AWS Policy Packs
Policy Packs guarantee compliance across existing infrastructure for a given cloud provider like AWS. Policy Packs are based on sets of rules/benchmarks provided by security organizations like the Center for Internet Security with the objective of keeping your infrastructure up-to-date with industry security standards. Once you have added a policy pack using the cg policy add command, (i.e. cg policy add aws-cis-1.2.0) each time you run a scan CloudGraph will automatically execute all your configured policies. Those results will be stored at Dgraph and linked to your existing resources, making it easy to query your compliance results alongside your resources.