Copyright © 2016

What is Compliance?

Copyright © 2016

WHAT IS COMPLIANCE?

• Boiled down: It’s about assessing risk and implementing governance

• Most common are government-mandated and industry-specific compliance certifications

• Compliance != Security

• YOU: It’s not necessarily because management says so…you are a hugely important part of the process

Copyright © 20163

AWS SHARED RESPONSIBILITY MODEL

Shared responsibility changes everything. Enterprises must adapt their traditional security & complianceprocesses to address what’s different in the cloud.

TAKE NOTEThe majority of

attacks will happen here at

the API control plane

Copyright © 2016

How Compliance is Different: Good & Bad

Traditional Data Center Public Cloud

Physical Security Controls Apply Don’t Apply – Saves Time

Changes in Environment are Controlled by Few

Changes to Environment Occur Continuously by Many

Tools for Compliance Management are Established

Assessment via APIBut, Few Tools Exist

Copyright © 2016

AUTOMATION MAKES DIFFICULT TASKS EASY

Monitoring compliance throughout the entire dev

lifecycle

Generate compliance reports without

specialized knowledge

Compile a complete, unified view across all

cloud accounts

Identify, prioritize and remediate risks

as they arise

Avoid disrupting development teams with last-minute compliance

push

Copyright © 2016

CONTINUOUS (NIST 800-53) COMPLIANCEESP Dashboard

Compliance Report

User Attribution

ESP Alert

Copyright © 2016

Copyright © 2016

Copyright © 2016

Copyright © 2016

NIST SP 800-53 COMPLIANCE IN 1 CLICK

Copyright © 2016

NIST SP 800-53r4 • THE Gold Standard for US Security and Privacy Controls and is aligned with

ISO 27001

• FedRAMP / 800-171 (Protection of Controlled Unclassified Information) / DoD SRG / CNSSI 1253 (IC Controls) / DoJ CJIS / HIPAA are based from 800-53

• Evident Security Platform (ESP) is aligned with NIST

• AWS Infrastructure controls mapped by AWS and approved by FedRAMP / DoD / DoJ

Copyright © 2016

CIS AWS FOUNDATIONS BENCHMARK IN 1 CLICK

Copyright © 2016

CIS AWS FOUNDATIONS BENCHMARK• First compliance standard specific to AWS

• The gold standard for all baseline AWS security configurations

• Evident Security Platform (ESP) is aligned with CIS

• Infrastructure controls covered in CIS AWS Foundations compliance module

• Included in all ESP plans

Copyright © 2016

COMING SOON: MORE COMPLIANCE VIEWS• PCI-DSS v3.2

• SOC-2

• HIPAA

• ISO 27001

• 3rd party integrations with GRC platforms

• CJIS (DoJ Standard)

• Custom Compliance

Copyright © 2017Copyright © 2017

Sebastian Taphanel, CISSP-ISSEPPrincipal Solutions Architect, sebastian@evident.io 703-303-9782

@sebtaph Sebastian Taphanel

https://www.slideshare.net/sebastiantaphanel

CONTACT INFORMATION