Aptible PaaS logoDocs

Control Performance

Security controls in-place check for the implementation of a specific safeguard. If you have not implemented a particular control , appropriate notifications are provided in the Aprible Dashboard to indicate the same, with relevant recommendations to remediate.

You can choose to ignore a control implementation, thereby no longer seeing the notification in the Aptible Dashboard and ensuring it does not affect your overall compliance readiness score.

In the example below, container logging was not implemented in the aptible-misc environment.

In such a scenario, you have two options:

Option 1: Remediate and Implement Control

Based on the remediation recommendations provided in the platform for a control you haven’t implemented, you could follow the appropriate instructions to implement the control in question. Coming to the example provided above, the user with write access to the aptible-misc environment can configure a log drain collecting and aggregating their container logs in a destination of choice. Doing this would be an acceptable implementation of the specific control, thereby remediating the issue of non-compliance.

Option 2: Ignore Implementation

You could also ignore the control implementation based on your organization’s judgment for the specific resource. Choosing to ignore the control implementation will signal to Aptible to also ignore the implementation of the particular control, which in the example above, was the aptible-misc environment. Doing so would no longer show you a warning in the UI indicating that you have not implemented the control and would ensure it does not affect your compliance readiness score.

You can see control implementations you’ve ignored in the expanded view of each control. You can also unignore the control implementation if needed.