Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks.
Control Catalog has classifications including Domain (such as “Data Protection”), Objective (such as “Data Encryption”), and common control (such as “Encrypt data at rest”) to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule.
If you’re using AWS Config, you’ll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture.
AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available.
To learn more about AWS Config rules and compliance frameworks, visit the AWS Config documentation.
Source:: Amazon AWS