In this section you will find controls and recommendations that may take some more effort to implement, but are very important.
| Security governance | Identify security and regulatory requirements Cloud Security Training Plan |
| Security assurance | Configuration monitoring with AWS Config |
| Identity and access management | Centralized user repository Organization Policies - SCPs |
| Threat detection | Investigate most Amazon GuardDuty findings |
| Vulnerability management | Manage vulnerabilities in your infrastructure and perform pentesting Manage vulnerabilities in your applications |
| Infrastructure protection | Manage your instances with Fleet Manager Network segmentation - Public/Private Networks (VPCs) Multi-account management with AWS Control Tower |
| Data protection | Data Encryption - AWS KMS Backups Discover sensitive data with Amazon Macie |
| Application security | Involve security teams in development No secrets in your code - AWS Secrets Manager |
| Incident response | Define incident response playbooks - TableTop Exercises Redundancy using multiple Availability Zones |