the rule. |
| Integer | The current version of the rule. |
| Array | A list of related entities. |
| Array | A list of rules that have been created to verify that the requirements specified in the control are met. |
| Array | A list providing information regarding the related entity. |
| String | The ID of the related entity. |
| String | The type of the related entity. Possible values: |
| Array | Provides overall information regarding the related entity. |
| String | The name of the related entity. |
| Integer | The version of the related entity. |
| Array | Provides links relevant to this standard. |
| String | A direct link this standard. |
| Array | Provides links that allow you navigate between pages. |
| String | A direct link the information for this standard. |
| String | A direct link the information for the next standard returned by the request. |
| Array | Provides overall information regarding to the information returned by the request. |
| Integer | The total number of results returned by your request. |
| Integer | The number of results you have viewed, including the one being displayed. |
Examples
Information was requested for the GDPR standard:
{
"data": {
"id": "gdpr",
"type": "system_compliance",
"attributes": {
"title": "GDPR",
"controls": [
{
"id": "IV.025.001",
"description": "Data protection by design and by default: Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.",
"section_id": "IV",
"section_title": "Controller and processor",
"rules": [
{
"id": "cdf9dd53-36cf-4016-81b7-072a55******",
"name": "cloud_scan/aws/elasticsearch/node_to_node_encryption_not_enabled",
"version": 1
},
{
"id": "a1c224c5-0bd8-49c5-9c31-103c75******",
"name": "cloud_scan/aws/elasticache/atrest_encryption_not_enabled",
"version": 1
},
{
"...": "..."
}
]
},
{
"id": "IV.025.002",
"description": "Data protection by design and by default: The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.",
"section_id": "IV",
"section_title": "Controller and processor",
"rules": [
{
"id": "be856d03-9b1c-4815-8d86-6e1959******",
"name": "cloud_scan/aws/rds/public_snapshots",
"version": 1
},
{
"id": "33cb4f09-032d-4dc8-92b0-7bab6e77db18",
"name": "cloud_scan/gcp/storage/bucket_publicly_accessible",
"version": 1
},
{
"...": "..."
}
]
},
{
"id": "IV.025.003",
"description": "Data protection by design and by default: An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate compliance with the requirements set out in paragraphs 1 and 2 of this Article.",
"section_id": "IV",
"section_title": "Controller and processor",
"rules": []
},
{
"...": "..."
}
]
},
"links": {
"self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/system_compliance/gdpr"
}
}
}