What if I scan a Cloud Buddha Image and it doesn’t match what is provided in the report?
Cloud Buddha CIS, HIPAA, PCI, and DISA STIG AMI’s are based on the individual regulatory bodies tools and guidelines. Not every organization uses these specific tools, so we recognize that other tools might produce false positives or false negatives. As Buddha Labs does not have access to every possible compliance auditing tool, should a scanner or manual audit return results that don’t match the documentation provide we will work with the customer and vendor to address this use. Well even go a step further and work with the compliance vendor and/or auditor to remedy the problem.
Scans of my system after installing a bunch of applications and now my compliance level is different?
Some software and applications will alter the compliance posture of a system after install. Should this occur, the documentation provided should give clear guidance on what needs to be done to re-hardened the specific requirement. *note* If an application or software alters the compliance posture of a Cloud Buddha AMI, it would be best to contact the software vendor to determine if the alteration affects current support or application functionality. If you have any questions, don’t hesitate to open up a ticket via our support portal and well do everything we can to help!
What about additional compliance guidelines for applications such as Databases, Web Servers, etc?
At this time its up to the you (the customer) to address additional compliance guidelines. It’s on Cloud Buddha’s roadmap to start building on pre-hardened applications such as Apache, MySQL, etc. If you need assistance with additional compliance requirements, drop us a line at firstname.lastname@example.org
Certain applications and/or software won’t install on Cloud Buddha AMI’s!
Most vendors understand regulatory compliance requirements and should be able to assist in troubleshooting installation issues on hardened systems. Cloud Buddha AMI’s documentation will give vendors in-depth insight to changes made to the system.