Supported Frameworks

CSM Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each compliance rule maps to one or more controls within the following compliance standards and industry benchmarks:

FrameworkFramework TagRule Type
CIS AWS Foundations Benchmark v1.5.0*cis-awsCloud
CIS Azure Foundations Benchmark v2.0.0cis-azureCloud
CIS GCP Foundations Benchmark v1.3.0cis-gcpCloud
CIS Docker Benchmark v1.2.0cis-dockerInfrastructure
CIS Kubernetes Benchmark v1.7.0**cis-kubernetesInfrastructure
CIS Kubernetes Benchmark v1.4.0**cis-aksCloud and Infrastructure
CIS Kubernetes Benchmark v1.3.0 **cis-eksCloud and Infrastructure
CIS Ubuntu 20.04 v1.0.0cis-ubuntu2004Infrastructure
CIS Ubuntu 22.04 v1.0.0cis-ubuntu2204Infrastructure
CIS Red Hat Linux 7 v3.1.1cis-rhel7Infrastructure
CIS Red Hat Linux 8 v2.0.0cis-rhel8Infrastructure
CIS Red Hat Linux 9 v1.0.0cis-rhel9Infrastructure
CIS Amazon Linux 2 v1.0.0cis-amzn2Infrastructure
CIS Amazon Linux 2023 v1.0.0cis-al2023Infrastructure
PCI DSS v4.0pci-dssCloud
AICPA SOC 2soc-2Cloud
ISO/IEC 27001 v2iso-27001Cloud
HIPAAhipaaCloud
GDPRgdprCloud
NIST 800-53nist-800-53Cloud
NIST 800-171nist-800-171Cloud
NIST Cybersecurity Framework v1.1nist-csfCloud

*To pass the Monitoring Section of the CIS AWS Foundations benchmark, you must enable Cloud SIEM and forward CloudTrail logs to Datadog.

**Some CIS Kubernetes Benchmark compliance rules only apply to self-hosted Kubernetes clusters.

Notes:

  • CSM Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). CSM Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use CSM Misconfigurations in consultation with your legal counsel or compliance experts.
  • The compliance rules for the CIS benchmarks follow the CIS automated recommendations. If you’re obtaining CIS certification, Datadog recommends also reviewing the manual recommendations as part of your overall security assessment.
  • Datadog also provides Essential Cloud Security Controls, a set of recommendations developed by Datadog internal security experts. Based on common cloud security risks observed by Datadog, this ruleset aims to help users that are new to cloud security remediate high-impact misconfigurations across their cloud environments.

Further reading

Additional helpful documentation, links, and articles:

Getting started with CSM MisconfigurationsDOCUMENTATION more more Explore default CSM Misconfigurations cloud configuration compliance rulesDOCUMENTATION more more Search and explore misconfigurationsDOCUMENTATION more more Datadog Security extends compliance and threat protection capabilities for Google CloudBLOG more more