Skip to main content
← All benchmarks
CIS AWS Foundations Benchmark

CIS AWS Foundations Benchmark, continuously evidenced.

The CIS AWS Foundations Benchmark v4.0.0 defines 86 security controls covering AWS account configuration: IAM, Logging (CloudTrail, CloudWatch, AWS Config), Monitoring, Networking (VPC, Security Groups), and Storage (S3). CISGuard scans AWS accounts agentlessly via IAM roles, with per-account posture and multi-account Organizations rollup.

CloudAgentlessPro+ tier
Quick Facts

AWS Foundations benchmark at a glance.

Benchmark version
v4.0.0
Total controls
86
Scan type
Agentless
Available tier
Pro and above
Category
Cloud
Drift detection
Yes, between every scheduled scan
Coverage

What this benchmark actually covers.

  • IAM (root account, MFA, password policy, access keys)
  • Logging (CloudTrail multi-region, S3 bucket logging)
  • Monitoring (CloudWatch alarms for critical events)
  • Networking (VPC default security groups, flow logs)
  • S3 (bucket policies, encryption, versioning)
  • AWS Config + Security Hub integration
Frequently Asked

AWS Foundations questions, answered directly.

How does CISGuard scan AWS agentlessly?

CISGuard assumes a read-only IAM role in each AWS account in scope, querying the AWS API for configuration evidence. No software deployed to EC2 instances or AWS services. Multi-account scanning uses AWS Organizations for centralized role provisioning across hundreds of accounts.

Does CISGuard support AWS Organizations and multi-account scanning?

Yes. CISGuard supports AWS Organizations with centralized role provisioning across member accounts. Cross-account rollup aggregates posture for enterprise-wide reporting. Common deployments cover 50-500+ AWS accounts under a single Organization.

Does CISGuard support AWS GovCloud?

Yes. CISGuard supports AWS Commercial, AWS GovCloud (US-East and US-West), and AWS China as sovereign deployments. The benchmark applies uniformly; endpoint URLs differ. AWS GovCloud customers get the same Framework Coverage Reports as commercial customers.

Related Benchmarks

Often deployed together with AWS Foundations.

Container & Orchestration

Amazon EKS

48 controls · v1.8.0

Read more →
Cloud

Azure Foundations

155 controls · v5.0.0

Read more →

Want a AWS Foundations scan of your environment?

Our compliance engineers will scope your environment and quote within one business day of an initial briefing.

Request Executive Briefingsales@cisguard.ae →