Security Pillar

The security pillar focuses on protecting information and systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

The Security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Security Questions

SEC01: How do you securely operate your workload?

• View all SEC01 best practices
• SEC01-BP01: Separate workloads using accounts
• SEC01-BP02: Secure account root user and properties
• SEC01-BP03: Identify and validate control objectives
• SEC01-BP04: Stay up to date with security threats and recommendations
• SEC01-BP05: Reduce security management scope
• SEC01-BP06: Automate deployment of standard security controls
• SEC01-BP07: Identify threats and prioritize mitigations using a threat model
• SEC01-BP08: Evaluate and implement new security services and features regularly

SEC02: How do you manage authentication for people and machines?

• View all SEC02 best practices
• SEC02-BP01: Use strong sign-in mechanisms
• SEC02-BP02: Use temporary credentials
• SEC02-BP03: Store and use secrets securely
• SEC02-BP04: Rely on a centralized identity provider
• SEC02-BP05: Audit and rotate credentials periodically
• SEC02-BP06: Employ user groups and attributes

SEC03: How do you manage permissions for people and machines?

• View all SEC03 best practices
• SEC03-BP01: Define access requirements
• SEC03-BP02: Grant least privilege access
• SEC03-BP03: Establish emergency access process
• SEC03-BP04: Reduce permissions continuously
• SEC03-BP05: Define permission guardrails for your organization
• SEC03-BP06: Manage access based on lifecycle
• SEC03-BP07: Analyze public and cross-account access
• SEC03-BP08: Share resources securely within your organization
• SEC03-BP09: Share resources securely with a third party

SEC04: How do you detect and investigate security events?

• View all SEC04 best practices
• SEC04-BP01: Configure service and application logging
• SEC04-BP02: Analyze logs, findings, and metrics centrally
• SEC04-BP03: Automate alerting and responses
• SEC04-BP04: Develop investigation processes

SEC05: How do you protect your network resources?

• View all SEC05 best practices
• SEC05-BP01: Create network layers
• SEC05-BP02: Control traffic at all layers
• SEC05-BP03: Implement inspection
• SEC05-BP04: Automate network protection

SEC06: How do you protect your compute resources?

• View all SEC06 best practices
• SEC06-BP01: Perform vulnerability management
• SEC06-BP02: Provision compute from hardened images
• SEC06-BP03: Reduce manual management and interactive access
• SEC06-BP04: Validate software integrity
• SEC06-BP05: Automate compute protection

SEC07: How do you classify your data?

• View all SEC07 best practices
• SEC07-BP01: Understand your data classification scheme
• SEC07-BP02: Apply data protection controls based on data sensitivity
• SEC07-BP03: Automate identification and classification
• SEC07-BP04: Define scalable data lifecycle management

SEC08: How do you protect your data at rest?

• View all SEC08 best practices
• SEC08-BP01: Implement secure key management
• SEC08-BP02: Enforce encryption at rest
• SEC08-BP03: Automate data at rest protection
• SEC08-BP04: Enforce access control
• SEC08-BP05: Use mechanisms to keep people away from data

SEC09: How do you protect your data in transit?

• View all SEC09 best practices
• SEC09-BP01: Implement secure key and certificate management
• SEC09-BP02: Enforce encryption in transit
• SEC09-BP03: Automate detection of unintended data access
• SEC09-BP04: Authenticate network communications

SEC10: How do you anticipate, respond to, and recover from incidents?

• View all SEC10 best practices
• SEC10-BP01: Identify key personnel and external resources
• SEC10-BP02: Develop incident management plans
• SEC10-BP03: Prepare forensic capabilities
• SEC10-BP04: Automate containment capability
• SEC10-BP05: Pre-provision access
• SEC10-BP06: Practice incident response
• SEC10-BP07: Automate recovery
• SEC10-BP08: Communicate status
• SEC10-BP09: Learn from incidents

SEC11: How do you securely manage your AI workloads?

• View all SEC11 best practices
• SEC11-BP01: Identify and manage risks in AI workloads
• SEC11-BP02: Implement data governance for AI workloads
• SEC11-BP03: Implement model governance for AI workloads
• SEC11-BP04: Implement application security for AI workloads
• SEC11-BP05: Implement infrastructure security for AI workloads

AWS Services for Security

AWS Identity and Access Management (IAM)

Enables you to manage access to AWS services and resources securely.

Amazon GuardDuty

Provides intelligent threat detection for your AWS accounts and workloads.

AWS Security Hub

Gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Amazon Inspector v2

Provides enhanced automated vulnerability management for EC2 instances, container images, and Lambda functions with improved scanning speed, broader coverage, and integration with software bill of materials (SBOM).

AWS Security Lake

Automatically centralizes security data from AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake stored in your account. Provides normalized security data in Open Cybersecurity Schema Framework (OCSF) format.

AWS Config (Enhanced Capabilities)

Provides enhanced configuration management and compliance monitoring with expanded rule coverage, advanced remediation capabilities, improved multi-account support, and enhanced organizational compliance features.

AWS Key Management Service (KMS)

Makes it easy for you to create and manage cryptographic keys and control their use.

AWS Shield

Provides protection against DDoS attacks for applications running on AWS.

Amazon Macie

Uses machine learning to automatically discover, classify, and protect sensitive data in AWS, providing data security and data privacy capabilities.

AWS CloudTrail

Provides governance, compliance, operational auditing, and risk auditing of your AWS account with enhanced insights and advanced event selectors.

AWS WAF

Helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.

Related Resources

• AWS Well-Architected Framework - Security Pillar
• AWS Security Learning
• AWS Security Blog

---

Table of contents

• SEC01 - How do you securely operate your workload?
• SEC02 - How do you manage authentication for people and machines?
• SEC03 - How do you manage permissions for people and machines?
• SEC04 - How do you detect and investigate security events?
• SEC05 - How do you protect your network resources?
• SEC06 - How do you protect your compute resources?
• SEC07 - How do you classify your data?
• SEC08 - How do you protect your data at rest?
• SEC09 - How do you protect your data in transit?
• SEC10 - How do you anticipate, respond to, and recover from incidents?
• SEC11 - How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle?