Overview
This report conducts a technical assessment of your AWS environment against the CIS AWS Foundations Benchmark v3.0, a widely adopted security framework that outlines best practices for securing AWS accounts and infrastructure. The benchmark is structured across multiple control areas such as identity management, logging, monitoring, storage, networking, and encryption.
This assessment includes the following CIS Benchmark sections:
1. Identity and Access Management
- 1.4–1.21 – Root account controls, MFA enforcement, password policies, access key rotation, role usage, Access Analyzer, and centralized identity management.
2. Storage
- 2.1.1–2.1.4 – S3 policies, encryption, and public access controls
- 2.2.1 – EBS volume encryption
- 2.3.1–2.3.3 – RDS encryption, upgrades, and public access
- 2.4.1 – EFS encryption
3. Logging
- 3.1–3.9 – CloudTrail configuration, log validation, Config status, S3 logging, KMS protection, key rotation, VPC flow logs, and S3 object-level logging
4. Monitoring
- 4.1–4.14, 4.16 – Monitoring of unauthorized activity, console access, root usage, policy changes, resource configurations, authentication failures, and enabling AWS Security Hub
5. Networking
- 5.1–5.4, 5.6 – Security group and NACL ingress rules, default security group restrictions, and use of EC2 IMDSv2
This assessment uses services such as IAM, S3, CloudTrail, Config, Security Hub, VPC, and KMS to validate best practice configurations.
Upon completion, you will receive a detailed report listing all passed and failed controls, along with actionable guidance to bring your AWS environment into alignment with the CIS AWS Foundations Benchmark v3.0.