Recommended security controls for implementing AWS CAF security capabilities
Rishi Singla and Rovan Omar, Amazon Web Services (AWS)
November 2023 (document history)
Security is the top priority at AWS. To help relieve your operational burden, you share
responsibility
The AWS Cloud Adoption Framework (AWS CAF)
-
Identity and access management – Manage human and machine identities and their permissions at scale.
-
Threat detection – Configure logging and monitoring to detect and investigate a potential security misconfiguration, threat, or unexpected behavior.
-
Protecting infrastructure – Protect systems and services from unintended or unauthorized access and potential vulnerabilities.
-
Protecting data – Categorize data based on levels of sensitivity. Maintain visibility and control over data and how it is accessed and used in your organization.
-
Incident response – Establish mechanisms to respond to and mitigate the potential impact of security incidents.
Failure to implement preventative, detective, and responsive security controls for these AWS CAF security capabilities can pose a critical risk to your cloud environment, and it can disrupt your business. Implementing the security controls in this guide can help your organization protect its cloud environment.
Note
AWS provides services, tools, and frameworks that can help you operate securely in
the AWS Cloud. This guide aligns with and supplements the AWS Well-Architected Framework