# SEC01-BP03 Identify and validate control objectives
<a name="sec_securely_operate_control_objectives"></a>

 Based on your compliance requirements and risks identified from your threat model, derive and validate the control objectives and controls that you need to apply to your workload. Ongoing validation of control objectives and controls help you measure the effectiveness of risk mitigation. 

 **Level of risk exposed if this best practice is not established:** High 

## Implementation guidance
<a name="implementation-guidance"></a>
+  Identify compliance requirements: Discover the organizational, legal, and compliance requirements that your workload must comply with. 
+  Identify AWS compliance resources: Identify resources that AWS has available to assist you with compliance. 
  +  [https://aws.amazon.com/compliance/ ](https://aws.amazon.com/compliance/)
  + [ https://aws.amazon.com/artifact/](https://aws.amazon.com/artifact/) 

## Resources
<a name="resources"></a>

 **Related documents:** 
+ [AWS Security Audit Guidelines](https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html) 
+ [ Security Bulletins](https://aws.amazon.com/security/security-bulletins/) 

 **Related videos:** 
+  [AWS Security Hub CSPM: Manage Security Alerts and Automate Compliance](https://youtu.be/HsWtPG_rTak) 
+  [Security Best Practices the Well-Architected Way](https://youtu.be/u6BCVkXkPnM)