Compliance Requirements
For organizations operating in regulated industries, the infrastructure needs to follow strict compliance guidelines. Some are stricter than others which is typically measured by the number of compliance controls that need to be satisfied. NIST, PCI and HITRUST and SOC 2 are examples of such compliance standards. It could take companies 6 months to a year to make a 50-node infrastructure compliant to these standards.
The AWS PCI guide is 3400 pages long! Operational Best Practices for PCI DSS 3.2.1 - AWS Config (amazon.com) Even if one were to scope it to 20 commonly used services the control set is overwhelming!\
Export as PDF
Copy link
Edit on GitHub