Aqua CSP 


Deployment Objective 

In some scenarios, our default CIS Benchmarks might not fit or cover your environment requirements. Some checks will need to be removed or added, thereby customizing the actual results displayed. 

Deployment Steps 


1, Disable the CIS enabled checks that are going to be modified from the default Assurance Host Policy: 



  1. 2. Access the enforcer file system from the host, or from the enforcer itself: The .yaml files that you see below are some of the ones that we use for the CIS. Do not delete or modify
    these files.  


    3. Copy these files into other location and add or remove any check complying with your environment. 


  1. 4. You can add your newly modified .yaml files as Custom Compliance Checks: 




  1. 5. Add it to a policy. Since you disabled the default policy, it should cover what you are trying to achieve: 



This option might be added to our GUI in a future release. 


Related information