There are two key ways that Stax that can help you assess your security posture in Stax, and which can be tailored to suit your security requirements.
Assess yourself against an AWS Industry Security Standard with the CIS Benchmark
The Centre for Internet Security has a comprehensive, AWS specific benchmark that you can use to ensure that your AWS security configurations are setup correctly. Working through the CIS assessment in Stax will help you to quickly identify where security gaps lie, with clear information provided about where and how to remediate any configurations that aren’t up to scratch.
Learn more about the CIS AWS Foundations Benchmark here.
Setup your personalised security checklist with Rules
Once you’ve used the CIS benchmark to assess your overall security posture and taken any remediation steps required, you may want to create Configurable Compliance Rules for the security dimensions that your business cares about most.
The checks you set up can be the codified version of your internal cloud security framework or policy. Your Configurable Compliance list gives teams and stakeholders like security or compliance partners ongoing visibility into the security posture of your AWS deployments, and helps to ensure that your engineers are following the rules you care about.
Examples of things that most customers should care about, and can be checked in Rules are:
- Encryption of data
- Ensuring data is stored in the right AWS regions
- Resources are not open to the internet when they shouldn't be
- S3 buckets with sensitive data shouldn't open permissions – read or write
- Ensuring all activity is monitored and logged
- IAM access policies are locked down and managed appropriately