AWS – AWS Control Tower now supports seven new compliance frameworks

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023.

To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We’ve also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., “Data Protection”), an objective (e.g., “Data Encryption”), and a common control (e.g., “Encrypt data at rest”). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you’re using AWS Config, now you’ll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment.

You can use Control Catalog with new mappings in all AWS Regions where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit AWS Control Tower User Guide.

Read More for the details.