USM Anywhere delivers a comprehensive library of predefined compliance report templates for PCI DSS, HIPAA, NIST CSF, and ISO 27001, so you can accelerate your security and compliance programs and be audit-ready faster. It also includes 50+ predefined event reports by data source and data source type, helping to make your daily monitoring and reporting activities more eficient.
In addition to predefined reports, USM Anywhere gives you powerful security investigation capabilities at your finger tips. Its intuitive and flexible interface allows you to quickly search and analyze your security data, plus you can create and save custom views and export them as executive-ready reports. Because USM Anywhere gives you centralized visibility of all your cloud and on-premises assets, vulnerabilities, threats, and log data from your firewalls and other security tools, you have the most complete and contextual data set at your disposal.
This blog describes the predefined compliance reports available in USM Anywhere. It also describes search and analytics capabilities in USM Anywhere that empower you to quickly produce your own custom reports.
Predefined Compliance Reports
To meet regulatory compliance requirements like PCI DSS and HIPAA and to ensure that you continuously meet those requirements, you must demonstrate that you regularly monitor your environments. This demands rigorous reporting to gain insight into your assets, vulnerabilities, and potential threats, which can be extremely time-consuming if executed manually.
USM Anywhere delivers the following set of predefined compliance reports that map directly to common regulatory compliance requirements and frameworks, so you can quickly and easily provide evidence of compliance during your next audit.
In addition, you can easily customize any of the predefined compliance reports in USM Anywhere, adding dynamic graphs and charts to create a professional, executive-ready report.
PCI DSS Reporting
In USM Anywhere, once you define the PCI Asset Group—the servers, applications, and storage entities across your environment that are considered in-scope of a PCI DSS card-holder data environment (CDE)—then, you can readily view, export, and customize the following predefined reports.
HIPAA - Healthcare Compliance Reporting
For healthcare providers, HIPAA is a key concern. In USM Anywhere, once you define your HIPAA Asset Group—the part of your environment that touches protected health information (PHI) data—then you can readily view, export, and customize the following predefined reports.
NIST Cybersecurity Framework (CSF) Compliance Reporting
USM Anywhere allows you to quickly and easily report the status of controls across the NIST CSF functions of Identify, Protect, Detect, and Respond. The following predefined NIST CSF are available out of the box with USM Anywhere.
ISO 27001 Compliance Reporting
Out of the box, USM Anywhere includes pre-built compliance reporting templates that map to multiple ISO 27001 requirements, making it fast and simple to review the state of your deployed technical controls and help satisfy requests during an audit. You can easily customize, save, and export any report as needed.
The ISO 27001 reporting templates in USM Anywhere can also serve as general guidelines as you prepare to satisfy the requirements of industry standards and regulations like the European Union’s GDPR, or in gaining ISO 27001 certification. Because ISO 27001 serves as a globally accepted framework for information security management, it can be helpful in demonstrating how you manage your cyber security and compliance program.
Predefined Event Reports
To give you insights into key events by different data source types or by specific solutions, USM Anywhere delivers the following predefined event reports out of the box.
With USM Anywhere, you can easily create custom reports as you need.
USM Anywhere’s powerful log management capabilities give you a highly efficient way to search, filter, and analyze your security-related data. From either the Events or Alarms views, you can alter the view by any data field or time frame or by entering your own search phrase. Because USM Anywhere stores your recent log and event data within its Elasticsearch hot storage, you can be assured that your search results generate extraordinarily fast.
In your filtered (or “custom”) data view, you can drill down to view the details of any event or alarm to investigate it. You can select the data fields you want to display, and adjust the order in which they appear in the custom list view. And, you can sort the list based on key data fields, such as time created.
When you finish building the custom view that best suits your needs, you can click to save the custom data view for quick and continued access. For example, you may wish to save a custom data view that shows all login activities of a flagged suspicious user, so that you can review it daily.
You also have the option to export any predefined or custom data view in an HTML or CSV format, with options to define the report name and description, date range, number of records, and more. You can select from several rich predefined graphs to add visual elements to your data - perfect for analyzing trends or presenting an executive-level summary.