In addition to known information security standards and benchmarks such as NIST, ISO 27000, some cloud providers have native security benchmarks and standards for the respective cloud platform. For this blog post, I am going to write about the Amazon Web Services (AWS) Foundational Security Best Practices standard. This standard implement security controls that detects when an AWS accounts and deployed cloud services/resources do not align with the security best practices defined by AWS security experts. The foundational best practices standards allow organizations running in AWS to continuously evaluate their AWS accounts and cloud services to identify areas of best practice deviations.
These controls align to the AWS top ten security best practices of accurate account information, use of multi-factor authentication, no hard-coding secrets, limit security groups, intentional data policies, centralize logging, validate IAM roles, and key rotations.
The security standard is enabled by default in the AWS Security Hub and consists of 31 fully automated security controls. Each control is comprised of a description, severity level, and remediation steps and instructions for failed findings. There are instances where some controls might not be applicable and can be disabled.
Although these foundational best practices standards are in alignment with NIST Cybersecurity Framework, it is specific to services and workloads running in AWS cloud and thus provide a unique and different perspective to the existing information security standards and best practices. With cloud security being one of the most evaluated criteria for cloud adoption, the AWS standards give customers an added security tool to safeguard and secure their cloud account and workloads.