Welcome to the AWS Security Maturity Model

This model will help you prioritize recommended actions to strengthen your security posture at every stage of your journey to the cloud.

The classification of the different recommendations into the categories depends on the cost and difficulty of implementing the security control, and the positive impact that it will achieve.

If you have not yet visited the model, it is recommended to review the introduction and move forward using the > arrows to advance in the model.

If you have already visited the model and want to go straight to one recommendation, see the full maturity model

The model will be updated monthly so it is recommended to visit it periodically.

Please complete the survey after browsing this model.

This model is not part of AWS official documentation. It’s a set of opinionated prescriptive guidance built by a team of AWS Security specialists and validated through dozens of peer reviews (not a formal process).
It is currently being used by over 100 AWS Solutions Architects to improve the security posture of their customers and had over 40.000 unique users in the last 12 months.
Please review the Introduction section to understand the prioritization criteria, as it does not follow the typical approach.
This document does not intend to replace Well-Architected or CAF, it’s intended to help with prioritization and simplify learning.