CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each compliance rule maps to one or more controls within a compliance standard or industry benchmark. You can also create custom frameworks to define and measure compliance against your own cloud security baseline.

View your compliance posture

View a high-level overview of your compliance posture for each framework on the CSM Misconfigurations Compliance page.

  • Framework Overview: A detailed report that gives you insight into how you score against a framework’s requirements and rules.
  • Explore Resources: A filtered view of the Misconfigurations page that shows resources with misconfigurations for the selected framework.
  • Configure Rules: Customize how your environment is scanned and set notification targets by modifying the compliance rules for each framework.
The compliance reports section of the CSM Misconfigurations Compliance page provides a high-level overview of your compliance posture

Explore compliance framework reports

Compliance framework reports show which rules are failing in your environment, along with details about the misconfigured resources.

The summary at the top of the report shows the number of rules with pass/fail misconfigurations, the top three high-severity rule failures, and a detailed breakdown of the rules based on severity. You can also explore your past posture with the time selector, download a PDF copy of the report, and filter the page by account, team, service, and environment tags.

Below the summary is a complete listing of all rules associated with the framework, organized by requirements and controls, along with the number of resources checked by the rule, and the percentage of failures.

The CIS AWS compliance framework report provides details on critical rule failures

Select a rule to view details about the misconfigured resources, the rule description, its framework or industry benchmark mapping, and suggested remediation steps.

The compliance rule side panel includes information about the rule and resources with failed misconfigurations

Further reading

PREVIEWING: mervebolat/span-id-preprocessing