FSISEC02-BP01 Automate your compliance management FSISEC02-BP02 Use ready-to-deploy templates for standards and best practices Resources

FSISEC02: How do you achieve, maintain, and monitor ongoing compliance with regulatory guidelines and mandates?

Companies in the financial sector have more demanding compliance monitoring and implementation requirements than most other sectors of the economy. Traditional methods of compliance assessment do not keep pace with the dynamics of the agile cloud environment. For this reason, the best practices and tools required are specific to this type of environment. Regulations ensure that consumers' personal and financial data are protected. Compliance with these regulations helps prevent identity theft, fraud, and unauthorized disclosure of personal information. Compliance also helps maintain the integrity and stability of the financial markets by ensuring that institutions engage in responsible lending and investment practices and avoid excessive risk-taking. The following best practices help facilitate compliance in the cloud.

FSISEC02-BP01 Automate your compliance management

AWS has services to help you identify, optimize and remediate resource configurations for continuous compliance and operational efficiency. AWS services help customers achieve immutable resource configuration and offer configurable logging for the auditing of user and API activity. Using AWS Config and its proactive mode helps you save time and remove the risk of human error when you automate and scale compliance management. It helps FIs (mainly the first line of defense) effectively manage risk for their cloud resources.

FSISEC02-BP02 Use ready-to-deploy templates for standards and best practices

Ready-to-deploy templates are a quick and assertive way to measure what level of security is present in cloud environments. These templates are available both for best practices in technology such as database, serverless, and networking, and are aligned to frameworks that are widely accepted and recognized. Among the most suitable templates are managed rules, AWS Config Conformance Packs in AWS Config, and AWS Security Hub standards. FIs can benefit from Conformance Packs that are available and ready to be used for alignment to the financial services industry's standards and regulatory requirements, such as PCI-DSS, NYDFS, and FFIEC.

Prescriptive guidance

A Conformance Pack can be deployed as is or it can be edited to include your specific resources and use cases. For more information, see Deploying a Conformance Pack Using the AWS Config Console.
When adding a new rule, choose how it evaluates your resources, as well as how it is initiated. For more information, see Evaluation Mode and Trigger Types for AWS Config Rules.
To determine if requirements in a standard are being met, enable the controls from AWS Security Hub standards. For more information, see Security standards and controls in AWS Security Hub.

Resources

Related documents:

AWS Config Rules Now Support Proactive Compliance

Related videos:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

FSISEC01: How does your governance enable secure cloud adoption at scale?

Identity and access management