Compliance determination
The Compliance Evidence Store is the unseen layer between the Governance and risk dashboard and the data, risk calculation, and operators that make it function.
When you install the IBM Cloud Pak® for Multicloud Management online, you automatically install the Compliance Evidence Store along with all of the other components that make tracking your enterprise's security work. For an overview of the components that make the Governance and risk dashboard function, see Operators and the Governance and risk dashboard.
The Compliance Evidence Store is the component responsible for the following actions:
- Retrieving compliance data
- Storing compliance data
- Updating risk calculations
- Providing results data
Retrieving compliance data
The Compliance Evidence Store works with the governance, risk, and compliance operators to retrieve compliance data from a multitude of sources. Whether you have a VM policy, or are protecting your clusters, that data is all routed through the Compliance Evidence Store. For more information about the operators that make the Compliance and risk dashboard work, see Operators and the Governance and risk dashboard.
Storing compliance data
After the data is retrieved, the Compliance Evidence Store parses the raw data and stores it for use in assessing risk and communicating results.
Updating risk calculations
The results from your compliance data are used to update the status of your policy violations. As new violations are found, each type of risk must be recalculated depending on where your violations occur. The Compliance Evidence store facilitates the flow of risk data and revised risk scoring. For more information about risk and risk calculation, see Risk quantification.
Providing results data
After the results that are gathered from your security policies are assessed and the risk calculations are adjusted, the Compliance Evidence Store sends that data to the Governance and risk dashboard. The results that you see on the Policies and Security findings tabs are all a result of the Compliance Evidence Store managing and presenting that data. For more information about the Governance and risk dashboard, see Governance, risk, and compliance.