Scopes Management
Scopes Management allows you to define and manage scope boundaries for compliance verification. This section will guide you through understanding, creating, and managing scopes.
Overview
Scopes provide context for compliance verification, allowing you to:
- Multi-Environment: Verify compliance across different environments
- Organizational Structure: Align scopes with organizational units
- Geographic Boundaries: Define scopes by region or location
- Flexible Definitions: Create custom scope types as needed
- Consistent Grouping: Group related resources together
Figure 1: Scopes concept and usage.
Scopes allow you to verify the same control across different contexts. For example, verify password policy for both production and staging environments separately.
Scope Concepts
What are Scopes?
Scopes are key-value pairs that define context for compliance verification:
- Key: The scope dimension (e.g., environment, region)
- Value: The specific value for that dimension (e.g., production, us-east-1)
A control can have multiple scopes, and computations are executed for each unique combination of scope values.
Scope Example
Consider a control with the following scopes:
{
"environment": "production",
"region": "us-east-1",
"cloud-provider": "aws",
"criticality": "high"
}
This control will be verified for the production environment in the US East region on AWS with high criticality.
Figure 2: Scope with multiple dimensions.
Scope Combinations
Multiple scope values create combinations for verification:
| Environment | Region | Combinations |
|---|---|---|
| production | us-east-1 | 1 |
| production | eu-west-1 | 1 |
| staging | us-east-1 | 1 |
| staging | eu-west-1 | 1 |
| Total | 4 |
With 2 environments and 2 regions, there are 4 unique combinations, resulting in 4 separate computations for the control.
Predefined Scope Types
STATUS provides several predefined scope types commonly used in compliance verification:
Environment
Common environments in software development:
- production: Production/live systems
- staging: Pre-production testing environment
- development: Development environment
- testing: Dedicated testing environment
Figure 3: Environment scope values.
Region
Geographic regions for distributed systems:
- us-east-1: US East (N. Virginia)
- us-west-2: US West (Oregon)
- eu-west-1: EU (Ireland)
- eu-central-1: EU (Frankfurt)
- ap-southeast-1: Asia Pacific (Singapore)
Cloud Provider
Cloud service providers:
- aws: Amazon Web Services
- gcp: Google Cloud Platform
- azure: Microsoft Azure
- on-premise: On-premise infrastructure
Criticality
System criticality levels:
- high: Critical systems
- medium: Important systems
- low: Non-critical systems
Figure 4: Common predefined scope types.
Manage Scope Definitions
Scope definitions define the available scope types and their values.
View Scope Definitions
To view scope definitions:
- Navigate to Scopes section from main navigation
- View the list of scope definitions:
- Name: Scope dimension name
- Description: What this scope represents
- Type: Scope type
- Default: Default value (if any)
- Created At: When the scope was created
Figure 5: Scope definitions list view.
Create a Scope Definition
To create a new scope definition:
- Navigate to Scopes section
- Click on Create Scope button
- Configure the scope:
- Name: Scope dimension name (e.g., environment, region)
- Description: What this scope represents
- Type: Scope type (text, select, etc.)
- Default: Default value (optional)
- Available Values: List of available values (for select type)
- Click Save to create the scope
Figure 6: Create scope definition form.
Scope definitions define what scope types are available. They don't assign scopes to controls - that's done at the control level.
Edit a Scope Definition
To edit a scope definition:
- Navigate to Scopes section
- Click the Edit button next to the scope
- Make your changes
- Click Save to update
Editing a scope definition affects all controls using this scope type. Be careful when changing available values.
Delete a Scope Definition
To delete a scope definition:
- Navigate to Scopes section
- Click the Delete button next to the scope
- Confirm the deletion
You cannot delete a scope definition that is used by any controls. Remove it from controls first.
Use Scopes in Controls
Scopes are assigned to controls to define context for compliance verification.
Add Scopes to a Control
To add scopes to a control:
- Navigate to a Control Details page
- Find the Scopes section
- Click the Edit button next to Scopes
- Select the scopes to assign:
- Scope Type: Select scope dimension
- Value: Select value for that scope
- Click Add to add more scopes
- Click Save to save the scopes
Figure 7: Add scopes to control form.
Update Control Scopes
To update a control's scopes:
- Navigate to the Control Details page
- Click the Edit button next to Scopes
- Add, remove, or modify scopes
- Click Save to update
Updating scopes on a control will create new computations for the new scope combinations. Existing computations will be preserved for historical analysis.
Remove a Scope from Control
To remove a scope from a control:
- Navigate to the Control Details page
- Click the Edit button next to Scopes
- Click the X button next to the scope to remove
- Click Save
Removing a scope from a control doesn't delete existing computations. They remain available for historical analysis.
View Scoped Computations
Scopes affect how computations are executed and displayed.
Computation Results by Scope
Computation results show the scope for each computation:
- Index: Sequential number (clickable for details)
- Result: Pass/fail status
- Scope: The scope context for the computation
- From: Start time of the computation period
Figure 8: Computation results showing scope.
Filter by Scope
You can filter computation results by scope:
- Navigate to a Control Details page
- In the Computation Results section
- Use the search/filter functionality
- Filter by scope values (e.g., "environment:production")
Compliance Status by Scope
Compliance status can be viewed by scope:
- Overall Compliance: Compliance across all scopes
- Scope-Specific Compliance: Compliance for each scope value
- Scope Combinations: Compliance for each unique combination
Figure 9: Compliance status breakdown by scope.
Scope Best Practices
Follow these best practices for effective scope management:
- Logical Dimensions: Use dimensions that align with your organization
- Consistent Naming: Use consistent naming conventions for scopes
- Minimize Combinations: Be careful with too many scope dimensions (combinatorial explosion)
- Default Values: Set sensible defaults for scope types
- Clear Descriptions: Document what each scope represents
- Review Regularly: Review and update scope definitions as your organization evolves
More scope dimensions create more computation combinations. Be mindful of performance when designing your scope structure.
Scope Design Tips
When designing scopes:
- Start Simple: Begin with 1-2 scope dimensions
- Expand Gradually: Add more dimensions as needed
- Consider Volume: Estimate computation volume for each scope combination
- Prioritize: Focus on most important scope dimensions first
- Document: Document the purpose and usage of each scope
Scope Examples
Example 1: Simple Environment Scope
A control with just an environment scope:
{
"environment": "production"
}
Combinations: 1 (production) Computations: 1 per period
Example 2: Environment and Region
A control with environment and region scopes:
{
"environment": "production",
"region": "us-east-1"
}
Combinations: 4 (production × us-east-1, us-west-2, eu-west-1, eu-central-1) Computations: 4 per period
Example 3: Multiple Dimensions
A control with multiple scope dimensions:
{
"environment": "production",
"region": "us-east-1",
"cloud-provider": "aws",
"criticality": "high"
}
Combinations: Potentially many Computations: Many per period (use with caution)
Figure 10: Scope complexity and computation volume.
Be careful with too many scope dimensions. Each additional dimension multiplies the number of computations required.
Troubleshooting
Too Many Computations
If you have too many computations:
- Review your scope dimensions
- Reduce number of scope values
- Remove unnecessary scopes from controls
- Increase computation period
Scope Not Working
If a scope is not working as expected:
- Verify scope definition exists
- Check scope values are correct
- Ensure scope is assigned to the control
- Review computation logs for errors
Cannot Remove Scope
If you cannot remove a scope:
- Check which controls use this scope
- Remove scope from those controls first
- Try removing the scope definition again
For complex scope issues, review the computation logs or contact support for assistance.