ZCSPM supports many compliance benchmarks categorized as Cybersecurity Benchmarks, Laws and Regulations, and Industry Benchmarks. ZCSPM offers more than 2600 security policies which are mapped to various compliance controls over different benchmarks. One compliance control can have one or multiple security policies mapped to it.

About the Compliance Benchmark page

Any compliance benchmark page contains widgets that preset data in interactive charts, security policies provided by ZCSPM that are relevant to that benchmark and their status:

1. View the Benchmark title.
2. View when configuration metadata was last scanned.
3. Schedule a report. To learn more see Scheduling Reports.
4. Download the compliance benchmark report. To learn more see About Reports.
5. View the Policy Compliance Posture sunburst chart. The chart shows your compliance percentage and the number of policies in each policy status. To learn more about security policy status, see About Security Policy Status.
6. Policy Compliance Trend shows the percentage of policies in different security policy statuses over time.

7. Filter available security policies for the benchmark by the following parameters:
   • Category: The security policy category such as Identity and Access Management (IAM).
   • Policy Status: ZCSPM determines the status for a specific security policy based on the number of compliant assets.
   • Risk Impact: ZCSPM determines the risk impact for every security policy based on common reasons of past security breaches and cloud security best practices provided by cloud service providers.
   • Risk Likelihood: ZCSPM determines risk likelihood based on the percentage of cloud assets which are failing a certain security policy, the security policy status, and the risk impact.
8. Interact with the Policy Summary section:
   • Search for a security policy by the policy title or control number.
   • View the security policy categories for the benchmark and the number of passed policies.
   • Expand a category to view the security policy title, status, impact, and number of passed assets.
   You can select any security policy to view details. To learn more, see About Security Policy Details.