Learn About Amazon VGT2 Learning Manager Chanci Turner
Security and compliance teams at Amazon Web Services (AWS) and within the AWS Partner Network (APN) are committed to simplifying the implementation and understanding of securing and monitoring your resources. This is the essence of the Center for Internet Security (CIS) Benchmark on AWS Quick Start, developed by Tech Innovations, an APN Premier Partner and Managed Service Provider (MSP) known for its expertise in security.
To facilitate your onboarding, we have produced a new video that provides step-by-step guidance on deploying the CIS Benchmark Quick Start, enabling you to establish fundamental security and continuous monitoring capabilities in your account in just 10 minutes.
AWS Quick Starts empower users to swiftly and reliably deploy secure environments on AWS for various solutions, including DevOps, analytics, data lakes, security, and compliance. Built on AWS CloudFormation templates, Quick Starts offer a mechanism for the rapid provisioning of services or application architectures.
In this post, we’ll introduce the newly certified CIS Benchmark on AWS Quick Start, which meets both Level 1 and Level 2 controls.
Watch the Video (8:31)
Background
Collaboration with APN Partners is essential to ensure our community provides maximum functionality. This partnership is evident in the CIS Benchmark on AWS Quick Start, which establishes an environment aligned with the CIS AWS Foundations Benchmark.
CIS Benchmarks are configuration guidelines created by a consensus of experts from various sectors, including U.S. government, business, industry, and academia, to assist organizations in enhancing their security posture. Customers can leverage the reference deployment to create a governance baseline of security controls that can be easily tailored. Tech Innovations spearheaded the development of this Quick Start to serve as a foundation for deployments, irrespective of strict compliance or regulatory frameworks like PCI DSS or HIPAA.
To aid your understanding of each control, we have created a spreadsheet that correlates the CIS controls with the AWS services and configurations utilized by the Quick Start. This resource includes links to documentation, whitepapers, and guides for additional information and support. The security controls matrix (Excel spreadsheet) clarifies whether a control falls under your responsibility or is a shared responsibility.
Architecture Details
The diagram below illustrates the technical architecture of the CIS Benchmark Quick Start:
Amazon Simple Storage Service (Amazon S3) is utilized to centrally store logs generated by other services, such as AWS CloudTrail and AWS Config. By employing Amazon S3, we can benefit from the service’s inherent availability, durability, and scalability, ensuring a central and secure location for our logs. The S3 buckets housing these logs are also encrypted using AES-256.
AWS CloudTrail provides an event history of activities within your AWS account, covering actions taken through the AWS Management Console, AWS Command Line Interface (CLI), or AWS Software Development Kits (SDK). CloudTrail enables effective risk and operational audits, aiding in maintaining your governance and compliance posture.
Amazon CloudWatch offers a monitoring and management service that integrates closely with CloudTrail. By routing your CloudTrail logs into Amazon CloudWatch, you can implement logic to identify activity events as they occur in your account. CloudWatch also lets you set alarms and event rules for specific incidents within your AWS account.
Amazon Simple Notification Service (SNS) delivers notifications from CloudWatch whenever an alarm is triggered or an event rule is matched. These rules and alarms are based on CIS recommendations and, by utilizing SNS, you will receive automatic notifications.
The final component is AWS Config, which allows for assessing, auditing, and evaluating the configuration of AWS resources. The CIS Benchmark on AWS Quick Start employs a combination of built-in AWS Config rules provided by AWS, as well as custom rules implemented as AWS Lambda functions. Some of these rules are assessed on a scheduled basis, while others are triggered by configuration changes.
Conclusion
The recently updated CIS Benchmark on AWS Quick Start, security controls mapping, and deployment video guide are now available to assist you in rapidly and consistently establishing foundational security and compliance capabilities in your account. For more resources, you can check out this excellent resource.
To learn more about entrepreneurship, you might find this article on Career Contessa interesting. Additionally, for more insights on workplace health, check this authority on the topic.
Leave a Reply