Skip to content

ISO/IEC 27001:2013

The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27001:2013 standard specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Published in 2013, Annex A provides a reference set of 114 information security controls across 14 categories. This internationally recognized standard is applicable to organizations of all sizes and industries seeking to systematically manage information security risks.

Terraform Registry Subdomain: iso27001

module "..." {
  source  = "iso27001.compliance.tf/terraform-aws-modules/<module>/aws"
  version = "<version>"
}

module "..." {
  source = "https://iso27001.compliance.tf/terraform-aws-modules/<module>/aws"
}

Refer to the Terraform Registry Endpoints section for more details.

Implemented Controls

The following controls are implemented as part of this framework.

Enable/Disable Controls

You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.

Examples

S3 bucket module with ISO/IEC 27001:2013 compliance framework controls enabled, and a couple of controls disabled

module "..." {
  source = "https://iso27001.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=cloudwatch_alarm_action_enabled,iam_account_password_policy_min_length_14"
}