Cloud Services

Compliance and Security Operations

Introduction to Compliance and Security Operations

Kyndryl Compliance and Security Operations enables the assessment of IT asset regulatory and policy compliance and security.

The service enables the acquisition of deep visibility into your infrastructure and cloud consumption to help your organization become more efficient and curb shadow IT. Within that context, compliance and security represent significant concerns in terms of minimizing both the cost of compliance and non-compliance. The service ensures that all assets are secure and compliant with government regulation and corporate policy, helping to avoid the very real but initially unapparent cost of non-compliant finance and resources. Further, non-compliance is also very costly in terms of fines and loss.

The Security and Compliance service provides a platform for ensuring compliance with business policies and regulations, as well as the security of assets, thus minimizing cost and optimizing development and production activities.

Supported personas and teams

Security and Compliance serves the following personas and teams:

  • Security and Compliance Officer
  • Account team
  • DevOps team

Roles associated with these personas are available in Users and roles management.

Compliance and Security Operations dashboard

Security and Compliance is presented as a single dashboard powered by third party technology that monitors and scores both regulatory and business policy security risk and compliance. During implementation, the dashboard is configured to not only discover assets, but test them against government regulations and security policies set by the owner organizations.

The compliance engine then scores the assets based on a preprogrammed business value. The scores and compliance data are then visualized using graphic, color-coded displays, offering an at-a-glance view of the organizations compliance.

In addition to overall compliance data and scores, the dashboard also allows the assessment of multiple, individual regulations such as FedRAMP, GDPR, ISO standards, and nearly 40 regulatory regimes.

The Compliance SecOps dashboard contains eight displays that provide an at-a-glance assessment of your critical compliance and security posture:

  • Sunrise Report
  • Overall Risk Distribution
  • Maximizing Remediation Impact
  • Overall Compliance Scores
  • Top Applications at Risk
  • Top Assets at Risk
  • Distribution of Cloud Assets
  • MITRE ATT&CK Matrix

For more information on the Compliance and Security Operations dashboard, see Compliance and Security Operations dashboard.

Supported compliance regulatory standards

Security and Compliance Operations supports the following standards:

  • ISO-27017
  • ISO-27018
  • NIST Privacy
  • PCI 5. ISO
  • GDPR
  • FFIEC
  • FedRAMP Low
  • FedRAMP High
  • APRA-CPS
  • CSA
  • IRS
  • CSF
  • NIST-800-171
  • CMMC
  • OSFI
  • ITSG
  • INSUR-ITGC
  • FISMA (NIST-800-53-R4)
  • FISCAM
  • FedRAMP
  • DHS-800-53 Rev4
  • DoD-RMF
  • CCPA
  • NERC CIP
  • SOC-2
  • NIST SP 800-53r5
  • HIPAA 29. NY-CRR
  • CNSSI-1253
  • VRA
  • SWIFT
  • QCF
  • FedRAMP Moderate
  • CRI
  • CJIS
  • CMMC-V2
  • PCI-DSS-V4

Top Pages

Do you have two minutes for a quick survey?
Take Survey