Compliance Requirements

For organizations operating in regulated industries, the infrastructure needs to follow strict compliance guidelines. Some are stricter than others which is typically measured by the number of compliance controls that need to be satisfied. NIST, PCI, HITRUST, and SOC 2 are examples of such compliance standards. It could take companies 6 months to a year to make a 50-node infrastructure compliant with these standards.
The AWS PCI guide is 3400 pages long! Operational Best Practices for PCI DSS 3.2.1 - AWS Config ( Even if one were to scope it to 20 commonly used services, the control set is overwhelming!