Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Cloud Security Posture Management (CSPM)

Written by
Updated at March 2, 2026

Note

This feature is at the Preview stage.

Cloud Security Posture Management (CSPM) is a tool that monitors infrastructure security level based on security standards, such as Yandex Cloud's Cloud Infrastructure Security Standard.

In a given workspace, Cloud Security Posture Management (CSPM) checks the cloud infrastructure and applications deployed on the Yandex Cloud platform for compliance with comprehensive security requirements and best practices. The module's rules and exceptions help ensure compliance with security policies and protection against common threats and vulnerabilities in the cloud environment.

The check resumes every 8 hours. Upon completion, the system updates the violation count, applies created exceptions, and sends alerts.

Standards

Currently, Cloud Security Posture Management (CSPM) supports infrastructure compliance checks for the following security standards:

  • Yandex Cloud basic security rules: Minimum set of security requirements ensuring basic protection of cloud infrastructure and applications deployed on the Yandex Cloud platform.
  • Yandex Cloud cloud infrastructure protection standard: Standard providing comprehensive security requirements and best practices for protection of the cloud infrastructure and applications deployed on the Yandex Cloud platform. These elements help ensure security policy compliance and protection against common threats and vulnerabilities in the cloud environment.

Rules

You can view the information about CSPM rules currently enforced in your workspace and compliance violations detected in the workspace infrastructure on the Security control rules page in the Configuration tab. This section lists the control rules that form a part of the security standards specified for the current workspace.

General information about rules

For each rule, the table displays the following information:

Tip

If required, you can modify the information columns displayed in the table. Do it by clicking in the row with the table column headers, selecting the info columns you need, and clicking Apply.

  • : Rule criticality level; this icon indicates how security-critical the rule is:

    • : Remark
    • : Low severity.
    • : Medium severity.
    • : High severity.

  • Control rule: Rule name and brief summary. To learn more about a rule, click the table row with its name.

  • Rule sets: Icon(s) complying with the safety standards that implement this rule. If the icon is colored, it means the rule is checked for the corresponding standard. If the icon is gray, it means it is not.

  • Rule type: Compliance check type for the controlled infrastructure in the workspace with this rule:

    • automatic: Rule is checked automatically once every eight hours.
    • manual: Rule has to be checked manually. Click the row with the rule to find a guide and details.

  • ID: Rule ID in Yandex Cloud.

  • Violations: Number of detected rule violations.

Detailed information about a rule

To learn more about a security control rule, click the table row with its name. You will see a window with rule details, which has the following tabs:

The Overview tab contains:

  • Rule ID.

  • Set of security requirements the rule applies to.

  • Date and time of the most recent security check.

  • Check method:

    • automatic: Rule is checked automatically once every eight hours.
    • manual: Rule has to be checked manually.

  • Details on the monitored features, their configurations, or actions performed with them.

The Violations tab lists control rule violations detected during the checks. Detected violations will not appear in this list if they satisfy the exception criteria specified for the rule.

The Exceptions tab lists all exceptions defined for the rule along with controls for exception management.

The Recommendations tab provides guides and solutions to assist you with rule compliance.

Exceptions to rules

Exceptions allow you to flexibly configure when and for which objects CSPM should ignore the results of a rule check. You can view the list of exceptions set for your workspace in the Security Deck interface under Control rules.

You can specify the following settings for an exception when creating it:

  • Exception type: Action which the exception will trigger:

    • Resource has been checked manually: If the conditions specified in the exception are met, the resource will generate only rule compliance signals.
    • Do not check resource: If the conditions specified in the exception are met, the resource will not generate any signals, neither on compliance nor on violation.

  • Scope of control: Resources you want to exclude when checking the security rules:

    • All resources: To exclude all resources controlled in the workspace.
    • Selected resources: To exclude only explicitly specified resources.

  • Excepted rules: CSPM rules to disregard when checking the selected resources:

    • All rules: To disregard all security rules for the selected resources.
    • Selected rules: To disregard an explicitly specified set of rules when checking the selected resources for compliance.

  • Reason for exclusion: Reason for the exception. Specify it as plain text in any form.

To cancel the limitations on rule compliance checks imposed by an exception, delete that exception.

See also

Previous
Cloud Infrastructure Entitlement Management (CIEM)
Next
Access Transparency