Hey everyone! I'm looking to conduct an ISO27001 assessment (specifically Annex A) on the AWS services in my account to ensure they're compliant with this standard. I was thinking of enabling AWS Config and AWS Security Hub, but I discovered that Security Hub doesn't support the ISO27001 framework. I'm unsure of the best approach here. Would it make sense to pick a CIS framework and do some mapping instead? Any insights would be appreciated!
1 Answer
Hey! I'd suggest looking into AWS Audit Manager. It offers prebuilt frameworks which might be perfect for what you need. There's also a thorough resource on CIS Benchmarks that could be useful. Check out those links if you have time!
Thanks for the tips! The Audit Manager sounds promising, and I like that it provides mappings for AWS config rules related to ISO27001.