We’ve been busy listening to customer feedback, adding features we know will make compliance suck less, and continually improving the ByteChek platform. Let’s check out some of the highlights:
Risk Assessment Manager and Continuous Risk Register
We know that risk assessments are key activities to complete as part of the ongoing maintenance of your cybersecurity compliance program. We built a National Institute of Standards and Technology (NIST) CSF based risk assessment to manage the unique cybersecurity risks facing their organization. Our NIST CSF based risk assessment includes informative references to other cybersecurity frameworks such as: NIST 800-53, NIST 800-171, ISO 27001, CIS CSC, and the ByteChek platform control set.
ByteChek customers can download a robust risk assessment executive summary or facilitate risk discussions using the continuous risk register. This risk assessment can be used to meet annual risk assessment requirements in SOC2 or other examinations.
ByteChek's Microsoft Azure Integration is live!
The ByteChek platform now connects directly to your Microsoft Azure subscription to continuously assess your Azure resources for compliance with SOC2 requirements and security best practices. ByteChek customers hosted on Azure can now eliminate evidence collection associated with their cloud environment.
Five new AWS Security Controls added to the ByteChek Platform
Our cloud security experts are continuously assessing whether we can add AWS-specific controls to the platform. These controls are focused on security best practices instead of arbitrary compliance requirements. The ByteChek platform now assesses your AWS environment across 20+ different control areas:
- AWS password configurations
- Datastore encryption at rest
- Network segmentation
- Privileged access
- MFA for IAM users
- MFA on the root account
- Unrestricted security groups
- IAM Access key rotation
- Secrets in public code repositories
- S3 Bucket public access
- EBS volume access
- RDS Snapshot access
- S3 bucket logging
- Cloudtrail configurations
- RDS Backups
- RDS multi availability zone status
- EC2 multi availability zone status
- Amazon EBS snapshots (NEW!)
- Amazon RDS security group access (NEW!)
- ELB security groups (NEW!)
- ELB listener security (NEW!)
- Amazon S3 bucket versioning (NEW!)
Your SOC 2 examination should include an evaluation of the critical yet unique security controls facing your AWS environment.
We've launched a few additional governance controls, annual policy test functionality and continued to improve the user experience based on customer feedback.