Does Morpheus support compliance for ISO-27001 & PCI-DSS for security ? or is there a plan to add those certifications in near future?
Morpheus helps you configure your instances to comply with various compliance frameworks like NIST 800, ISO 27001, etc. Currently, there is a SCAP scanning module to ingest XML definition profiles. I am evaluating a request to support the ingestion of CIS benchmarks in addition to DISA STIG profiles which Morpheus supports already.
Morpheus also provides guidance to configure your control tier for the Morpheus appliance to meet requirements in hardened environments using DISA guidelines. I am working with our engineering teams to certify the Morpheus appliance running on CIS benchmarks in addition to the DISA requirements.
Morpheus has internal documentation detailing which NIST 800-53 requirements our application meets. It also lists requirements out of scope, and they pertain to organization controls. I am working on updating this document to align with revision 5 of the NIST 800-53 framework.
Thanks Greg for your response. Can you share some insights around PIC-DSS compliance as well as multiple of our customer is asking for it? I would also request your support to get some detailed documentation on various Morpheus supported compliances so that I can read and understand how to configure the same?
I have sent you an e-mail, perhaps it will be a good idea to have a Zoom/Teams call about this question.