Citadel Run helps ensure your systems meet compliance standards. It does this by using a service called AWS Audit Manager to compare your systems to the required standards. The Citadel Compliance feature automates the process of collecting evidence to show that your systems meet the standards, and it presents this data in a way that is easy to understand. If the data shows that there is a risk to your system, the feature provides guidance on how to fix the issue.
You can set up the following standards on your environment:
SOC 2 is an auditing procedure that ensures a company's data is securely managed protecting the interests of the organization and privacy of clients.
The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
AWS Well-Architected Framework
The AWS Well-Architected Framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. Of the 5 pillars, security and reliability are tracked here.
PCI DSS V3.2.1
The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data.
As the Essential Eight outlines a minimum set of preventative measures, organisations need to implement additional measures where it is warranted by their environment. Further, while the Essential Eight can help to mitigate the majority of cyber threats, it will not mitigate all cyber threats. As such, additional mitigation strategies and security controls need to be considered, including those from the Strategies to Mitigate Cyber Security Incidents and the Information Security Manual (ISM).