CSPM Policies

Overview

CSPM Policies allow you to:

  • See what is being evaluated by the Actionable Compliance feature in the context of compliance standards (CIS, NIST, etc.)
  • Review the policy structure and the controls connected to it
  • Enable/disable controls
  • Filter controls by enablement status, violation severity, name, and control type

The features are under development and will soon include the ability to create custom CSPM policies as well.

Prerequisites

This feature requires the Actionable Compliance component, also currently in preview state.

If necessary, review:

  1. Select Policies > Actionable Compliance | CSPM Policies.

  2. Review the CSMP Policy list. The included policies are listed alphabetically.

    • Policy Name/Description: The full policy name and description, in accordance with naming used by, e.g., the Center for Internet Security (CIS). Click the arrow to link directly to the relevant standards website.

    • Version: This column lists the version of the standard published. Not to be confused with the version, e.g., of Kubernetes, listed in the policy name.

    • Date Published: Date the policy was published (default) or activated (for custom policies).

    • Author: Sysdig for default policies; creator name for custom policies

  3. Click a row to open the individual policy page.

Select a policy from the CSPM Policies list to review requirements and controls, enable/disable controls, and filter/search.

  • Requirement Groups and Requirements: Open the rows in the left pane to view requirement groups and the nested requirements to which the controls are linked.

    Hover to get the full description text.

  • Enable/Disable: Toggle to enable/disable an individual control within a policy. The control will be enabled/disabled for ONLY the targeted policy.

  • Filter: See below.

Filter

  • Use the Select drop-down to narrow the view into a requirement group or requirement.

  • Use the Filter features to perform actions such as:

    • Find a requirement group, requirement, or control by Name

    • Find all Enabled controls within a policy

    • Find controls in a policy by Control Type (Host/Identity/Resource)

    • Filter by control Severity

Filter Details

Note that any filters can be combined. For example, you could filter to find:

How many high-severity disabled controls are linked to the policies I care about?

Enabled/Disabled

  • Click in the Filter box and select Enabled = [True | False]

  • Optional: Add more filters, such as Severity = High.

Name

  • Click in the Filter box and select Name =

  • Type a keyword and select from the drop-down options.

Severity

  • Click in the Filter box and select Severity in [High | Medium | Low].

Type

  • Click in the Filter box and select Type in [Host | Identity | Resource]

    CSPM Control Types:

    • Host: Linux, Docker, Kubernetes Cluster
    • Resource: Kubernetes / Cloud Resource (i.e. bucket, compute, AWS resource…)
    • Identity: Kubernetes / Cloud Identity (e.g.,. IAM)