List of control objectives

Each control enforces one of these objectives. Sometimes controls must be applied in a group so that the control objective is enforced. Information about related controls is viewable in the AWS Control Tower console, on the Control details page.

Control objectives

For more information about controls and their associated control objectives, see Tables of control metadata.

CO.1 Establish logging and monitoring
CO.2 Encrypt data at rest
CO.3 Encrypt data in transit
CO.4 Protect data integrity
CO.5 Enforce least privilege
CO.6 Limit network access
CO.7 Optimize costs
CO.8 Improve resiliency
CO.9 Improve availability
CO.10 Protect configurations
CO.11 Prepare for incident response
CO.12 Manage vulnerabilities
CO.13 Manage secrets
CO.14 Prepare for disaster recovery
CO.15 Use strong authentication

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Considerations for controls and accounts

View control details