Compliance in days, not months
The CIS AWS Foundations Benchmark is an objective, consensus-driven guideline for establishing secure infrastructure on AWS. Gruntwork's production-grade, battle-tested infrastructure as code modules are built for compliance. Leverage them to achieve compliance with the Benchmark quickly and repeatably, avoiding the burden of a complex, drawn-out compliance project.
Get a Detailed Walkthrough for compliance with the AWS Foundations Benchmark
See our guide:
How to achieve compliance with the CIS AWS Foundations Benchmark.
An AWS account configured for compliance with the AWS CIS Foundations Benchmark.
How It Works
Review the guide
Read the How to achieve compliance with the CIS AWS Foundations Benchmark guide to get a handle on the concepts and process.
Use the compliance modules
Use the compliance modules to configure your account according to the recommendations in the Benchmark:
- Create compliant IAM users, groups, roles, and policies
- Require multi-factor authentication for accessing AWS
- Enable AWS Config across all regions
- Remove default VPCs and unnecessary default security groups
- Configure CloudTrail integration with S3, KMS, and CloudWatch Logs
- Establish metrics and alarms for compliance violations
- Configure VPCs with flow logs and a minimal set of peering connections
- Avoid overly permissive inbound security group rules
Get an End-to-End CIS Compliant Production-Grade Architecture
Request a Gruntwork Reference Architecture to get an end to end
production-grade environment, certified by CIS for the AWS Foundations Benchmark, deployed into your AWS accounts, and fully managed as code—all in about a day!
Pass an audit
After using the modules to configure your AWS accounts, your infrastructure will pass muster with the CIS audit steps. Take a bow after your security team inspects your account for compliance.
Stay current
Our tests ensure that the modules remain compliant over time. We'll update the modules when new versions of the Benchmark are released, and the updates are included with the subscription.
Streamline Terraform module updates
With Patcher, you can more easily stay up to date with the latest compliance updates by streamlining even breaking changes.
Have another compliance objective?
Are you looking to achieve compliance with PCI DSS, HIPAA, NIST, or another standard? Contact us to discuss your project!
CIS AWS Foundations Benchmark Compliance Features
Compliance modules
Exclusive access to a set of CIS-compliant infrastructure code, including modules for AWS Config, CloudTrail, VPC Flow Logs, & more.
CIS certified
The Gruntwork compliance modules are certified compliant by the Center for Internet Security.
Fast
Achieve a compliant infrastructure in a fraction of the time it would take to do it from scratch.
Repeatable
Use the compliance modules across multiple AWS accounts, regions, and environments.
Secure
Built for the security minded. Even AWS agrees!
Documented and tested
Thorough docs and automated tests make compliance easy.
Pricing
Contact sales for pricing. Please note that to use the compliance modules, you must be a Gruntwork Subscriber.