Glossary
This glossary contains terms that are relevant to BMC Helix Cloud Security.
General terminology
The following terms apply to terms you find in the Cloud Security UI or as part of the typical business use cases for using the service.
Account
The company that is registered to use Cloud Security.
Check
An automatic policy evaluation performed by Cloud Security for a given tenant.
Compliance content
Pre-built compliance templates that BMC offers out-of-the-box to analyze regulatory compliance. Such templates can facilitate compliance analysis when you need to adhere to industry-defined compliance policies such as CIS, DISA, HIPAA, PCI, or SOX.
Connector
A ready-to-use collector that can be configured to collect data from various sources (such as AWS, Docker, and other custom data) and to send it to Cloud Security.
Policy
A pre-built regulatory policy, which is helpful for auditors. Policies contain rules that evaluate the servers, hosts, or other resources for compliance.
Resource
An object of interest to the customer that needs to be evaluated. For example, CFN template, server, receipt, temperature of refrigerator, and so on.
Rule
An expression that is used to evaluate whether a resource is compliant.
Transaction
A transaction is one policy evaluated against one resource.
Violation
A condition that indicates non-compliance of a given rule or a group of rules.
Exception :
Exceptions can be applied for a rule in a policy. When a resource is marked for exception then the rule will be always compliant as long as the exception is in effect.
Remediation :
Remediation is an action through which compliance violation can be fixed. Remediation can be enabled or disabled under Actions on the Policy Details page
Connector :
Connector is the component that collects compliance data from the data source (for example, AWS) and evaluates the data against the compliance policies that you specify. Connectors can be set to evaluate data on-demand or on a user-defined schedule.
Terminology by technology
The following terms are relevant to the specific technology groups governed by the Center for Information Security (CIS) and used in Policy to evaluate corresponding resources and maintain compliance and governance in specific environments.
Comments
Log in or register to comment.