I'm looking to assess the compliance of my AWS services with the ISO27001 standard, particularly focusing on Annex A. I'm considering enabling AWS Config and AWS Security Hub, but I've found that Security Hub doesn't support the ISO27001 framework directly. What would be the best approach here? Would mapping to a CIS Framework be a viable option?
1 Answer
Hey there! I suggest checking out AWS Audit Manager, which offers a prebuilt standard framework that might fit your needs perfectly. Here’s a link to get you started: https://go.aws/4etaqmP. Also, take a look at this page on CIS Benchmarks: https://go.aws/45KAnvN. If you need more help, AWS has additional resources available at http://go.aws/get-help.
Thanks, Thomas! Those resources are super helpful. The info on Audit Manager, especially about the mapping for ISO27001 requirements, is exactly what I needed.