This model will help you prioritize recommended actions to strengthen your security posture at every stage of your journey to the cloud.
The classification of the different recommendations into the phases is based on how easy and cost efficient is to implement the security control, and the positive impact to the security posture.
If you have not yet visited the model, it is recommended to review the introduction section and move forward using the > arrows to advance in the model.
If you want to go straight to the recommendations, go to Maturity Model
Please complete the survey after browsing this model.
Recommendations are aligned, the maturity model helps with the prioritization, providing prescriptive guidance (advice based on our experience from the field) with implementation details to help you build your journey towards improving your cloud security in a coherent and efficient order to minimize risks as soon as possible.
One additional aspect in which the maturity model complements CAF and well architected is the learning contents available in the model: short videos, mind maps, and other resources.
Regarding the assessment, Well-Architected Tool is more focused on a single workload, while the recommendations in the maturity model are about the whole organization, including technology, people and processes.
This asset does not intend to replace Well-Architected or CAF, it’s intended to complement them, helping with prioritization, simplifying learning, and accelerating implementation suggesting how to implement the security controls.
No, documentation intends to be comprehensive, and show you all the possible paths towards your goal. This model is a set of opinionated prescriptive guidance, that focuses on the paths that in our experience are the most efficient way to secure most organizations.
It was built by a team of AWS Security specialists and validated through dozens of peer reviews
It is currently being used by over 100 AWS Solutions Architects to improve the security posture of their customers and had over 50.000 unique users in the last 12 months.
Please review the Introduction section to understand the prioritization criteria, as it does not follow the typical approach of maturity models. It’s much more practical.
Often customers ask is this model for Enterprises? SMB? Startups? in which state of cloud adoption ? The answer is that it’s made to fit most organizations if they have or intend to have productive workloads. More mature enterprise will be able to evaluate the alignment to the complete model, and perhaps startup starting will focus on the first two phases, but it will help set a strategy for most organizations of all type. Individuals learning or experimenting with a single account will only need the very basics such as MFA, Security Contacts, Billing Alarm…
This new version reflects multiple updates to our services and recommendations, but if you were running a security journey / assessment and need to access the v1, you can find it here