Next steps

After reading this guide, you should be familiar with the four types of security controls, understand how they are part of your security governance framework, and be prepared to start implementing and automating security controls in the AWS Cloud. For more information and, we recommend that you review the references included in the Resources section.

We also recommend that you take the following next steps to assess the security of your cloud infrastructure and start implementing security controls:

Enable and configure AWS Security Hub. As a best practice, we recommend enabling the available standards controls. For more information, see Security standards and controls (Security Hub documentation).
Enable and configure AWS Config. For more information, see Getting started (AWS Config documentation).
Using AWS services such as Security Hub, Amazon Macie, AWS Config, AWS Trusted Advisor, and Amazon Inspector, assess your organization and account infrastructure , identify areas that need improvement, and review and recommendations in these services. Use the security check feature in Security Hub to generate a security score for a security standard. For more information, see Determining security scores (Security Hub documentation).
Implement preventative, proactive, detective, and responsive security controls based on the identified improvements.
Conduct a follow-up security assessment to evaluate the effectiveness of the implemented security controls. In Security Hub, determine whether the security score has improved. Iterate to improve or add new security controls.
Establish a regular cadence for performing security assessments, such as yearly.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Responsive controls

FAQ