IBM Cloud Docs
Segmenting your scope

Segmenting your scope

Effective 15 Dec 2025, Security and Compliance Center is end of support. Any existing service instances on that date will be non-functional. Start your transition now to Security and Compliance Center Workload Protection, which is readily available and offers advanced cloud security posture management (CSPM). For more see, see Transitioning to Security and Compliance Center Workload Protection.

To run an evaluation by using IBM Cloud® Security and Compliance Center, you must target the specific resources that you want to scan by creating a scope. After your scope is created, you can segment your scope into subscopes that can be used to limit access to scan results. To learn more about scopes and best practices, see Best practices.

Only IBM Cloud scopes can be segmented into subscopes.

Before you begin

Before you get started, be sure that you have the following prerequisites.

Creating a subscope

You can create a subscope by using the Security and Compliance Center UI.

  1. In the IBM Cloud console, go to the Resource list page and select your instance of Security and Compliance Center.
  2. In your instance of Security and Compliance Center, go to the Scopes page and select the scope that you want to segment by clicking its name.
  3. In the Subscopes section of the Details panel that opens, click Manage
  4. Click Create.
  5. Provide a name and description for your subscope.
  6. Select the resources that you want to include in the subscope.

Next, you can create an attachment to start evaluating your resources. Or, you can provide access to the users in your account that need to work with the subscope that you created.