AWS Security Blog

New Whitepaper Now Available: The Security Perspective of the AWS Cloud Adoption Framework

February 23, 2023: We updated the link to the whitepaper in the first paragraph.


Today, AWS released the Security Perspective of the AWS Cloud Adoption Framework (AWS CAF). The AWS CAF provides a framework to help you structure and plan your cloud adoption journey, and build a comprehensive approach to cloud computing throughout the IT lifecycle. The framework provides seven specific areas of focus or Perspectives: business, platform, maturity, people, process, operations, and security.

The Security Perspective captures AWS’s experience working with enterprise customers on their cloud adoption journey. It details how to structure a risk-based approach to control identification and selection (for example, building a security cartography), how to build a security program that enables maturation through iteration, and how AWS advises customers to set up their security model in the AWS Cloud.

The core of the Security Perspective is composed of 10 themes:

  • 5 core security themes– Define these foundational themes from the outset to allow adequate management of risk as well as progress by functions outside of information security: identity and access management, logging and monitoring, infrastructure security, data protection, and incident response.
  • 5 augmenting security themes – These 5 themes drive continuous operational excellence through availability, automation, and audit: resilience, compliance validation, secure continuous integration (CI)/continuous deployment (CD) (DevSecOps), configuration and vulnerability analysis, and security big data analytics.

The Security Perspective treats the security themes as Scrum epics (as shown in the following image), partitioned into multiple sprints that address a range of user stories that include both use and misuse cases. This approach allows you to quickly iterate and mature security capabilities on AWS while maintaining flexibility to adapt to business pace and demand.

Image of security epics

Whether you are already moving to the AWS Cloud or just starting, this whitepaper will provide insight into some best practices we have observed and a template to help you define and refine your own journey.

If you would like additional information about the Security Perspective or about AWS CAF in general, please contact us.

– Armando