Skip to main content

Benchmarks

Benchmarks allows you to track, assign, and evaluate security or compliance standards across your projects. This guide will walk you through how to set up, apply, and manage your benchmark frameworks.

Creating a Benchmark

Benchmarks are built using a three-tier hierarchy on the platform: Benchmark > Benchmark Groups > Benchmark Tests.

To build a new benchmark framework, follow these steps:

Step 1: Create the Main Benchmark 

In the left-hand menu, navigate to Settings > Benchmarks, and click the + New Benchmark button in the top right corner. 

You will need to fill in the following details:

  • Name & Code: Enter the full title of the framework and a unique short code for reference.

  • Description & External References: Add any relevant context or external links to the official documentation.

  • Set the Status (e.g., Published) and select a Managed by team if applicable. (Note: Optional scoring systems and test weights can also be configured at this stage).

Click Save to create the top-level benchmark.

Step 2: Create Benchmark Groups 

After saving, click on your newly created benchmark from the list to open its details page.

  1. Navigate to the Benchmark Groups tab located at the top of the page.

  2. Click the + New Benchmark Group button in the top right corner.

Here, you can create groups to organize your tests logically (such as by compliance level or category).

Step 3: Add Benchmark Tests 

Inside each group, you will create the individual test items that need to be evaluated.

Example Use Case: 

To understand this step-by-step hierarchy, let’s look at how a real framework like the CIS Google Cloud Platform Foundation Benchmark v4.0.0 can be structured using different groups for Level 1 (L1) and Level 2 (L2) requirements:

  • Benchmark (Step 1): CIS Google Cloud Platform Foundation Benchmark v4.0.0

  • Group 1 (Step 2): CIS Google Cloud Platform Foundation Benchmark v4.0.0 (L1)

    • Tests (Step 3):

      • 1.1 Ensure that Corporate Login Credentials are Used

      • 1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days

      • 1.16 Ensure Essential Contacts is Configured for Organization

  • Group 2 (Step 2): CIS Google Cloud Platform Foundation Benchmark v4.0.0 (L2)

    • Tests (Step 3):

      • 1.11 Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users

      • 1.12 Ensure API Keys Only Exist for Active Services

      • 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps

Applying Benchmarks to a Project 

Once your Benchmark framework is built at the platform level, you must apply it to specific projects to start tracking:

  1. Navigate to your chosen project.

  2. Go to Actions > Settings.

  3. Click on the Workflows tab.

  4. Select the relevant Benchmark from the list to apply it to the project.

Managing and Executing Tests

Within your project, use the dedicated Benchmark tab to actively manage the workload for your applied frameworks.

Here you can perform several actions to track your team's progress:

  • Status Tracking: You can update the workflow status of each individual test (To Do, In Progress, Completed, or Skipped) using two methods:

    • Quick Update: Click directly on the status badge in the list to open a quick dropdown menu and make your selection.

    • Edit Menu: Click the three-dot menu in the Actions column, select Edit, and change the status from the pop-up modal.

  • Assigning Work: Assign specific tests to individual team members to ensure clear ownership. You can do this in two ways:

    • Individual Assignment: Open the Edit modal (via the three-dot menu in the Actions column) and select a user from the Assigned To dropdown.

    • Bulk/Quick Assignment: Check the box on the left side of one or more tests. This will reveal a Change Assignee button at the top of the list, allowing you to easily assign multiple tests at once.

  • Registering Results: To log the actual outcome of a test, you can select Pass, Partial, Fail, or Not Applicable. This can also be done in two ways:

    • Individual Result: Click the three-dot menu in the Actions column and select Register Result. This opens a prompt where you can also use a dedicated Comment field to leave notes or attach evidence. (Note: You can use the Clear Result option from this same menu if a mistake was made).

    • Bulk/Quick Result: Check the box on the left side of one or more tests and click the Register Result button that appears at the top of the list to log outcomes for multiple items simultaneously.

Importing and Exporting

To save time, especially with large compliance frameworks, you do not have to build tests manually one by one:

  • Export to Excel: Use this option at any time to pull your benchmark data, statuses, and test results into a spreadsheet for reporting and auditing. 

  • Import from file: Use this feature to bulk-upload your benchmarks directly into the platform.

Was this article helpful?