| 💼 Application Security | 8 | | | | no data |
|  💼 SEC11-BP01 Train for application security | | | | | no data |
|  💼 SEC11-BP02 Automate testing throughout the development and release lifecycle | | | | | no data |
|  💼 SEC11-BP03 Perform regular penetration testing | | | | | no data |
|  💼 SEC11-BP04 Conduct code reviews | | | | | no data |
|  💼 SEC11-BP05 Centralize services for packages and dependencies | | | | | no data |
|  💼 SEC11-BP06 Deploy software programmatically | | | | | no data |
|  💼 SEC11-BP07 Regularly assess security properties of the pipelines | | | | | no data |
|  💼 SEC11-BP08 Build a program that embeds security ownership in workload teams | | | | | no data |
| 💼 Data Classification | 4 | | | | no data |
|  💼 SEC07-BP01 Understand your data classification scheme | | | | | no data |
|  💼 SEC07-BP02 Apply data protection controls based on data sensitivity | | | | | no data |
|  💼 SEC07-BP03 Automate identification and classification | | | | | no data |
|  💼 SEC07-BP04 Define scalable data lifecycle management | | | | | no data |
| 💼 Detection | 4 | | 1 | | no data |
|  💼 SEC04-BP01 Configure service and application logging | | | | | no data |
|  💼 SEC04-BP02 Capture logs, findings, and metrics in standardized locations | | | | | no data |
|  💼 SEC04-BP03 Correlate and enrich security alerts | | | 1 | | no data |
|  💼 SEC04-BP04 Initiate remediation for non-compliant resources | | | 1 | | no data |
| 💼 Identity management | 6 | | | | no data |
|  💼 SEC02-BP01 Use strong sign-in mechanisms | | | | | no data |
|  💼 SEC02-BP02 Use temporary credentials | | | | | no data |
|  💼 SEC02-BP03 Store and use secrets securely | | | | | no data |
|  💼 SEC02-BP04 Rely on a centralized identity provider | | | | | no data |
|  💼 SEC02-BP05 Audit and rotate credentials periodically | | | | | no data |
|  💼 SEC02-BP06 Employ user groups and attributes | | | | | no data |
| 💼 Operating your workloads securely | 8 | | | | no data |
|  💼 SEC01-BP01 Separate workloads using accounts | | | | | no data |
|  💼 SEC01-BP02 Secure account root user and properties | | | | | no data |
|  💼 SEC01-BP03 Identify and validate control objectives | | | | | no data |
|  💼 SEC01-BP04 Stay up to date with security threats and recommendations | | | | | no data |
|  💼 SEC01-BP05 Reduce security management scope | | | | | no data |
|  💼 SEC01-BP06 Automate deployment of standard security controls | | | | | no data |
|  💼 SEC01-BP07 Identify threats and prioritize mitigations using a threat model | | | | | no data |
|  💼 SEC01-BP08 Evaluate and implement new security services and features regularly | | | | | no data |
| 💼 Permissions management | 9 | | 1 | | no data |
|  💼 SEC03-BP01 Define access requirements | | | 1 | | no data |
|  💼 SEC03-BP02 Grant least privilege access | | | | | no data |
|  💼 SEC03-BP03 Establish emergency access process | | | | | no data |
|  💼 SEC03-BP04 Reduce permissions continuously | | | | | no data |
|  💼 SEC03-BP05 Define permission guardrails for your organization | | | | | no data |
|  💼 SEC03-BP06 Manage access based on lifecycle | | | | | no data |
|  💼 SEC03-BP07 Analyze public and cross-account access | | | | | no data |
|  💼 SEC03-BP08 Share resources securely within your organization | | | | | no data |
|  💼 SEC03-BP09 Share resources securely with a third party | | | | | no data |
| 💼 Preparation | 8 | | | | no data |
|  💼 SEC10-BP01 Identify key personnel and external resources | | | | | no data |
|  💼 SEC10-BP02 Develop incident management plans | | | | | no data |
|  💼 SEC10-BP03 Prepare forensic capabilities | | | | | no data |
|  💼 SEC10-BP04 Develop and test security incident response playbooks | | | | | no data |
|  💼 SEC10-BP05 Pre-provision access | | | | | no data |
|  💼 SEC10-BP06 Pre-deploy tools | | | | | no data |
|  💼 SEC10-BP07 Run simulations | | | | | no data |
|  💼 SEC10-BP08 Establish a framework for learning from incidents | | | | | no data |
| 💼 Protecting Compute | 5 | | | | no data |
|  💼 SEC06-BP01 Perform vulnerability management | | | | | no data |
|  💼 SEC06-BP02 Provision compute from hardened images | | | | | no data |
|  💼 SEC06-BP03 Reduce manual management and interactive access | | | | | no data |
|  💼 SEC06-BP04 Validate software integrity | | | | | no data |
|  💼 SEC06-BP05 Automate compute protection | | | | | no data |
| 💼 Protecting Data at Rest | 4 | | | | no data |
|  💼 SEC08-BP01 Implement secure key management | | | | | no data |
|  💼 SEC08-BP02 Enforce encryption at rest | | | | | no data |
|  💼 SEC08-BP03 Automate data at rest protection | | | | | no data |
|  💼 SEC08-BP04 Enforce access control | | | | | no data |
| 💼 Protecting Data in Transit | 3 | | | | no data |
|  💼 SEC09-BP01 Implement secure key and certificate management | | | | | no data |
|  💼 SEC09-BP02 Enforce encryption in transit | | | | | no data |
|  💼 SEC09-BP03 Authenticate network communications | | | | | no data |
| 💼 Protecting Networks | 4 | | 1 | | no data |
|  💼 SEC05-BP01 Create network layers | | | | | no data |
|  💼 SEC05-BP02 Control traffic flow within your network layers | | | | | no data |
|  💼 SEC05-BP03 Implement inspection-based protection | | | 1 | | no data |
|  💼 SEC05-BP04 Automate network protection | | | 1 | | no data |
| 💼 Security Foundations | | | | | no data |