By: Kelly White, Founder and CEO, RiskRecon
Achieving good third-party risk outcomes requires that your vendors operate secure cloud environments. Amazon Web Services dominates them all, with RiskRecon observing that 75% of organizations host at least one system in AWS. To help you better manage your third-party cloud security risk, RiskRecon is pleased to provide you the RiskRecon’s Amazon Web Services Third-Party Assessment Toolkit.
The AWS Assessment Toolkit provides cybersecurity risk professionals the knowledge and tools necessary to assess the core controls of any enterprise or third-party AWS environment. It details 33 security controls and related processes that are essential elements of the security of any AWS deployment, spanning Identity and Access Management, Encryption, Network Security, and Detection and Monitoring, among others.
The Toolkit contains two assets - an assessment Playbook and a Questionnaire. The Playbook provides you the knowledge necessary to understand and assess the security state of each of the AWS security controls, explaining what the control is, why it is important, and how to gather evidence to assess the control state. The Questionnaire provides you a mechanism to assess third-party compliance with the AWS security control standard.
The AWS Security Assessment Toolkit was developed by RiskRecon, in collaboration with the cybersecurity professionals of Stratum Security. Stratum Security has deep expertise in assessing, architecting, and operating secure AWS environments.
RiskRecon believes that third-party assessments founded on objective evidence yield better risk outcomes. This Toolkit provides you the knowledge and mechanisms to get a deeper assurance of the security quality of your third-party AWS deployments.