Managing compliance and maintaining security standards is essential for any organization, and Secureframe makes this easier with configurable tests, due dates, intervals, and tolerance windows.
This guide explains how to set up and manage test schedules to keep your systems in compliance.
From defining test due dates to setting intervals and tolerance windows, you’ll find step-by-step instructions to customize these features and ensure your organization stays aligned with compliance requirements.
Test Due Dates
Test due dates allows you to set dates in the future where evidence for Upload Tests will be archived and the test will start failing.
You can set due dates and or intervals for your tests on the bottom right panel of the test details slide-out.
Test Intervals
Test intervals are a fully configurable way to determine how often this test needs remediation. (ex, Monthly, Quarterly, Yearly, etc..)
If you use Test intervals, this particular test will fail at the end of the day chosen and then automatically create a new test in the future, based on both the interval and due date you picked.
After clicking on Test Interval you will see a pop-up modal to set these fields. I’d like to clarify that in
Important Note about Test Intervals:
- The "Test Interval" option is only applicable to Upload Tests, where evidence must be manually added to make the test pass, unlike other tests.
- The "Test Interval" is not present in Platform or Integration Tests, because those are more integrated and collecting evidence in real time.
Test Interval Evidence (Archived vs Active)
Once you start using Test Intervals, it is important to understand that Secureframe will automatically archive any evidence used at the end of each interval.
At the time of uploading evidence your test may be in a passing state, but once that interval is over the test and evidence will be archived and moved into a failing state.
This ensure that those test that require evidence throughout the year consistently have fresh and timely evidence.
Quarterly Test Interval & Evidence Examples
- A test below is using Quarterly Test Interval
- Evidence was uploaded by an Admin in May during the first interval and the test becomes passing.
- In the following quarter, this May evidence is now archived and Secureframe prompts the organization for the next piece of evidence.
- Soon another quarter will come and the June evidence will be moved to Archived state and request another piece of evidence.
- This will happen forever or until the Test Interval is removed.
Tolerance Window
Tolerance window is an optional setting that enables you to add some buffer between the time a test is passing and when it falls out of compliance. With a tolerance window, when Secureframe senses your resources to be misconfigured the status will change to "At risk" until the test is remediated or the tolerance window has expired.
If you remediate the test failure, it will start passing again.
If you do not remediate the failure before the tolerance window has expired, the test will enter the failing state. You can set the tolerance window for a test in the test details slide-out on the right side panel.
Frequently Asked Questions (FAQ)
If I set an interval on a disabled test, will the test be reenabled after the interval reaches it's desired window?
- No, setting an interval on an already disabled test will not reenable the test and the test will stay disabled.
If I wanted a test due on October 31, with an "At Risk" alert starting Oct 1, how would I do that?
- In this scenario, set the test interval due date set one month ahead, then set the tolerance window for one month.
- This will set the test to "At Risk" one month before, and the test will flip to failing after the month tolerance window is exceeded.
I am trying to activate evidence, but it refreshed and stays archived?
- The most common issue here is that your test interval and due date are in the past. When tests hit the due date, the evidence uploaded will be marked as inactive/archived.
- If you would like to use the existing uploaded evidence, I would suggest manually setting the next due date, then marking the evidence as active.
- Alternatively, you can upload new evidence, which should automatically set the Due Date based on the interval configured.
If I am using the Tolerance Window and it goes to At Risk state, how long after the due date do I have to complete the tests?
- You can complete the test at any point after it is failing, but the Tolerance Window is there to help provide some buffer and allow you time to fix it before the test fails and ideal for compliance purposes.
- The Tolerance Window essentially sets the test to an "At Risk" state for a period of time when failing evidence is detected.
- If you have a test interval/due date set, the tolerance window will start after the due date has passed.
I am trying to add a Test Interval on a specific test, but I don't see the Test Interval option?
- The Test Interval option is only applicable to Upload Tests, where evidence must be manually added to make the test pass.
- The other 2 types of test are Integration and Platform and these are automatically pulling evidence via integration and or platform related tasks and the Test Interval is not needed.
I noticed some of my Upload tests are failing even though they have no evidence and the due date is set way into the future. Why is this failing?
- Upload test require evidence in order to pass the test, otherwise it will remain in a failing state.
- The Due Date is there to help you maintain compliance, but this test will require evidence in order to be considered passing.
Comments
0 comments
Article is closed for comments.