AWS Security Blog

Announcing Industry Best Practices for Securing AWS Resources

CIS logo

Today, we are happy to announce that the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first time CIS has issued a set of security best practices specific to an individual cloud service provider.

This is good news for a number of key reasons:

  1. CIS Benchmarks are technical industry best practices. This removes guesswork for security professionals about how to implement foundational security measures in your AWS account. The prescribed best practices make implementation of core AWS security measures straightforward for security teams and AWS account owners.
  2. Audit teams can consistently evaluate the security of an AWS account. The best practices greatly reduce complexity when managing risk and auditing the use of AWS for critical, audited, and regulated systems.
  3. These security checks can be integrated into the security and audit ecosystem. CIS Benchmarks are incorporated into products developed by 20 security vendors, are referenced by PCI 3.1 and FedRAMP, and are included in the National Vulnerability Database (NVD) National Checklist Program (NCP). AWS security best practices can now be integrated into these audit processes and will integrate seamlessly into these security vendor tools and solutions.

For 16 years, CIS Benchmarks have been the de facto standard for prescriptive, industry-accepted best practices for securely configuring traditional IT components. The release of the CIS AWS Foundations Benchmark into this existing ecosystem marks one of many milestones for the maturation of the cloud and its suitability for sensitive and regulated workloads.

Please contact us with questions about using AWS products in alignment with CIS Benchmarks, or if you’d like to learn more about compliance in the cloud, see our AWS Cloud Compliance page.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.