It's a journey: progressively improve in security matters
The process to improve your security posture in AWS is an evolutionary path.
1.- Quick Wins
As we said, on the previous page, Quick Wins are the first thing to focus on, controls that you could implement in an organization within a maximum of one or two weeks, and will significantly improve your security posture.
2.- Foundational
Then there are the controls and recommendations that can take a bit more effort to implement, but are very important, the Foundations. Foundational recommendations that everyone should implement when running production workloads to in the cloud.
3.- Efficient
In a third phase there are some controls and recommendations that allow us to manage security in an efficient way. Everyone should have a plan to achieve alignment with most of these recommendations.
4.- Optimized
And finally there are those controls and recommendations that allow you to optimize in a continuous improvement cycle the security posture every day. It will be characterized by security controls that are often seen in more mature organizations, in terms of security, or large organizations with very demanding requirements.
These recommendations may have significant value to the security of the organization but they require much more effort, especially on People/Processes