Skip to main content

Supported Compliance Frameworks

Amnify maps security checks to a wide range of compliance frameworks. Here’s what’s available per cloud provider.

CIS Benchmarks

The Center for Internet Security (CIS) publishes benchmarks with prescriptive security guidance. Amnify supports multiple versions:
  • AWS: CIS AWS Foundations Benchmark
  • Azure: CIS Microsoft Azure Foundations Benchmark (versions 2.0, 3.0, 4.0, 5.0)
  • GCP: CIS GCP Foundations Benchmark
  • M365: CIS Microsoft 365 Foundations Benchmark
CIS checks include Level 1 (essential, broad applicability) and Level 2 (defense-in-depth, may affect usability) profiles.

SOC2

Service Organization Control 2 — focused on security, availability, processing integrity, confidentiality, and privacy. Amnify maps relevant security checks to SOC2 trust service criteria. Available for: AWS, Azure, GCP

PCI-DSS

Payment Card Industry Data Security Standard — required for organizations handling payment card data. Amnify covers the infrastructure and configuration aspects of PCI-DSS requirements. Available for: AWS, Azure, GCP

ISO 27001

International standard for information security management systems (ISMS). Amnify maps checks to ISO 27001 Annex A controls. Available for: AWS, Azure

HIPAA

Health Insurance Portability and Accountability Act — applies to organizations handling protected health information (PHI). Amnify covers the technical safeguard requirements. Available for: AWS, Azure

NIST 800-53

National Institute of Standards and Technology Special Publication 800-53 — comprehensive security and privacy controls for federal information systems. Available for: AWS, Azure

MITRE ATT&CK

A knowledge base of adversary tactics and techniques. Amnify maps security checks to MITRE ATT&CK techniques to help you understand which attack vectors your configuration is vulnerable to. Available for: AWS, Azure

NIS2

The EU Network and Information Security Directive 2 — cybersecurity requirements for essential and important entities in the EU. Available for: Azure

Assessment types

Each compliance requirement in Amnify is marked as either:
  • Automated — Amnify can evaluate this requirement through its security checks
  • Manual — Requires human review; Amnify shows the requirement for tracking but cannot automatically assess it