Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history 
wip

wip

wip

wip
  • Loading branch information
@sean1588
sean1588 committed Aug 15, 2024
1 parent 9aa7859 commit 6698927
Show file tree
Hide file tree
Showing 12 changed files with 628 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,6 @@ _vendor/
# Ignore log files.
/scripts/link-checker/pages-with-broken-links.txt

/content/compliance
.doctrees/
.buildinfo
4 changes: 4 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,7 @@ deploy-dev-stack:
.PHONY: destroy-dev-stack
destroy-dev-stack:
./scripts/destroy-dev-stack.sh

.PHONY: generate-compliance-pages
generate-compliance-pages:
./scripts/content/generate-compliance-pages.sh
4 changes: 4 additions & 0 deletions content/compliance/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
title: Compliance Frameworks
meta_desc: add meta desc here add meta desc here add meta desc here add meta desc here add meta desc here
---
29 changes: 29 additions & 0 deletions data/compliance/pages.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"framework": "PCI-DSS",
"cloud": "AWS",
"resources": [
"RDS",
"EC2",
"ALB",
"VPC",
"Subnet",
"CloudFront",
"ECS",
"EKS",
"IAM",
"KMS"
]
},
{
"framework": "ISO-27001",
"cloud": "AWS",
"resources": [
"RDS",
"EC2",
"ALB",
"VPC",
"Subnet"
]
}
]
261 changes: 261 additions & 0 deletions layouts/compliance/iso-27001.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,261 @@
{{ define "main" }}

{{ partial "hero.html" (dict "title" .Title) }}
<div class="container mx-auto">
<section class="mt-8 py-8 px-4 md:px-0">
<div class="container mx-auto max-w-4xl text-center my-16 px-6">
<h2>{{ .Title }}</h2>
<p>
Pulumi can assist your organization's IT infrastructure with becoming ISO 27001 compliant.
</p>
<div class="mt-10">
<a href="#form" rel="noopener noreferrer" class="btn-primary">Speak with a Solutions Architect!</a>
</div>
</div>
</section>
<section class="mt-8 py-8 px-4 md:px-0">
<div class="container mx-auto max-w-4xl">
<h3>What is ISO 27001 compliance?</h3>
<p>
ISO 27001 is an internationally recognized standard for managing information security. It
provides a framework for establishing, implementing, maintaining, and continually improving
an Information Security Management System (ISMS). The standard helps organizations manage and
protect their information assets so that they remain secure, using a risk management approach.
</p>
</div>
</section>
<section class="mt-8 py-8 px-4 md:px-0">
<div class="container mx-auto max-w-4xl">
<h3>Key Aspects of ISO 27001 Compliance:</h3>
<p>
To make your {{ .Params.resource }} instance in AWS compliant with ISO 27001, you need to align
your information security management practices with the ISO 27001 standard.
Below is a checklist to guide you through the necessary steps:
</p>
<h4>1. Establish an Information Security Management System (ISMS)</h4>
<ul>
<li>
<strong>Define the ISMS Scope:</strong> Determine the scope of your
ISMS, including which parts of your infrastructure, such as your {{ .Params.resource }}
instance, will be covered.
</li>

<li>
<strong>Develop Security Policies:</strong> Create and document
information security policies that align with ISO 27001 requirements.
</li>

<li>
<strong>Set Security Objectives:</strong> Define clear security
objectives and ensure they align with your organization's strategic
goals.
</li>
</ul>
<h4>2. Conduct a Risk Assessment</h4>
<ul>
<li>
<strong>Identify Information Assets:</strong> Identify all information
assets associated with your {{ .Params.resource }} instance, such as data stored,
applications running, and network configurations.
</li>

<li>
<strong>Assess Risks:</strong> Perform a risk assessment to identify
potential threats and vulnerabilities that could impact the security of
your {{ .Params.resource }} instance.
</li>

<li>
<strong>Risk Treatment Plan:</strong> Develop a risk treatment plan to
address identified risks, using ISO 27001’s Annex A controls where
applicable.
</li>
</ul>
<h4>3. Implement Security Controls</h4>
<ul>
<li>
<strong>Access Control:</strong> Ensure that access to your {{ .Params.resource }} instance
is restricted to authorized personnel only. Use AWS Identity and Access
Management (IAM) to enforce least privilege access.
</li>

<li>
<strong>Encryption:</strong> Encrypt data at rest and in transit. Use
AWS services like AWS Key Management Service (KMS) and enable HTTPS/TLS
for secure communication.
</li>

<li>
<strong>Logging and Monitoring:</strong> Enable CloudTrail, AWS Config,
and VPC Flow Logs to monitor access and activity on your {{ .Params.resource }} instance.
Regularly review logs for any suspicious activity.
</li>

<li>
<strong>Backups and Recovery:</strong> Implement automated backups of
your {{ .Params.resource }} instance data and ensure that recovery procedures are in place.
Use services like AWS Backup or snapshots.
</li>
</ul>
<h4>4. Leadership and Commitment</h4>
<ul>
<li>
<strong>Management Support:</strong> Ensure that senior management is
involved and supports the ISMS. They should provide the necessary
resources and demonstrate commitment to information security.
</li>

<li>
<strong>Define Roles and Responsibilities:</strong> Clearly define and
document the roles and responsibilities of personnel involved in
managing the {{ .Params.resource }} instance and information security.
</li>
</ul>
<h4>5. Awareness and Training</h4>
<ul>
<li>
<strong>Security Awareness Training:</strong> Provide regular training
to all personnel involved with the {{ .Params.resource }} instance on information security
best practices and ISO 27001 requirements.
</li>

<li>
<strong>Competency Development:</strong> Ensure that personnel have the
necessary skills and knowledge to manage the {{ .Params.resource }} instance securely.
</li>
</ul>
<h4>6. Operational Security</h4>
<ul>
<li>
<strong>Patch Management:</strong> Regularly update and patch the
operating system, applications, and any dependencies running on your {{ .Params.resource }}
instance.
</li>

<li>
<strong>Configuration Management:</strong> Securely configure your {{ .Params.resource }}
instance, following best practices for reducing attack surfaces, such as
disabling unnecessary services and restricting administrative access.
</li>

<li>
<strong>Incident Response:</strong> Develop and document an incident
response plan. Ensure that you can quickly detect, respond to, and
recover from security incidents involving your {{ .Params.resource }} instance.
</li>
</ul>
<h4>7. Supplier Management</h4>
<ul>
<li>
<strong>Third-Party Risks:</strong> Ensure that any third-party services
you use (e.g., for payment processing or backups) are also compliant
with ISO 27001 or have robust security measures in place.
</li>

<li>
<strong>Service Level Agreements (SLAs):</strong> Establish SLAs that
include information security requirements with third-party providers.
</li>
</ul>
<h4>8. Performance Evaluation</h4>
<ul>
<li>
<strong>Regular Audits:</strong> Conduct internal audits to assess the
effectiveness of the security controls and the ISMS in relation to your
{{ .Params.resource }} instance.
</li>

<li>
<strong>Monitoring and Review:</strong> Regularly monitor security
metrics, review logs, and perform security reviews to ensure ongoing
compliance.
</li>
</ul>
<h4>9. Continuous Improvement</h4>
<ul>
<li>
<strong>Corrective Actions:</strong> When non-conformities are
identified (e.g., during an audit or security incident), take corrective
actions to address them and prevent recurrence.
</li>

<li>
<strong>ISMS Improvement:</strong> Continuously improve the ISMS by
updating policies, procedures, and controls based on lessons learned and
changing risk landscapes.
</li>
</ul>
<h4>10. Certification</h4>
<ul>
<li>
<strong>External Audit:</strong> Engage an accredited certification body
to conduct an audit of your ISMS. This process typically involves a
documentation review (Stage 1) followed by an assessment of the
implementation of controls (Stage 2).
</li>

<li>
<strong>Surveillance Audits:</strong> After achieving certification, be
prepared for regular surveillance audits to ensure continued compliance
with ISO 27001.
</li>
</ul>
<h4>11. Documentation</h4>
<ul>
<li>
<strong>Maintain Documentation:</strong> Keep thorough records of your
security policies, risk assessments, treatment plans, audits, and any
changes to the ISMS.
</li>

<li>
<strong>Security Policy:</strong> Ensure that your security policy is
communicated to all relevant stakeholders and is reviewed regularly.
</li>
</ul>
<p>
By following these steps, you'll align your {{ .Params.resource }} instance with ISO 27001
requirements and help ensure the security of your information assets.
Remember that achieving ISO 27001 compliance is an ongoing process,
requiring regular reviews and updates to your ISMS.
</p>

</div>
</section>

<section class="mt-8 py-8 px-4 md:px-0">
<div class="container mx-auto max-w-4xl">
<h3>Pulumi Insights</h3>
<p>
Use Pulumi Insights to gain visibility into your IT infrastructure's configuration to assess compliance.
</p>
<img src="https://www.pulumi.com/uploads/pulumi-insights-search.gif" />
<p>
Use Copilot to assist configuring your infrastructure to make it compliance ready.
</p>
<img src="/images/compliance/co-pilot-1.png" />
</div>
</section>

<section class="mt-8 py-8 px-4 md:px-0">
<div class="container mx-auto max-w-4xl">
<h3>Compliance Ready Policies</h3>
<p>
With comprehensive coverage of AWS, Azure, Google, and Kubernetes, Pulumi Compliance Ready Policies
provide an enhanced level of control and governance over your cloud resources.
</p>
</div>
</section>

<section id="form" class="container mx-auto justify-center text-center my-16 p-4">
<div class="w-full flex flex-col items-center lg:w-1/2 card bg-white mx-auto p-12">
<h3>Talk to a Solutions Architect</h3>
<p>Get in touch with our Solutions Architects to get all your resources in use with Pulumi Insights</p>
<pulumi-hubspot-form form-id="2c0ddce4-175a-4278-8ded-ca67d615bd59" class="mt-5"></pulumi-hubspot-form>
</div>
</section>

</div>

{{ partial "learnmore-contactus.html" . }}
{{ end }}
12 changes: 12 additions & 0 deletions layouts/compliance/list.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{ define "main" }}
<h1>{{ .Title }}</h1>

<ul>
{{ range .Pages }}
<li>
<a href="{{ .Permalink }}">{{ .Title }}</a>
</li>
{{ end }}
</ul>

{{ end }}
Loading

0 comments on commit 6698927

Please sign in to comment.