As the first quarter of 2021 comes to a wrap, we are excited to announce that Warden’s team has launched support for the Australian Prudential Regulation Authority (APRA) Prudential Practice Guide CPG 234 compliance standard.
Australia has an open and fairly competitive financial and technological market. The regulator, APRA is accountable to the Australian Parliament but acts independently to supervise institutions performing actions related to insurance, superannuation, and banking. It ensures that all cloud security solution providers adhere to the strict benchmarks to minimize vulnerabilities that can result with rapid technical advancements. And we are thrilled to be able to serve the Australian continent with our latest compliance standard on Horangi’s Warden, viz. APRA CPS 234.
‘Prudential Practice Guide CPG 234’ is an information security law intended to ensure that regulated entities can withstand cyberattacks and other security threats. In addition, when an obvious breach or other security incident is discovered, businesses must respond in a timely manner. CPG 234 applies to all legal entities regulated by APRA.
Prudential Practice Guide CPG 234 compliance mapping clauses
Some highlights of this compliance mapping on Warden include clause 36, 39 and 44 inside APRA CPG 234.
Clause 36(d): Access management controls —only authorized users, software and hardware are able to access information assets.
Mapped rules include:
- IAM Group with Inline Policies
- Customer Managed IAM Policies with Full Administrative Privileges
- Service Account with Admin Privileges
Clause 39(a): Implement mechanisms that access and analyze timely threat intelligence regarding vulnerabilities, threats, methods of attack and countermeasures.
Mapped rules include:
- Image Vulnerability Scanning Using GCR Container Analysis Service
- AWS GuardDuty Not Enabled
Dashboard - Warden Compliance Brief
What This Means
- Warden as a whole is a means to support clause 39: An APRA-regulated entity would typically ensure that existing and emerging information security vulnerabilities and threats pertaining to critical and sensitive information assets are identified, assessed, and remediated in a timely manner.
- Warden is able to check for acquisition and implementation controls. These controls ensure that information security is not compromised by the introduction of new information assets.
Generating An APRA Compliance Report
As the compliance regulatory environment continues to evolve, Horangi’s Warden is constantly expanding its compliance library to serve customers across the globe. Recently, we added the following compliance benchmarks to Warden:
To stay updated with the latest additions to Warden’s compliance automation stack, you can visit our blog. You can also fill up this form to schedule a customized demo to see how Warden can help with your CSPM needshelp with your CSPM needs.