|   Trend Micro Cloud One™
Open menu
Security and Compliance for AWS

Security Overview

Cloud Conformity helps you to continuously improve your security and compliance posture for AWS infrastructure through automated checks and clear remediation steps.

As cloud computing continues to speed up the building and deployment of cloud services enabling scalability like never before, new cloud security practices are often shelved because of time constraints, lack of skilled resources and knowledge gaps. Cloud Conformity’s automated platform lightens this load for you.

The core platform provides over 520 out-of-the-box, real-time AWS infrastructure best practice rule checks with manual remediation and self-healing capability. The platform enables continuous detection and correction of all best practice violations.

The single pane of glass dashboard provides full and clear visibility of your entire AWS infrastructure granting superior management, control of your accounts and ongoing peace of mind.


Cloud Conformity provides continuous assurance against Industry Compliance Standards including HIPAA, GDPR, CIS, NIST, PCI-DSS, APRA, and MAS.

With many businesses being held to more than one of these evolving standards, Cloud Conformity continually checks against each of them for you keeping your infrastructure effortlessly compliant and your organization’s reputation high, dependable and fine-free.

We are continuously adding more compliance standards to Cloud Conformity.

Well-Architected Framework

The AWS Well-Architected Framework is deeply rooted in Cloud Conformity’s DNA to ensure your infrastructure is truly benefiting from all of the advantages of AWS cloud.

The framework forms the foundation of the compliance scores shown throughout Cloud Conformity, and each rule and remediation step clearly displays which pillar it supports.

The Well-Architected Framework is made of up five pillars; Operational Excellence, Security, Reliability, Performance Efficiency and Cost Optimization. Architecting and maintaining your environments in line with the Well-Architected Framework creates best-of-breed infrastructure and prevents common technical pitfalls.

Knowledge Base and Remediation Steps

The Knowledge Base contains the 520+ ready-to-go checks that run against your AWS accounts, and the simple, step-by-step remediation rules to rectify any failures.

The continually growing library of immediate checks offers a comprehensive and accessible way to achieve and maintain the ever-changing AWS standards alongside new services for your evolving infrastructure.

Each rule explains the logic and reasoning behind it and includes both CLI and AWS Console steps for manual audits and remediation, empowering all developers and engineers to understand the underlying vulnerabilities, regardless of their technical acumen. This important combination naturally instills continuous best practice for your AWS environments whether it’s by a DevSecOps team or junior developer, while creating instant AWS expertise.


The Cloud Conformity API enables users to directly interact with Cloud Conformity on their own terms and with added flexibility.

Using the API allows Cloud Conformity to be more heavily integrated into your CI/CD pipeline and live AWS environments. For example, incorporate stage gate compliance controls, providing greater opportunity to continually prioritize compliance and security over hasty infrastructure changes.

To maintain security, Cloud Conformity users have access to two API keys to allow for rotation with endpoints.

Workflow Integration

Understanding the unique workings of each organization, Cloud Conformity integrates flawlessly into your existing workflows to minimize disruption.

It offers numerous customization choices around each rule, individual access levels and 3rd party communication channel integrations, including Slack, Jira, Zendesk and AWS SNS so you have full autonomy over how Cloud Conformity works for your organization.

Starting right from sign in, Cloud Conformity also makes it easy to stay compliant by offering SSO solutions such as Okta, Microsoft ADFS/Azure AD, and more.


Cloud Conformity can define and enforce your unique tagging policy across any number of accounts or environments, and allows your organization to build governance and policies around your tag resources.

Easily identify and rectify which resources are not properly tagged, through seamless ingestion of existing business critical AWS tags and implementation of policies to ensure industry compliance across your entire infrastructure.


Cloud Conformity has an extensive reporting feature involving multi-category options, so no matter how obscure or particular the source you’ll always find its status.

Users can run preconfigured or customized reports on any filter, such as AWS service, resource type, tags, rule type, date, and so on. The combination of filters are endless giving you complete access to exhaustively audit your infrastructure.

For easy reference and quick updates, customized reports can be saved and scheduled to automatically run and be distributed whenever you choose - serving the whole company’s schedule.


Create reusable profiles to easily manage user privileges and rule settings within your organization.

Using your own customized profiles provides a fail-safe method to ensure any new accounts follow the required Compliance Standards configurations already set for your business. All you need for immediate account set-up is to align the right profiles to the right accounts.

Custom Rules

Understanding that organizations can have unique requirements, Cloud Conformity offers users the opportunity to create their own custom AWS infrastructure rules in three ways:

  • Cloud Conformity release around 15 new rules per month - work with us to get your rules built while also helping the greater Cloud Conformity community to benefit

  • Build custom rules using the AWS Config service, with native integration rules you’ve created in AWS flowing through to Cloud Conformity effortlessly

  • The Cloud Conformity API includes using custom endpoint checks and benefits from the use of multiple languages meaning the rule checks are integrated more seamlessly into your existing in-house apps