IBM Cloud Docs
Formatting controls in your readme file

Formatting controls in your readme file

During the onboarding process, controls that are in your readme file, formatted correctly, and supported by IBM Cloud® Security and Compliance Center Workload Protection appear in the controls table in your private catalog. You can click Add controls to add additional controls to your version. After you publish your product, users can view your controls on the About page for your product.

Formatting controls in your readme file

To include controls with your product's information, include them in your readme file and make sure that the controls are listed in one table. The table must include the following columns:

  • A Profile column
  • An ID column

You can include more columns in the readme file's control table but this information might be overwritten or excluded.

Examples

For examples of how you can format your controls in your readme file, see the following tables:

| Profile | ID |
|---------|----|
| NIST | SC-7(3) |

| Profile | Category | ID      | Description |
|---------|----------|---------|-------------|
| NIST | [SC-7](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC-07) | SC-7(3) | Limit the number of external network connections to the system. |

Managing compliance for your product

You can add controls to your software to prove that it meets security and compliance requirements. To claim compliance, you must add inventory results from Workload Protection. Only controls that are supported by Workload Protection appear in the catalog. You can add controls from policies and import controls from module references.

You must validate your product version before you can add inventory results from Workload Protection.

Adding controls

To add controls, complete the following steps:

  1. On the Manage compliance page, select Add controls.

  2. Select a Workload Protection instance, then a policy.

    If you haven't provisioned a Workload Protection instance yet, you must set up one from the IBM Cloud catalog and enable Cloud Security Posture Management (CSPM) for your IBM Cloud account. Then, complete the steps to integrate with either an existing Workload Protection instance or a new instance.

  3. Select whether you want to add the entire policy or only a subset of controls.

  4. If you select to add an entire policy, continue to the next step. If you select to add a subset of controls, select the controls that you want to add.

  5. Click Add.

Adding inventory results from Workload Protection

You can add inventory results from Workload Protection so that users can see the claimed compliance when they evaluate your product in the catalog.

In Workload Protection, your inventory is updated once every day. You must deploy your resources and wait for the inventory to be updated before you add the inventory to your catalog listing. For more information, go to Inventory.

To add inventory results, complete the following steps:

  1. On the Manage compliance page, click Add results.
  2. Select the Workload Protection instance that you provisioned previously.
  3. Click Apply to apply the latest inventory results.