[EN] CIS AWS: Best Practices for Securing AWS Resources
February 29, 2016
Today, we are happy to announce that the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first time CIS has issued a set of security best practices specific to an individual cloud service provider.
This is good news for a number of key reasons:
CIS Benchmarks are technical industry best practices. This removes guesswork forsecurity professionals about how to implement foundational security measures in your AWS account. The prescribed best practices make implementation of core AWS security measures straightforward for security teams and AWS account owners.
Audit teams can consistently evaluate the security of an AWS account. The best practices greatly reduce complexity when managing risk and auditing the use of AWS for critical, audited, and regulated systems.
For 16 years, CIS Benchmarks have been the de facto standard for prescriptive, industry-accepted best practices for securely configuring traditional IT components. The release of the CIS AWS Foundations Benchmark into this existing ecosystem marks one of many milestones for the maturation of the cloud and its suitability for sensitive and regulated workloads.
Please contact us with questions about using AWS products in alignment with CIS Benchmarks, or if you’d like to learn more about compliance in the cloud, see our AWS Cloud Compliance page.