This article helps you understand more about cloud security compliance to apply and meet the requirements applicable to your operation process.
AWS Foundational Security
The AWS Foundational Security Best Practices standard is a set of controls that detect when your deployed accounts and resources deviate from security best practices.
The standard allows you to continuously evaluate all of your AWS accounts and workloads to quickly identify areas of deviation from best practices. It provides actionable and prescriptive guidance on how to improve and maintain your organization’s security posture.
The controls include best practices from across multiple AWS services. Each control is assigned a category that reflects the security function that it applies to.
The Center for Internet Security is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' It draws on the expertise of cybersecurity and IT professionals from government, business, and academia from around the world. To develop standards and best practices, including CIS benchmarks, controls, and hardened images, they follow a consensus decision-making model.
CIS benchmarks are configuration baselines and best practices for securely configuring a system. Each of the guidance recommendations references one or more CIS controls that were developed to help organizations improve their cyberdefense capabilities. CIS controls map to many established standards and regulatory frameworks, including the NIST Cybersecurity Framework (CSF) and NIST SP 800-53, the ISO 27000 series of standards, PCI DSS, HIPAA, and others.
CIS v1.1 (Azure)
The Center for Internet Security (CIS) has published the CIS Microsoft Azure Foundations Benchmark intended for customers who plan to develop, deploy, assess, or secure solutions that incorporate Azure. The document provides prescriptive guidance for establishing a secure baseline configuration for Azure. The benchmark was created using a consensus review process based on input from subject matter experts with diverse backgrounds spanning consulting, software development, audit and compliance, security research, operations, government, and legal. The resulting best practices guidance can be leveraged by customers to assess and improve the security posture of their applications deployed in Azure.
CIS v1.2.0 (AWS)
Security Hub supports the Center for Internet Security (CIS) AWS Foundations Benchmark standard. For more information, see Securing Amazon Web Services on the CIS website.
AWS Security Hub has satisfied the requirements of CIS Security Software Certification and has been awarded CIS Security Software Certification for the following CIS Benchmarks:
- CIS Benchmark for CIS Amazon Web Services Foundations Benchmark, v1.2.0, Level 1
- CIS Benchmark for CIS Amazon Web Services Foundations Benchmark, v1.2.0, Level 2
CIS v1.0.0 (GCP)
The predefined policy CIS Google Cloud Platform Foundation Benchmark v1.0.0 is based on the CIS Google Cloud Computing Platform Foundations Benchmark v1.0.0 published by the Center for Internet Security (CIS).The CIS benchmark provides guidance to securing the GCP environment, covering everything from network to servers to operating systems. The important sections covered in the benchmark include IAM, Logging and monitoring configuration, Virtual Network Security settings, Kubernetes Engine configuration to name a few.Currently Cloud Workload Assurance provides checks in the predefined policy that cover the following GCP services:
- GCP IAM Policies
- GCP IAM Service Accounts
- GCP VPC Networks
- GCP Instances
- GCP Storage buckets
- GCP Log Sinks
- GCP Subnets