June 19, 2023
A System and Organization Controls (SOC) 2 examination attests that your organization is compliant with the criteria laid out by the Association of International Certified Professional Accountants (AICPA). The Common Criteria used in a SOC 2 examination cover a variety of system controls that ensure that your organization is operating with best practices to protect the customer data you process and prevent cyberattacks. One way to mitigate cybersecurity risks is to safeguard the Amazon Web Services (AWS) root account.
What is an AWS Root Account?
An AWS root user is a user identity that has complete access to all AWS services and information within the account. The root account is automatically set up when an AWS account is created, and it can be accessed by signing in with the email address and password that was used to create the AWS account. A root account can control everything in the cloud instance, so its usage should be both limited and monitored.
AWS Root Account and SOC 2
As a part of the SOC 2 process, an organization is required to implement logical security controls and monitor them for effectiveness. To protect against cyberattacks on a root account, an organization can follow some best practices to reduce vulnerabilities:
By following the best practices above, your organization is one step closer to becoming SOC 2 compliant.
Helping You Get There…
To learn more about the AWS root account, security controls, or our SOC 2 reporting services, connect with a member of Boulay’s Risk Advisory Team today. We’re dedicated to helping you get there.
Input your search keywords and press Enter.