Security framework mapping - AWS Prescriptive Guidance

Security framework mapping

After completing the security discovery and alignment domain, the next step is to complete the security framework mapping domain. This domain is a workshop process that maps the discovered security and compliance requirements to AWS Cloud security services. It also aligns your architecture and operations to AWS security and compliance best practices. The workshop maps all requirements from the people, process and technology perspective in order to cover the following:

  • AWS infrastructure

    • AWS account, infrastructure, and network protection

    • Data protection

    • Compliance

    • Incident detection and response

    • Identity and access management

    • Business continuity and recovery

  • Application on AWS

    • Following best practices for AWS services to help protect your application

    • Access control for applications, databases, operating systems, and data

    • Operating system protection

    • Application, database and data protection

    • Incident detection and response

    • Compliance

    • Application business continuity and recovery

As you complete the security framework mapping domain, consider the defined risk appetite, team structure, team skillset and capability, security processes, security policies, security controls, tooling, security operations, and other security requirements and constraints. Overall, security framework mapping provides organizations with a systematic approach to managing security risks, maintaining compliance, and continuously improving their security posture, according to industry standards and best practices.

The security framework mapping process uses the AWS Security Reference Architecture (AWS SRA), the Security Pillar of the AWS Well-Architected Framework, the Migration Lens of the AWS Well-Architected Framework, and the Introduction to AWS Security whitepaper. These documents act as guiding references to help you follow AWS best practices for cloud security and compliance.

By using standardized mapping templates in the workshop, you map the requirement to the target end state. You highlight the tools, AWS services, processes, policies, controls, and changes that are required to achieve the target end state.

When running the security framework mapping workshop, you can use AWS Professional Services, AWS Security Solution Architects, or AWS Partners. These resources can help you accelerate and facilitate the workshop. Security framework mapping workshops can be included as part of an Experience-Based Acceleration (EBA) party, which is led by AWS Solution Architects, AWS Customer Solution Managers, or AWS Partners. The EBA party acts as an accelerator to help you build a strong AWS Cloud foundation that follows AWS migration and modernization best practices.

You can use AWS Migration Hub Journeys to plan, perform, and track migrations to AWS. AWS Migration Hub Journeys introduces the concept of a migration journey. AWS Migration Hub Journeys converts a migration into a pipeline of migration-related tasks. You can create a journey from scratch or from one of the templates that Migration Hub Journeys provides. You can configure access and invite internal and external collaborators to work on migrations together. As a result, migration practitioners can collaborate, work on tasks, perform migrations, and track progress, all in one place. AWS Migration Hub Journeys offers templates that cover common migration scenarios, such as rehost (lift and shift) migration, Windows migration, database migration, mainframe modernization, and many more.