CSM Misconfigurations is not available in the selected site.

CSM Misconfigurations comes with more than 400 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each compliance rule maps to one or more controls within a compliance standard or industry benchmarks. See Supported Frameworks for more information.

View your compliance posture

View a high-level overview of your compliance posture for each framework on the CSM Misconfigurations Compliance page.

  • Framework Overview: A detailed report that gives you insight into how you score against a framework’s requirements and rules.
  • Explore Resources: A filtered view of the Misconfigurations page that shows resources with misconfigurations for the selected framework.
  • Configure Rules: Customize how your environment is scanned and set notification targets by modifying the compliance rules for each framework.
The compliance reports section of the CSM Misconfigurations Compliance page provides a high-level overview of your compliance posture

Explore compliance framework reports

Compliance framework reports show which rules are failing in your environment, along with details about the misconfigured resources.

The summary at the top of the report shows the number of rules with pass/fail misconfigurations, the top three high-severity rule failures, and a detailed breakdown of the rules based on severity. You can also explore your past posture with the time selector, download a PDF copy of the report, and filter the page by account, team, service, and environment tags.

Below the summary is a complete listing of all rules associated with the framework, organized by requirements and controls, along with the number of resources checked by the rule, and the percentage of failures.

The CIS AWS compliance framework report provides details on critical rule failures

Select a rule to view details about the misconfigured resources, the rule description, its framework or industry benchmark mapping, and suggested remediation steps.

The compliance rule side panel includes information about the rule and resources with failed misconfigurations

Create custom compliance frameworks

Create your own compliance framework by adding a custom tag to the compliance rules you wish to track. This enables you to filter the misconfigurations on the Misconfigurations issue explorer by the custom tag. You can also clone the Cloud Security Management - Misconfigurations Overview dashboard and configure a template variable for the custom tag to dynamically filter the widgets on the dashboard.

  1. On the Compliance Rules page, select the rule you wish to add the custom tag to.
  2. Under Say what’s happening, navigate to the Tag resulting misconfigurations with section and add the key:value for the custom tag.
  3. Click Update Rule.


Further reading