[Yandex Cloud documentation](../../../index.md) > [Yandex Security Deck](../../index.md) > [Step-by-step guides](../index.md) > [Kubernetes® Security Posture Management (KSPM)](index.md) > Performing security compliance checks

# Checking your infrastructure for compliance with security standards

{% note info %}

This feature is at the [Preview](../../../overview/concepts/launch-stages.md) stage.

{% endnote %}

The [compliance UI](../../concepts/standard-compliance/index.md) allows you to view the [sets of requirements](../../concepts/standard-compliance/index.md#security-rule-sets) currently active in an [environment](../../concepts/workspace.md), browse through [control rule](../../concepts/standard-compliance/index.md#security-rule-sets) lists included in the requirement sets, and manage exceptions.

To check your infrastructure for compliance with security standards (requirement sets) which currently apply in the environment:

{% list tabs group=instructions %}

- Security Deck UI {#cloud-sd}

  1. Go to [Yandex Security Deck](https://center.yandex.cloud/security/).
  1. In the left-hand panel, select ![seal-check](../../../_assets/console-icons/seal-check.svg) **Compliance**.
     
     In the window that opens, you will see a list with info on security requirement sets used to verify the infrastructure's compliance in the selected environment. The list contains the following information:
     
     * **Rule set**: Name of the industry security standard or regulation that matches the requirement set.
     * **Rules in set**: Number of control rules in the requirement set.
     * **Rule execution**: Percentage of rules that are followed from the total rules in the requirement set. The `100%` value means full compliance with the relevant security standard or regulation. 
     
         If you disabled compliance checks of the environment resources against the requirement set, this field will contain `Not verified`.
     
         {% note tip %}
         
         In the compliance UI, you can turn compliance checks for particular requirements on or off for your current [workspace](../../concepts/workspace.md). First, make sure you are in the right workspace. Click ![ellipsis](../../../_assets/console-icons/ellipsis.svg) next to the set of requirements and select ![check](../../../_assets/console-icons/check.svg) **Enable verification** or ![xmark](../../../_assets/console-icons/xmark.svg) **Disable verification**.
         
         {% endnote %}
  1. To view a list of Kubernetes control rules included in a set of requirements, click the relevant line. In the window that opens:

      * On the dashboard at the top, there is a summary of the results, which highlights the most common violations, and a diagram for severity of identified violations of a safety standard or regulation.
      * Below the dashboard is a table listing the control rules included into the selected set of requirements. For each rule, the table displays the following information:

          * ![traffic-light](../../../_assets/console-icons/traffic-light.svg): Rule criticality level; this icon indicates how security-critical the rule is:
            
            * ![cspm-rule-notice-icon](../../../_assets/security-deck/cspm-rule-notice-icon.svg): Remark
            * ![cspm-low-severity-icon](../../../_assets/security-deck/cspm-low-severity-icon.svg): Low severity.
            * ![cspm-moderate-severity-icon](../../../_assets/security-deck/cspm-moderate-severity-icon.svg): Medium severity.
            * ![cspm-high-severity-icon](../../../_assets/security-deck/cspm-high-severity-icon.svg): High severity.
          * **Control rule**: Control rule name.
          * **Module of control**: Security Deck module to check your infrastructure for compliance with that rule: `Configuration Monitoring (CSPM)` or `Kubernetes® Security Posture Management (KSPM)`.
          * **Violations**: Number of rule violations detected in the selected [workspace](../../concepts/workspace.md).

          To view detailed information about a specific Kubernetes control rule, click the table row with its name. The detailed info window that opens includes the following tabs:
          
          {% list tabs %}
          
          - Overview
          
            The **Overview** tab contains:
          
            * Rule ID.
            * [Set of security requirements](../../concepts/standard-compliance/index.md#security-rule-sets) the rule applies to.
            * Date and time of the most recent security check.
            * Check method:
          
                * `runtime`: Rule type applied to container runtimes and Kubernetes nodes.
                * `admission`: Rule type applied to Kubernetes cluster resources.
            * Details on the monitored features, their configurations, or actions performed with them.
          
          - Violations
          
            The **Violations** tab lists control rule violations detected during the checks. Detected violations will not appear in this list if they satisfy the [exception](../../concepts/cspm.md#exceptions) criteria specified for the rule.
          
          - Recommendations
          
            The **Recommendations** tab provides guides and solutions to assist you with rule compliance.
          
          {% endlist %}

      {% note tip %}

      To configure exceptions to apply when checking your controlled infrastructure for compliance with the rule, refer to [Managing exceptions from KSPM security control rules](manage-exceptions.md).

      {% endnote %}

{% endlist %}

#### Useful links {#see-also}

* [Compliance UI](../../concepts/standard-compliance/index.md)