Integrated compliance in Azure with Xacta 360
Azure Gov Team
This guest post contributed by Vicky Frescas and Tirtza Bernstein of Telos Corporation covers how to use Xacta® 360 with Azure and Azure Government. Learn more by attending the upcoming Accelerating ATO on Azure webinar on May 28 at 2PM EST.
Telos Corporation recently announced the Xacta® 360 integration with Microsoft Azure Government to accelerate IT risk management and compliance in the cloud. We invite you to attend a webinar on May 28 at 2PM EST with Azure CISO for High Security Clouds, Rich Scher, and Telos Corporation’s Vice President of Strategy and Cloud, Steve Horvath. The webinar will cover the new integration and how customers can use Xacta 360 to streamline and automate many labor-intensive tasks associated with key security frameworks.
This blog provides an overview of how Xacta 360 integrates with Azure to speed up your compliance, along with some quick pointers on getting started.
Xacta 360 retrieves Azure resources to be tested for compliance
Xacta 360 leverages the Azure Blueprints and Azure Policy framework to provide resource discovery and scanning capabilities through connections to Azure subscriptions. Each connected subscription is assigned to one or more Xacta 360 projects. Each project represents one assessment boundary or system.
An API-based scanner retrieves Azure resources associated with the connected subscriptions and pulls them in as assets in the cloud resources process step in each project:
This process step allows you to select which regions and resources should be included in the system boundary and tested. Users can also assign resource roles in order to execute certain cloud tests against those resources. Failed policy results from Azure will show up as findings on this page.
Recommended controls implementations based on Azure Policy
A library of recommended controls implementations are provided in Xacta 360 based on the policies that Xacta 360 integrates with, allowing users to apply the recommended implementations to their controls as applicable. This significantly reduces the compliance burden for organizations using Azure.
Control validation based on Azure Policy
Cloud resource tests are created through integration with the Azure Policy Insights API that can trigger policy scans on demand or on a schedule. Based on the policies applied in the associated subscription, the scan results will be ingested as cloud resource test results in your project’s test plan:
The test results will be mapped to relevant controls based on control mapping data and are seamlessly integrated into Xacta 360’s compliance assessment features, including user analysis, automated risk generation, and POAM creation.
Getting started with Xacta 360
Once launched, there are multiple resources available to guide you on your way to using Xacta 360. These resources will assist you with the key tasks of downloading and restoring project templates, creating projects and users, and familiarizing yourself with the interface and workflow of your Xacta 360 projects in order to get you on your way to achieving compliance in the cloud faster.
We encourage you to register today for the upcoming webinar that will go deeper into the topics addressed in this article. If you register and are unable to attend, a link to the on-demand recording will be sent to you. For more information, visit: www.telos.com/azure.