Cloud Security Posture Management

Cloud Security Posture Management

Cloud Security Posture Management is currently in public beta.
Cloud Security Posture Management is not currently available in US1-FED, US3, or EU.


Datadog Cloud Security Posture Management (CSPM) makes it easier to assess and visualize the current and historic security posture of your cloud environment, automate audit evidence collection, and catch misconfigurations that leave your organization vulnerable to attacks.

Assess the configuration of your cloud resources, such as security groups, storage buckets, load balancers, and databases against configuration rules. Use the Datadog Agent to review local configuration information from servers, containers, and Kubernetes clusters against Datadog’s OOTB security posture rules.

View your cloud security posture at a high level with the Posture Management page, and drill into the details of findings and analyze historical configurations with Posture Findings.


  • Average security configuration score: Percentage of your environment that satisfies all of your active Datadog’s OOTB rules. Formula: (# of resources with 0 findings) / (total # of resources scanned).

  • Requirement: A group of controls representing a single technical or operational topic, such as Access Management or Networking. The regulatory framework PCI DSS, for example, has 12 requirements.

  • Control: A specific recommendation for how technology, people, and processes should be managed; typically based on a regulation or industry standard.

  • Resource: A configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies.

  • Rule: A rule evaluates the configuration of a resource to validate an element related to one or more controls. Rules may map to multiple controls, requirements, and frameworks.
  • Framework: A collection of requirements that map to an industry benchmark or regulatory standard.

Get Started