1 Answer
- Newest
- Most votes
- Most comments
0
There are two main approaches to deploying your NIST 800-53 and CIS conformance packs across your 10 AWS accounts:
1. Account-by-Account Deployment:
This method involves manually deploying the conformance packs to each account individually. You can achieve this using the AWS Config console or the AWS CLI. While straightforward for a small number of accounts, it becomes cumbersome and error-prone for 10 accounts.
2. Deployment using Control Tower (Recommended):
This method leverages Control Tower's capabilities for centralized management across your organization. Here's how to achieve this:
Associate Managed Rules with Accounts:
Relevant content
- asked 3 months ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
How about generating the report to find Non-Compliant Resources?
You can find from the config console --> view Non-Compliance Details: --> Non-Compliance Breakdown:
You can also automate the reporting there is solution I found in blog https://aws.amazon.com/blogs/mt/automate-aws-config-reporting-for-noncompliant-resources-that-have-been-non-compliant-for-a-period-of-time/