Solution: Security & Compliance Kit
Attackers are constantly looking for weaknesses in your applications and infrastructure that can be exploited. The Security & Compliance Kit is a combination of security tool scanning, joint technical sessions, and off-line analysis, intended to gain a deeper understanding of your applications, infrastructure, AWS accounts, and how security is currently managed across all of your AWS accounts and applications.
The Security & Compliance Kit has been built based on years of experience helping clients secure their AWS environments and various security frameworks including Center for Internet Security (CIS) AWS Foundations Benchmark standards.
The Security & Compliance Kit is a combination of joint technical session(s), security scans, and off-line analysis, intended to gain a deeper understanding of your application, infrastructure, the AWS services being used, how the application and infrastructure are managed and deployed, and how security is currently managed across all of your AWS accounts and applications.
The Security & Compliance Kit is a packaged service built out of years of experience analyzing AWS accounts and infrastructure for security risks. We simplify and streamline compliance for your applications by automatically addressing key frameworks such as PCI DSS, ISO 27001, HIPAA, GDPR, NIST, and more.
- Stratus10 will perform a thorough review and analysis of all infrastructure and services running on your AWS accounts in order to:
- Assess the configuration of the current environment from a security perspective and compare it against AWS Well-Architected Security Best Practices.
- Measure security compliance against the CIS Amazon Web Services Foundations Benchmark.
- Measure high-level security compliance against a specific compliance framework such as PCI DSS, ISO 27001, SOC2, HIPAA, GDPR, or NIST.
- Identify any misconfigurations that could be exploited to compromise your environments.
- Identify a prioritized list of remediation steps to improve your security posture.
- Identify areas of Shared Security Responsibility that need to be addressed.
- Identify data or data storage resources that could be better protected via encryption or other security methods.
- Stratus10 will compile a thorough assessment report of the current security state of the AWS accounts and infrastructure with a focus on security and a list of recommended remediation items.
- Requirements Gathering
Stratus10 works with your team to identify and understand the current state of your AWS accounts, infrastructure, delivery process, and compliance requirements.
- Security Scans
Stratus10 works with your team to install and configure tools to run the required security analysis scans.
- Reporting and Analysis
Stratus10 will compile all the data gathered from the security scans and the engineering analysis and finalize detailed reports for the overall risk assessment, including compliance-specific SOC2, PCI DSS, HIPAA, and GDPR reports.
- Analysis Review
Stratus10 will review the reports, diagrams, and risk analysis documentation developed as part of the engagement with your team and explain the results and recommendations.
- Remediation Plan
Stratus10 will provide a detailed remediation plan and proposal based on the performed analysis and priorities.
Security Policies and Compliance Requirements
Provide Stratus10 with access to internal security policies and compliance requirements for AMIs.
Current Infrastructure, Accounts, and Access Management
Provide Stratus10 with an overview of your current AWS accounts, infrastructure configuration, and security management process.
AWS Account Access
Provide Stratus10 personnel with appropriate temporary access to your AWS accounts to implement the solution.
- Security scan reports for CIS Foundation Benchmark and other selected security frameworks
- Security team analysis of existing AWS accounts, infrastructure, deployment process, user access, and other artifacts as applicable
- All source code, scripts, templates, and technical artifacts developed for your solution
- Training session(s) to review the analysis and make sure your team understands the results
- Remediation proposal and recommended action plan from Stratus10's security and compliance team