SaaS Included Frameworks
- Paul Tompkins (Unlicensed)
- 6pillars
AUTOMATE+ included frameworks
AWS Well-Architected Framework Review
https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html
The AWS Well-Architected Framework Review helps organizations understand the pros and cons of decisions made while building systems on AWS. It is based on six pillars: operational excellence, security, reliability, performance efficiency, sustainability and cost optimization. By following this framework, organizations can build secure, high-performing, resilient, and efficient infrastructure for their applications.
AWS Secure Landing Zone Assessment
The AWS Secure Landing Zone Assessment evaluates the security posture of your AWS environment. It ensures that your AWS account structure, network architecture, and foundational services are set up according to best practices. This assessment provides a blueprint for creating a secure, scalable, and compliant AWS environment.
AWS Foundational Technical Review
https://aws.amazon.com/partners/foundational-technical-review/
The AWS Foundational Technical Review (FTR) identifies and mitigates risks in your AWS workloads. It ensures that your architecture aligns with AWS best practices, focusing on security, reliability, and operational excellence. The FTR helps you build and maintain secure and resilient applications on AWS.
AWS Foundational Security Best Practices v1.0.0
The AWS Foundational Security Best Practices v1.0.0 is a set of security controls designed to help you improve your AWS security posture. It provides actionable best practices to secure your AWS environment, covering areas such as identity and access management, logging and monitoring, infrastructure protection, and data protection.
AWS Security OnRamp
The AWS Security OnRamp program helps organizations accelerate their security journey on AWS. It provides guidance, resources, and best practices to build a strong security foundation. The program focuses on critical security areas such as identity and access management, threat detection and response, and data protection.
CIS AWS Foundations Benchmark v1.2.0
https://www.cisecurity.org/benchmark/amazon_web_services
The CIS AWS Foundations Benchmark v1.2.0 provides security configuration best practices for securing your AWS environment. It covers various aspects of AWS security, including IAM policies, logging, monitoring, networking, and more. This benchmark helps you implement robust security measures to protect your AWS resources.
CIS AWS Foundations Benchmark v1.4.0
https://www.cisecurity.org/benchmark/amazon_web_services
The CIS AWS Foundations Benchmark v1.4.0 is an updated version of the security best practices for AWS. It includes new recommendations and enhancements to existing guidelines, ensuring that your AWS environment meets the latest security standards. This benchmark helps you maintain a secure and compliant AWS infrastructure.
The New Zealand Information Security Manual (NZISM) provides guidelines for protecting government information and systems. It outlines security controls and practices to manage risks and ensure the confidentiality, integrity, and availability of information. NZISM helps organizations implement effective security measures in alignment with New Zealand's security policies.
NIST Special Publication 800-53 Revision 5
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
NIST SP 800-53 Revision 5 provides a catalog of security and privacy controls for federal information systems and organizations. It offers a comprehensive framework for managing security and privacy risks, addressing various aspects such as access control, incident response, and system protection. This publication helps organizations implement robust security practices in compliance with federal requirements.
NIST Cybersecurity Framework (NIST CSF)
https://www.nist.gov/cyberframework
The NIST Cybersecurity Framework (CSF) provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks. It comprises five core functions: Identify, Protect, Detect, Respond, and Recover. The CSF helps organizations strengthen their cybersecurity posture and resilience.
PCI DSS v3.2.1
https://aws.amazon.com/compliance/pci-dss-level-1-faqs/
The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 sets the security requirements for organizations that handle credit card information. It outlines measures to protect cardholder data, including encryption, access control, and regular monitoring. Compliance with PCI DSS helps organizations prevent data breaches and ensure secure payment transactions.
Consumer Data Right (CDR)
Homepage | Consumer Data Right
The Consumer Data Right (CDR) is a regulatory framework in Australia that gives consumers greater control over their data. It allows consumers to securely share their data with accredited third parties. The CDR aims to enhance competition and innovation in the financial and energy sectors while ensuring data privacy and security.
ISO 27001
https://aws.amazon.com/compliance/iso-27001-faqs/
ISO 27001 is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. ISO 27001 helps organizations protect their information assets through risk management and continuous improvement of their security practices.
SOC 2
https://aws.amazon.com/compliance/soc-faqs/
SOC 2 (System and Organization Controls 2) is an auditing standard designed for service providers storing customer data in the cloud. It evaluates an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance demonstrates that an organization effectively protects customer data and maintains robust security controls.
Essential Eight
https://docs.aws.amazon.com/prescriptive-guidance/latest/essential-eight-maturity/introduction.html
The Essential Eight is a set of cybersecurity strategies developed by the Australian Cyber Security Centre (ACSC). These strategies help organizations mitigate cybersecurity risks and protect their systems against various threats. The Essential Eight includes application whitelisting, patching applications, configuring Microsoft Office macro settings, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups. Implementing these strategies enhances an organization's cybersecurity posture and resilience.