Welcome to the AWS Security Maturity Model

This model will help you prioritize recommended actions to strengthen your security posture at every stage of your journey to the cloud.

The classification of the different recommendations into the categories depends on the cost and difficulty of implementing the security control, and the positive impact that it will achieve.

If you have not yet visited the model, it is recommended to review the introduction and move forward using the > arrows to advance in the model.

If you have already visited the model and want to go straight to one recommendation, see the full maturity model

The model will be updated monthly so it is recommended to visit it periodically.

Please complete the survey after browsing this model.

This model is not part of AWS official documentation, and did not pass through the official validation process yet.
It is an asset built by a team of AWS Security specialists and validated through dozens of peer reviews.
Please review the Introduction section to understand the prioritization criteria.
This document does not intend to replace Well-Architected or CAF, it’s intended to help with prioritization and learning.