# Crawl stage: Planning, building, and assessing
<a name="crawl"></a>



![\[Icon of crawling person\]](http://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-accelerating-security-maturity/images/crawl.png)


The crawl stage starts with planning. Planning involves determining the security scope and choosing the model that best fits your organization. After you establish the plan, you can start building a foundation. This is followed by assessing your current security posture and setting up a discipline as soon as you build the security infrastructure. The crawl stage is iterative. Iteration in the cloud is faster than iteration in an on-premises environment. As you mature your cloud capabilities, the process for iteration accelerates.

The following are the phases in the crawl stage:
+ [Plan](plan.md) – How do you figure out your scope and select a model?
+ [Build](build.md) – How are you going to establish the framework?
+ [Assess](assess.md) – What is your current security posture?