Checking your infrastructure for compliance with security standards

Go to Yandex Security Deck.

In the left-hand panel, select Compliance.

In the window that opens, you will see a list with info on security requirement sets used to verify the infrastructure's compliance in the selected environment. The list contains the following information:

• Rule set: Name of the industry security standard or regulation that matches the requirement set.

• Rules in set: Number of control rules in the requirement set.

• Rule execution: Percentage of rules that are followed from the total rules in the requirement set. The 100% value means full compliance with the relevant security standard or regulation.

  If you disabled compliance checks of the environment resources against the requirement set, this field will contain Not verified.

  Tip

  In the compliance UI, you can turn compliance checks for particular requirements on or off for your current workspace. First, make sure you are in the right workspace. Click next to the set of requirements and select Enable verification or Disable verification.

To view a list of control rules included in a set of requirements, click the relevant line. In the window that opens:

• On the dashboard at the top, there is a summary of the results, which highlights the most common violations, and a diagram for severity of identified violations of a safety standard or regulation.

• Below the dashboard is a table listing the control rules included into the selected set of requirements. For each rule, the table displays the following information:

  • : Rule criticality level; this icon indicates how security-critical the rule is:

    • : Remark
    • : Low severity.
    • : Medium severity.
    • : High severity.
  • Control rule: Control rule name.
  • Module of control: Security Deck module to check your infrastructure for compliance with that rule: Configuration Monitoring (CSPM) or Kubernetes Security Posture Management® (KSPM).
  • Violations: Number of rule violations detected in the selected workspace.

  To learn more about a security control rule, click the table row with its name. You will see a window with rule details, which has the following tabs:

  Overview

  Violations

  Exceptions

  Recommendations

  The Overview tab contains:

  • Rule ID.

  • Set of security requirements the rule applies to.

  • Date and time of the most recent security check.

  • Check method:

    • automatic: Rule is checked automatically once every eight hours.
    • manual: Rule has to be checked manually.

  • Details on the monitored features, their configurations, or actions performed with them.

  The Violations tab lists control rule violations detected during the checks. Detected violations will not appear in this list if they satisfy the exception criteria specified for the rule.

  The Exceptions tab lists all exceptions defined for the rule along with controls for exception management.

  The Recommendations tab provides guides and solutions to assist you with rule compliance.