compliance.tf

AWS Compliance Frameworks

Compliance.tf supports 36 AWS compliance frameworks spanning industry standards, government mandates, and security benchmarks. Each framework maps to a dedicated Terraform registry endpoint. When you source a supported terraform-aws-modulesmodule through that endpoint, compliance.tf applies the framework's technical controls to the module configuration.

Customize which frameworks appear in navigation →

Core Frameworks

SOC 2
Service Organization Control 2 (SOC 2) is an auditing framework developed by the American Institute of Certified Public Accountants (AICPA) for evalua...
111 controlsGeneral
PCI DSS v4.0
The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is an information security standard for organizations that handle branded credi...
170 controlsGeneralFinancial Services
HIPAA Omnibus Rule 2013
The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule of 2013 strengthened privacy and security protections for health in...
104 controlsGeneralHealthcare/Life Sciences
ISO/IEC 27001:2022
ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS).
146 controlsGeneral
GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that regulates how personal data of individuals within the European ...
52 controlsGeneralRegional
NIS2 Directive (EU 2022/2555)
The NIS2 Directive (EU 2022/2555) is the European Union's updated cybersecurity legislation that strengthens security requirements for essential and i...
102 controlsRegional
NIST SP 800-53 Rev 5
The National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5 provides a comprehensive catalog of security and priva...
97 controlsPublic Sector
NIST Cybersecurity Framework v2.0
The National Institute of Standards and Technology (NIST) Cybersecurity Framework version 2.
133 controlsGeneral
FedRAMP Moderate Baseline Rev 4
The Federal Risk and Authorization Management Program (FedRAMP) Moderate Impact Baseline Revision 4 establishes security requirements for cloud servic...
96 controlsPublic Sector

Common Frameworks

CIS AWS Benchmark v6.0.0
The Center for Internet Security (CIS) AWS Foundations Benchmark version 6.0.
27 controlsAWS-specific
CIS Controls v8.0 IG1
The Center for Internet Security (CIS) Controls version 8.0 is a prioritized set of actions to protect organizations from known cyber attack vectors.
47 controlsGeneral
NIST SP 800-171 Rev 2
The National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 2 provides guidelines for protecting Controlled Unclass...
105 controlsPublic Sector
AWS Control Tower Guardrails
AWS Control Tower Guardrails are high-level rules that provide ongoing governance for AWS Control Tower environments.
13 controlsAWS-specific
AWS Well-Architected Framework v10
The AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for applications and ...
123 controlsAWS-specific
CISA Cyber Essentials
The Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials is a guide for leaders of small businesses and state, local, tribal, and ...
86 controlsAWS-specific
NYDFS Cybersecurity Regulation
The New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies, codified as 23 NYCRR 500, establish...
74 controlsFinancial Services
CIS AWS Benchmark v1.4.0
The Center for Internet Security (CIS) AWS Foundations Benchmark version 1.4.
24 controlsAWS-specific
CIS AWS Benchmark v5.0.0
The Center for Internet Security (CIS) AWS Foundations Benchmark version 5.0.
27 controlsAWS-specific

Specialized Frameworks

FFIEC Cybersecurity Assessment Tool
The Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool helps financial institutions identify cybersecurity risks...
84 controlsFinancial Services
CCCS Medium Cloud Control Profile
The Canadian Centre for Cyber Security (CCCS) Medium Cloud Control Profile provides security control baselines for cloud services used by the Governme...
21 controlsPublic SectorRegional
ACSC Essential Eight
The Australian Cyber Security Centre (ACSC) Essential Eight is a baseline cybersecurity framework designed to protect Australian organizations against...
65 controlsRegional
ACSC ISM March 2023
The Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) is a comprehensive cybersecurity framework developed by the Australian G...
27 controlsRegional
EU GMP Annex 11
The European Union Good Manufacturing Practice (GMP) Annex 11 provides guidance on computerized systems used in pharmaceutical manufacturing and quali...
47 controlsHealthcare/Life Sciences
Title 21 CFR Part 11
The Code of Federal Regulations (CFR) is the codification of the general and permanent rules published in the Federal Register by the departments and ...
99 controlsHealthcare/Life Sciences
RBI Cyber Security Framework for UCBs
The Reserve Bank of India (RBI) Cyber Security Framework for Urban Cooperative Banks (UCBs) provides baseline cybersecurity standards for urban cooper...
79 controlsFinancial ServicesRegional
RBI IT Framework for NBFCs
The Reserve Bank of India (RBI) Information Technology Framework for Non-Banking Financial Companies (NBFCs) establishes IT governance, security, and ...
60 controlsFinancial ServicesRegional
AWS Generative AI Best Practices v2
The AWS Generative AI Best Practices Framework version 2 provides guidance for building, deploying, and operating generative AI applications on AWS in...
5 controlsAWS-specific
FedRAMP Low Baseline Rev 4
The Federal Risk and Authorization Management Program (FedRAMP) Low Impact Baseline Revision 4 establishes security requirements for cloud services ha...
74 controlsPublic Sector
Retired Frameworks (8)
  • CIS AWS Benchmark v1.2.0The Center for Internet Security (CIS) AWS Foundations Benchmark version 1.2.
  • CIS AWS Benchmark v1.3.0The Center for Internet Security (CIS) AWS Foundations Benchmark version 1.3.
  • CIS Controls v7.1 IG1The Center for Internet Security (CIS) Controls version 7.1 is a prioritized set of actions to protect organizations from known cyber attack vectors.
  • HIPAA Security Rule 2003The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, published in February 2003, establishes national standards to protect e...
  • ISO/IEC 27001:2013The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27001:2013 standard specifies requirement...
  • NIST Cybersecurity Framework v1.1The National Institute of Standards and Technology (NIST) Cybersecurity Framework version 1.
  • NIST SP 800-53 Rev 4The National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4 provides a catalog of security and privacy controls fo...
  • PCI DSS v3.2.1The Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 is an information security standard for organizations that handle branded cre...

CloudWatch

Previous Page

SOC 2

Next Page