Updated conformance packs for Australian government security frameworks

Amazon Web Services (AWS) has updated its conformance packs that validate security configurations against the Australian Government’s Information Security Manual (ISM) and Essential Eight cybersecurity strategies. These updates strengthen security validation capabilities for public sector organizations and their partners who must meet Australian government security standards.

Australian public sector customers tell us they need robust security risk management frameworks. The Australian Government defines specific security requirements through the Information Security Manual, which includes technical specifications supporting the Essential Eight mitigation strategies for cybersecurity incidents.

Our conformance packs contain AWS Config rules and remediation actions that deploy across AWS environments. When you implement these packs, AWS Config evaluates your resource configurations against your security standards. This automated evaluation reduces the time and effort needed to maintain compliance.

The conformance packs, first released in 2020, now incorporate framework updates based on direct customer input. The updates address recent changes to the following:

• Resource configuration monitoring
• Automated compliance reporting
• Security control validation
• Remediation action implementation

As part of these changes, AWS has provided five additional AWS Config rules to support alignment to the Essential Eight against Patch Operating Systems, Application Control, and Regular Backups mitigation strategies. In addition, AWS is providing 22 additional rules aligned to new ISM controls. Note for the ISM Conformance Pack: Due to the number of rules now covered, there are now two ISM Conformance Packs.

These changes enable you to do the following:

1. Deploy security controls consistently across your AWS accounts
2. Track compliance status in real time
3. Identify and remediate security gaps quickly
4. Generate compliance reports automatically

To implement these conformance packs, follow these steps:

1. Access AWS Config in your account
2. Choose the appropriate conformance pack template
3. Configure the deployment parameters
4. Review and deploy the pack

For detailed implementation guidance, visit:

• Operational Best Practices for ACSC Essential 8
• Operational Best Practices for ACSC ISM

Contact your AWS account team to learn more about using these conformance packs to meet your security and compliance requirements.