You may have some inventory items built into your infrastructure that has yet to be included in the scope of your audit. You can mark them out of scope on the Integrations.
You can mark resources out of scope in the following connections:
- Cloud Provider
- Identity Provider
- Version Control System
- Human Resource Information System
- Datastore Provider
- Mobile Device Management Tool
Manually Configure the Scope of your Resources
- Select Integrations from the left-hand navigation panel
- Choose the integration you would like to adjust, and select configure scope
- From here, you can toggle each option off or on one by one, or select:
- Mark all in: to mark all options in scope
- Mark all off: to mark all options out of scope
- Changes will be saved automatically
Scoping through Tags
- Vanta supports reading tags (called labels in GCP) from our various cloud provider integrations to populate different attributes of cloud resources, such as owner, description, user data, and scope. While these attributes can be set manually on the inventory page or integration page for scoping, these fields are not persistent and will disappear once the integration is disconnected. For this reason, we recommend using tags, as they are continuous and more scalable.
- Tagging can be done through the following:
What should be considered In-Scope or Out-of-Scope for an audit?
- In-scope inventory should include any item used in your production environment, items containing sensitive information, and items containing user data. It is essential to ensure these items are secure due to the nature of the information they contain.
- Out-of-scope inventory could be any items not used in a production environment or items that do not contain sensitive information.