Glossary term
CSPM
Also: Cloud Security Posture Management
Software category for continuous review of cloud configurations against security benchmarks (CIS, NIST, BSI cloud requirements). Finds misconfigurations like open S3 buckets, missing encryption, insecure IAM policies.
Operation: API pull from AWS, Azure, GCP, OCI; continuous comparison against hundreds of rules. Output: prioritised findings with asset context, ownership, remediation guidance.
Stand-alone leaders: Wiz, Lacework, Palo Alto Prisma Cloud. Platform vendors: Microsoft Defender for Cloud, AWS Security Hub, Google Security Command Center. In the enterprise often complemented by CWPP and CIEM.
Audit cases: NIS2 Art. 21 (e) (secure procurement and maintenance) and DORA Art. 9 (ICT security measures) require continuous configuration management. CSPM is the typical answer for cloud workloads.
Related terms
CWPP
Software category for protecting cloud workloads (VMs, containers, serverless) at runtime. Combines …
CNAPP
Gartner platform category that combines CSPM, CWPP, CIEM, KSPM, DSPM and IaC scanning into one tool.…
SSPM
Software category for reviewing SaaS configurations (Microsoft 365, Salesforce, Google Workspace, Sl…
CASB
Security layer between users and SaaS providing visibility (shadow IT discovery), data protection (D…
Compliance mapping
The explicit link between a decision (vendor, architecture, control) and the specific regulatory art…
Confidential Computing
Hardware-based isolation that keeps data encrypted during processing (data-in-use). Complements encr…
Critical ICT Third-Party Provider (CTPP)
ICT third-party provider designated critical by the European Commission under DORA Art. 31, falling …
CVE
Global identifier for publicly known security vulnerabilities in software and hardware. Format CVE-Y…