> Software > Reports > Dashboards > Cloud Services Portal > Worldwide dashboard on the Cloud Service Website

Cyber Resiliency Index Report

The Cyber Resiliency Index feature calculates the score based on factors such as defense and recovery strategies, security measures, and the identification of cyber threats to prevent data loss. You can view the detailed report by clicking the score on the Cyber Resiliency Index tile from the Worldwide dashboard.

The column in each section of the Cyber Resiliency Index report includes the following information:

  • Status: The current status of the parameter, including whether the parameter is in the Good, the Info, or the Warning status.

  • Parameter: The name of the security setting, the feature, or the option in the Commvault environment.

  • Current setting: The security setting that is currently configured in the Commvault environment.

  • Recommendation: The recommended configuration for the security setting within the Commvault environment.

  • Remarks: A message about the status of the parameter. You can view the information about the feature or the setting from the link that either opens the related document or a related report.

The following are the details of each entity available across the different tabs:

Defend

Provides protection capabilities to isolate and prevent threats from spreading to backup environments.

Parameter

Description

Audit trail

The information about the duration of the audit trail details preserved for Critical, High, Medium, and Low severity events.

Cleanup of unused entities

This parameter displays the number of unused entities in the CommCell environment.

The Cleanup Report displays the names of each unused entity in the CommCell environment, such as the users and the user groups, that might need to be deleted. Entities that are listed include the following:

  • User Groups Without Any Users

  • User Groups Without Any Security Associations

  • Users Not Logged In More than 30 Days

User and user group permissions

This parameter provides a link to the user and user group permissions.

The User and User Group Permissions Report displays the name of each user in the Master User Group, the roles assigned to each user, the permissions assigned to each user, and whether the Master User Group is enabled or disabled.

Single sign-on

An indication of whether single sign-on providers are configured in the CommCell environment.

To view the Single Sign-On Report, which lists the single sign-on providers that are configured in the CommCell, click the link.

Failed login lockout count

The number of failed log-on attempts that are allowed before the user is locked out. This is managed by Commvault in accordance with AC-7 in NIST 800-53 publication. The default value is set to 3 failed login attempts.

Account lockout duration

The duration the account is locked after exceeding the failed login count. The default value is set to 30 minutes.

Command Center timeout period

The number of minutes that the Command Center is configured to wait before logging out an inactive user.

CommCell Console timeout period

The number of minutes that the CommCell Console is configured to wait before logging out an inactive user.

To view the instructions for configuring the timeout period, click Change.

Password complexity level

The complexity level that is configured for password requirements for users in the CommCell environment. There is also an indication of whether the Check Password Complexity workflow is enabled.

Multi-factor authentication

An indication of whether multi-factor authentication is enabled in the CommCell environment.

If this feature is disabled, you can view the documentation about multi-factor authentication. In the Action column, click Enable.

Delete authorization

An indication of whether Delete authorization is enabled in the Commvault environment. When the Delete authorization is enabled then additional administrative approval is required. The approval request is sent via email to all the administrators, and the request can be approved or denied by any other administrator. You must have a secondary tenant administrator account to use Delete authorization feature.

The Delete authorization supports server deletion, mount path deletion, job deletion, and plan deletion.

If this feature is enabled, then the tenant administrator will not receive the email notification, and also, it cannot be disabled.

Restore authorization

An indication of whether the Restore authorization is enabled in the Commvault environment. When the Restore authorization is enabled then additional administrative approval is required. The approval request is sent via email to all the administrators, and the request can be approved or denied by any other administrator. You must have a secondary tenant administrator account to use Restore authorization feature.

If this feature is enabled, then the tenant administrator will not receive the email notification and also, it cannot be disabled.

Privacy feature

An indication of whether the privacy feature is enabled or disabled.

If the privacy feature is disabled, then the parameter displays the Warning status.

Passkey for restore feature

An indication of whether the passkey for restore feature is enabled in the CommCell environment.

Commvault recommends that you enable this feature, but the parameter displays only the Info status, whether the passkey for restore feature is enabled or disabled.

Requires user authentication for installing agents

An indication of whether the CommCell environment requires users to authenticate before they install agent software.

If user authentication is not required to install agent software, then the parameter displays the Warning status.

Disaster Recovery dump location is configured using admin shares

An indication of whether the DR backup is configured to the Commvault cloud library, the cloud library of the user, or the UNC path using admin shares.

Storage with encryption

An indication of whether the storage is encrypted. Commvault encrypts storage by default.

Compliance Lock

To protect data from retention policy changes and prevent malicious or accidental deletion. The Compliance Lock is available only for the companies that have backup storage.

The compliance lock provides the following protection:

  • The data, backup destinations, and servers and plans associated with the backup destinations in the locked storage cannot be deleted.

    It is still possible to delete a plan or reassociate a server to a new plan when the compliance lock is enabled. This is a nondestructive task since backups protected on locked storage cannot be deleted and are recoverable for the retention period that was initially set.

  • The retention period cannot be reduced for the backup destinations.

    Compliance storage is only supported for user-provided storage. The Commvault provided storage cannot enable compliance lock.

    If this feature is enabled, then it cannot be disabled.

Key management server

Displays the third-party key management used in the Commvault environment.

Key Management Server for Password Encryption

An indication of whether a key management server is configured in the CommCell environment.

To view instructions about how to set up a key management server, under Action, click the link.

Ransomware protection

An indication of whether all mount paths are secured against ransomware.

If any mount paths are not secured against ransomware, then the parameter displays the Critical status.

Threat Indicator

An indication of whether the Threat indicator alert is enabled.

If the Threat indicator alert is disabled, then the parameter displays the Critical status.

Windows MediaAgent with admin shares

Indicates the number of MediaAgent with Windows administrative shares enabled, which can add security risks to your environment.

Detect

Provides the ability to identify and protect sensitive and critical data, supporting security and compliance requirements.

Parameter

Description

Operational anomalies

Indicates the number of events that were flagged as anomalous based on the previous event history.

Threat indicators

Indicates the number of events identified as potential threats.

Threatwise

Indicates whether the trap is configured in your environment.

By integrating Threatwise™ with Commvault backup services, you can receive trap deployment recommendations tailored to the backup service's network environment data.

Recover

Ensures continuous validation of backup data, maintaining its integrity and enabling faster recovery in the event of a failure.

Parameter

Description

Cleanroom recovery groups

Provides the number of Cleanroom recovery groups configured in the CommCell environment. The Air Gap copy provides the number of recovery groups configured.

The Commvault Cleanroom Recovery provides an automated way to test the cyber recovery, analyze, and ensure the business recovery in the event of a security break.

Cleanroom recovery groups contributes 10% to the total Recovery score.

Airgap copy

Provides the number of Air Gap copies present in the CommCell environment.

Airgap copy contributes 20% to the total Recovery score.

Quarterly testing

The quarterly testing on the CommCell environment provides the result based on the last successful test based on the last control plane recovery. The status is considered Good when the test runs successfully every 105 days.

Quarterly testing contributes 20% to the total Recovery score.

Recovery SLA

Provides the percentage of cleanroom recovery entities recovered in the last 30 days that either met or missed the SLA.

Recovery SLA groups and CyberReady group contributes 30% to the total Recovery score.

Disaster recovery backup

Provides the status of the DR backups that were configured to the cloud.

DR backup contributes 20% to the total Recovery score.

Page contents

×

Loading...