Supported Frameworks

Cloud Security Misconfigurations comes with more than 1,000 out-of-the-box compliance rules that evaluate the configuration of your cloud resources and identify potential misconfigurations. Each compliance rule maps to one or more controls within the following compliance standards and industry benchmarks.

In Cloud Security, rules with the infrastructure label are applicable to Agent installations.
FrameworkSupported VersionsFramework TagRule Type
AICPA SOC 22017 TSC w/ rev POF - 2022soc-2Cloud
Australia APRA CPS 2342019cps234Cloud
Australia ASD Essential 82024essential8Cloud
AWS Foundational Security Best Practicesv1.0.0aws-fsbpCloud
Brazil LGPD2018lgpdCloud
California CCPA/CPRANov 2022ccpaCloud
CIS AlmaLinux 9v2.0.0cis-almalinux9Infrastructure
CIS Amazon Linux 2023v1.0.0cis-al2023Infrastructure
CIS Amazon Linux 2v3.0.0cis-amzn2Infrastructure
CIS AWS Foundations Benchmark*v5.0.0, v4.0.0, v3.0.0, v1.5.0cis-awsCloud
CIS Azure Foundations Benchmarkv4.0.0, v2.0.0cis-azureCloud
CIS Docker Benchmarkv1.2cis-dockerInfrastructure
CIS GCP Foundations Benchmarkv3.0.0cis-gcpCloud
CIS GKEv1.6.0cis-gkeCloud
CIS Kubernetes (AKS) Benchmark**v1.4.0cis-aksCloud and Infrastructure
CIS Kubernetes (EKS) Benchmark**v1.7.0, v1.4.0cis-eksCloud and Infrastructure
CIS Kubernetes Benchmark**v1.9.0cis-kubernetesInfrastructure
CIS Red Hat Linux 7v3.1.1cis-rhel7Infrastructure
CIS Red Hat Linux 8v3.0.0cis-rhel8Infrastructure
CIS Red Hat Linux 9v2.0.0cis-rhel9Infrastructure
CIS Ubuntu 20.04v1.0.0cis-ubuntu2004Infrastructure
CIS Ubuntu 22.04v2.0.0cis-ubuntu2204Infrastructure
CIS Ubuntu 24.04v1.0.0cis-ubuntu2404Infrastructure
CMMCv2.0cmmc-level-2Cloud
Digital Operational Resilience Act (DORA)C(2024) 1532doraCloud
Essential Cloud Security Controlsv2essential-cloud-security-controlsCloud
EU Cyber Resilience Act2024cyber-resilience-actCloud
FedRAMP High (Preview)v5fedramp-highCloud
FedRAMP Moderate (Preview)v5fedramp-moderateCloud
FedRAMP Low (Preview)v5fedramp-lowCloud
GDPR2016/679gdprCloud
HIPAA800-66-r2hipaaCloud
ISO/IEC 270012022, 2013iso-27001Cloud
NIS2 Directive (EU)2022/2555nis2Cloud
NIST 800-171v2nist-800-171Cloud
NIST 800-53v5nist-800-53Cloud
NIST AI Risk Management Frameworkv1.0nist-ai-rmfCloud
NIST Cybersecurity Frameworkv2.0, v1.1nist-csfCloud
PCI DSSv4.0pci-dssCloud
UK Cyber Essentials2024cyber-essentialsCloud
Singapore MAS TRM2021mas-trmCloud

*To pass the Monitoring Section of the CIS AWS Foundations benchmark, you must enable Cloud SIEM and forward CloudTrail logs to Datadog.

**Some CIS Kubernetes Benchmark compliance rules only apply to self-hosted Kubernetes clusters.

Notes:

  • Cloud Security Misconfigurations provides visibility into whether your resources are configured in accordance with certain compliance rules. These rules address various regulatory frameworks, benchmarks, and standards (Security Posture Frameworks). Cloud Security Misconfigurations does not provide an assessment of your actual compliance with any Security Posture Framework, and the compliance rules may not address all configuration settings that are relevant to a given framework. Datadog recommends that you use Cloud Security Misconfigurations in consultation with your legal counsel or compliance experts.
  • The compliance rules for the CIS benchmarks follow the CIS automated recommendations. If you’re obtaining CIS certification, Datadog recommends also reviewing the manual recommendations as part of your overall security assessment.
  • Datadog also provides Essential Cloud Security Controls, a set of recommendations developed by Datadog internal security experts. Based on common cloud security risks observed by Datadog, this ruleset aims to help users that are new to cloud security remediate high-impact misconfigurations across their cloud environments.

Further reading

Additional helpful documentation, links, and articles:

Getting started with Cloud Security MisconfigurationsDOCUMENTATION more more Explore default Cloud Security Misconfigurations cloud configuration compliance rulesDOCUMENTATION more more Search and explore misconfigurationsDOCUMENTATION more more Datadog Security extends compliance and threat protection capabilities for Google CloudBLOG more more