Today
We do not claim external certifications. We monitor:
  • AWS Foundational Security Best Practices
  • CIS AWS Foundations Benchmark v1.2.0 (Security Hub CSPM)
Process
  • Monthly review of findings with owners and due dates
  • Evidence stored in our internal tracker
  • When we adopt a formal standard, we will use AWS Audit Manager