LSOPS03-BP02 Limit available services to improve regulatory adherence

Use infrastructure tooling to allow only services that fit into required regulatory frameworks.

Desired outcome: Only approved services will be available for use.

Level of risk exposed if this best practice is not established: Medium

Implementation guidance

Verify components and services used as available to comply with identified frameworks. Check vendor documentation to confirm that the products you use are approved at the vendor level.

Implementation steps

Identify the available services by referring to AWS Compliance Programs.
Review audit guides for the available services.
Setup an AWS Organization to be able to centrally manage policies and controls.
Implement service control policies (SCP) limiting access to only the available services.

Resources

Related guides, videos, and documentation:

Related tools:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

LSOPS03-BP01 Perform supplier and vendor assessment of each vendor

LSOPS03-BP03 Establish clear definitions of responsibilities between you, vendors, and users