🔐 AWS Security Services with Compliance Baseline Support
Service | Primary Function | Security Role | Compliance Frameworks Supported |
AWS Config | Tracks configuration changes over time | Governance, compliance enforcement | ✅ CIS AWS Foundations v1.2.0 |
Amazon GuardDuty | Threat detection using logs and ML | Real-time threat detection and alerting | ⚠️ Not compliance-focused but supports detection scenarios related to CIS, NIST, and PCI indirectly |
Amazon Inspector | Vulnerability scanning (EC2, ECR, Lambda) | CVE detection and vulnerability management | ✅ PCI-DSS 11.2.1, SOC 2, NIST, CIS, FedRAMP (via CVSS-based scanning and continuous assessments) |
AWS Audit Manager | Automated compliance evidence collection | Compliance audit preparation and reporting | ✅ 30+ frameworks, including: |
AWS Security Hub | Central dashboard for findings from services | Aggregates and prioritizes security findings & standards | ✅ CIS AWS Foundations Benchmark v1.2.0 |
📘 Summary by Service
✅ AWS Config
Built-in rules for ~50+ controls aligned with:
CIS AWS Foundations
PCI-DSS
NIST, HIPAA, GDPR (using custom rules)
Can auto-remediate via Lambda
✅ Amazon GuardDuty
Not directly mapped to compliance, but helps meet:
PCI-DSS (Intrusion Detection/Monitoring)
NIST (Anomalous Activity Detection)
✅ Amazon Inspector
Maps CVEs to:
PCI-DSS vulnerability scan requirements
SOC 2 controls
FedRAMP continuous monitoring
Uses CVSS scoring to prioritize risks
✅ AWS Audit Manager
Supports 30+ compliance frameworks out of the box
Automates evidence collection for policies, logs, and configs
Continuously maps to audit controls
✅ AWS Security Hub
Supports 5+ standards for real-time posture tracking:
CIS AWS Foundations Benchmark
PCI-DSS
AWS Foundational Security Best Practices
NIST 800-53, ISO 27001
Aggregates findings across accounts
No comments:
Post a Comment