Compliance for CIS Benchmarks | Datadog

Compliance for CIS Benchmarks

Enhance system security using industry-standard best practices

Maintaining regulatory compliance is necessary for organizations that do not want to leave their systems vulnerable to attacks or face costly audit penalties. CIS benchmarks, published by the Center for Internet Security (CIS), help organizations assess the current state of their environment's security configurations in order to reduce system vulnerabilities. Since these benchmarks cover a sizable list of operating systems, software, and hardware, organizations need the ability to mitigate any compliance issues as quickly as possible.

Compliance Monitoring, an offering within the Datadog cloud security platform, enables organizations to benchmark systems against CIS standards, so they can get a better understanding of their security posture. Compliance Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment with a full-stack offering providing threat detection, posture management, workload security, and application security. With Datadog's out-of-the-box compliance dashboards, teams can easily review violations at a glance, then notify the appropriate members using one of Datadog's collaboration integrations to resolve the issue.

Automatically detect system vulnerabilities

Organizations need to be proactive in catching system misconfigurations, or they risk compromising valuable and confidential customer data. Datadog's built-in cloud configuration rules require no extra setup and enable teams to routinely monitor all of their services. These rules are also automatically mapped to various CIS benchmarks, so organizations can actively monitor their systems against the most up-to-date benchmarks and surface vulnerabilities immediately.

Increase compliance visibility at cloud scale

Building and maintaining a secure environment requires thorough configuration management for every system resource—from cloud provider user policies to network traffic on individual nodes. Datadog scans every resource in real time, so organizations can identify and fill critical security gaps before they become more serious. If Datadog detects a potential compliance issue, teams are automatically alerted with clear steps to resolve the problem.

Receive automatic alerts when a potential compliance issue is detected.

When there is a compliance issue, organizations need the ability to correlate findings with other system data to better understand the scope of a violation. With Datadog's unified platform, teams can easily find connections between a misconfiguration in a Kubernetes cluster and anomalous resource usage on an underlying host.

Seamless integration for faster, easier audits

As part of the Datadog cloud security platform, Compliance Monitoring seamlessly integrates with an organization's cloud environment and resources, so teams can gather the information needed to conduct thorough compliance audits without the need for third-party assessments or special training. For example, Datadog's compliance dashboards give teams a shareable report card of compliance findings across their cloud and local environments, so they can review the state of any resource at a glance.

Compliance Monitoring also integrates with the AWS Well-Architected (WAR) Tool by automatically mapping built-in AWS compliance rules to recommendations provided by the WAR Tool. This gives teams the ability to quickly identify and address misconfigurations found during the Well-Architected review process and improve their overall compliance posture. With the ability to collect, analyze, and retrieve relevant data in one place, organizations can significantly cut the time it takes to conduct third-party audits.