Compliance with APRA CPS 234: Our Latest Addition to Compliance Standards on Horangi Warden 

Organizations that need to be compliant to the Australian Prudential Regulation Authority (APRA) can now report on compliance posture in just one click with Warden.

As the first quarter of 2021 comes to a wrap, we are excited to announce that Warden’s team has launched support for the Australian Prudential Regulation Authority (APRA) Prudential Practice Guide CPG 234 compliance standard. 
Australia has an open and fairly competitive financial and technological market. The regulator, APRA is accountable to the Australian Parliament but acts independently to supervise institutions performing actions related to insurance, superannuation, and banking. It ensures that all cloud security solution providers adhere to the strict benchmarks to minimize vulnerabilities that can result with rapid technical advancements. And we are thrilled to be able to serve the Australian continent with our latest compliance standard on Horangi’s Warden, viz. APRA CPS 234. 

‘Prudential Practice Guide CPG 234’ is an information security law intended to ensure that regulated entities can withstand cyberattacks and other security threats. In addition, when an obvious breach or other security incident is discovered, businesses must respond in a timely manner. CPG 234 applies to all legal entities regulated by APRA.

Prudential Practice Guide CPG 234 compliance mapping clauses

Some highlights of this compliance mapping on Warden include clause 36, 39 and 44 inside APRA CPG 234. 

Clause 36(d): Access management controls —only authorized users, software and hardware are able to access information assets.

Mapped rules include: 

  • IAM Group with Inline Policies
  • Customer Managed IAM Policies with Full Administrative Privileges
  • Service Account with Admin Privileges

Clause 39(a): Implement mechanisms that access and analyze timely threat intelligence regarding vulnerabilities, threats, methods of attack and countermeasures.

Mapped rules include: 

  • Image Vulnerability Scanning Using GCR Container Analysis Service
  • AWS GuardDuty Not Enabled

Dashboard - Warden compliance brief

Dashboard - Warden Compliance Brief

What This Means

  • Warden as a whole is a means to support clause 39: An APRA-regulated entity would typically ensure that existing and emerging information security vulnerabilities and threats pertaining to critical and sensitive information assets are identified, assessed, and remediated in a timely manner.
  • Warden is able to check for acquisition and implementation controls. These controls ensure that information security is not compromised by the introduction of new information assets. 

APRA Compliance brief in Warden

APRA View

APRA Compliance report in Warden

Generating An APRA Compliance Report

As the compliance regulatory environment continues to evolve, Horangi’s Warden is constantly expanding its compliance library to serve customers across the globe. Recently, we added the following compliance benchmarks to Warden:

To stay updated with the latest additions to Warden’s compliance automation stack, you can visit our blog. You can also fill up this form to schedule a customized demo to see how Warden can help with your CSPM needs

Hana Fadillah

Hana Fadillah is a Product Manager at Horangi and a Cybersecurity Evangelist. She is actively involved with 'Women in Product' in Asia and is passionate about preparing elderly to embrace infocomm technology to connect better with the community and to take part in the opportunities for the digital economy.

Subscribe to the Horangi Newsletter.

Be the first to hear about Horangi's upcoming webinars and events, up-and-coming cyber threats, new solutions, and the future of cybersecurity from our tech experts.