Legacy control objectives

Warning

This page will be removed in a future release.

These control objectives were the original objectives for AWS Control Tower controls. As AWS Control Tower has expanded to include more indistry frameworks, we have expanded the list of objectives. This list is available as historical guidance, to help you make the transition to newer controls and API implementations.

Sometimes controls must be applied in a group so that the control objective is enforced. Information about related controls is viewable in the AWS Control Tower console, on the Control details page.

Legacy control objectives

For more information about controls, see AWS Control Tower Controls Reference Guide. To retrieve the most up-to-date list of new control objectives, call the ListObjectives API from the controlcatalog namespace of AWS Control Tower.

CO.1 Establish logging and monitoring
CO.2 Encrypt data at rest
CO.3 Encrypt data in transit
CO.4 Protect data integrity
CO.5 Enforce least privilege
CO.6 Limit network access
CO.7 Optimize costs
CO.8 Improve resiliency
CO.9 Improve availability
CO.10 Protect configurations
CO.11 Prepare for incident response
CO.12 Manage vulnerabilities
CO.13 Manage secrets
CO.14 Prepare for disaster recovery
CO.15 Use strong authentication

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Control objectives

Frameworks supported