Preparing for a compliance audit can be an overwhelming process. Coordinating and translating requirements between teams is often a time consuming, manual process, regressions uncovered between audits can drive friction between internal IT and security teams, and between the rise of cloud and container solutions and numerous emerging regulatory frameworks, the sheer breadth of what needs to be accounted for is constantly on the rise. This is all exacerbated by current practices, which often only evaluate security and compliance when changes are ready to be promoted to production, where problems can be far costlier to address than if they had been found earlier in the development lifecycle.
To meet these challenges, and enter audits with confidence in the compliance of your estate, it’s imperative that you have a way to continuously validate systems across environments. InSpec helps us do just that, by providing a framework for translating your compliance requirements into reusable code that can be run as often as your environments change, ensuring that you always know the compliance impact of any event.
In our latest webinar, Preparing for Audits with InSpec, I covered these challenges and history in more depth, and using the Payment Card Industry Data Security Standard (PCI DSS) as an example, demonstrated how you can use InSpec and the Compliance Profiles included with Chef Automate to start building out an auditing framework to evaluate environments consistently, wherever they might live. If you missed the live presentation, you’re in the right place! Check out the recording below.