icon-zwp.svg
Posture Control (ZPC)

Configuring a Manual Compliance Ignore Filter

You might want to ignore compliance security policies from being evaluated by ZPC for your cloud deployment. For example, you might use AWS S3 buckets on your cloud deployment only for QA and would not want them to be evaluated for compliance. You can ignore specific policies for AWS S3 buckets and ZPC doesn't evaluate those specific security policies for any S3 bucket.

When a compliance security policy is ignored, all relevant assets for that policy are also ignored by ZPC. If you need some assets to be evaluated by ZPC for the same security policy, you can manually include those assets for ZPC evaluation.

  • When you ignore a policy, its status changes to "Ignored". ZPC categorizes ignored policies as passed for its compliance score evaluation. You might notice a change in your policy compliance score after ignoring or including policies for ZPC evaluation.
  • When you ignore an asset, its status changes to "Ignored". ZPC categorizes ignored assets as passed for its compliance score evaluation. You might notice a change in your asset compliance score after ignoring or including assets for ZPC evaluation.

Ignoring Compliance Security Policies

You can ignore one or multiple compliance security policies on ZPC. When you ignore a compliance security policy, all relevant assets are also ignored.

Including Compliance Security Policies

You can include one or multiple previously ignored compliance security policies for ZPC evaluation. When you include a compliance security policy, all relevant assets are also included.

Ignoring Assets for a Compliance Security Policy

You can ignore one or multiple assets for a particular compliance security policy. When you ignore an asset for a particular policy, ZPC continues to evaluate other compliance policy against the asset.

    1. Go to Cloud Posture > Compliance.
    2. Click the Benchmark Name for the compliance benchmark you want to select.
    3. Click the Policy ID relevant to the asset you want to ignore.
    4. On the Assets tab, for the single asset you want to ignore, click the Actions icon, then select Ignore Asset.

    1. In the Ignore Asset window, enter a comment, then click Ignore Asset.

    Close

    1. Go to Cloud Posture > Compliance.
    2. Click the Benchmark Name for the compliance benchmark you want to select.
    3. Click the Policy ID relevant to the asset you want to ignore.
    4. On the Assets tab, select all included assets to ignore.
    5. Click Actions, then select Ignore Asset.
    6. In the Ignore Asset window, enter a comment, then click Ignore Asset.
    Close

Including Assets for a Compliance Security Policy

You can include one or multiple previously ignored assets for a security policy again for ZPC evaluation.

    1. Go to Cloud Posture > Compliance.
    2. Click the Benchmark Name for the compliance benchmark you want to select.
    3. Click the Policy ID relevant to the asset you want to include.
    4. On the Assets tab, for the ignored single asset you want to include, click the Actions icon, then select Include Asset.
    5. In the Include Asset window, enter a comment, then click Include Asset.
    Close

    1. Go to Cloud Posture > Compliance.
    2. Click the Benchmark Name for the compliance benchmark you want to select.
    3. Click the Policy ID relevant to the asset you want to ignore.
    4. On the Assets tab, select all ignored assets to include.
    5. Click Actions, then select Include Asset.
    6. In the Include Asset window, enter a comment, then click Include Asset.
    Close
Related Articles
About ComplianceCreating a New BenchmarkViewing Benchmark DetailsViewing Compliance Security Policy DetailsConfiguring a Manual Compliance Ignore FilterConfiguring an Automatic Compliance Ignore FilterManaging Compliance Ignore FiltersSupported Benchmarks