CLOUD APP AND CONFIG PROFILE
A configuration baseline for apps running in the cloud
The Cloud App and Config profile sets testable requirements for securing applications running on AWS, Google Cloud, and Microsoft Azure.
CLOUD APP AND CONFIG PROFILE
A configuration baseline for apps running in the cloud
The Cloud App and Config profile sets testable requirements for securing applications running on AWS, Google Cloud, and Microsoft Azure.
OVERVIEW
The Cloud App and Config profile gives developers prescriptive guidance for securely configuring a defined set of cloud services on Amazon Web Services, Google Cloud, and Microsoft Azure.
The profile emphasizes foundational, testable, and architecture-agnostic settings, suitable for applications that process confidential data such as credentials, keys, or user and company data. It is written for the technical and security teams who develop, deploy, assess, or secure cloud solutions.
Program Benefits
Provider-agnostic
A single set of requirements that applies across AWS, Google Cloud, and Azure.
Fits any architecture
Requirements that apply no matter how an application is built.
Testable baseline
A foundational set of requirements with defined assessment criteria.
Certification Requirements
Every application in the Cloud App and Config profile is measured against requirements in the following areas.
Compute
Maintaining a software inventory, encrypting confidential data in transit and at rest, managing firewalls and default accounts, and removing unnecessary services.
Identity and Access Management
Controlling who can reach data and systems through access control lists, role-based access, unique credentials, and multi-factor authentication for exposed, remote, and administrative access.
Logging and Monitoring
Collecting and reviewing audit logs, tuning security alerts, tracking access to confidential data, and keeping systems patched and scanned.
Networking
Encrypting data in transit and maintaining secure configurations for network infrastructure and server firewalls.
Storage
Protecting stored data through recovery processes, encryption, access control lists, and secure management of assets.
Database Services
Hardening database infrastructure with secure configuration templates, encryption, firewalls, patch management, and detailed audit logging.
Get Certified
Cloud App and Config certification is handled through the Alliance's authorized labs.