Announcing New Compliance Packs for CIS, NIST, and PCI DSS
Posted on
Achieving compliance with industry standards like CIS, NIST, or PCI DSS is a foundational step for any organization, but it’s often a manual, months-long process of interpreting controls and writing policies from scratch. This is a major roadblock to getting your cloud environment into a known, secure state.
Today, we’re changing that. We’re excited to launch a new suite of pre-built compliance policy packs for CIS Controls v8.1, NIST SP 800-53 Rev. 5, and PCI DSS v4.0. These packs are your accelerator for the “Get Clean” journey, allowing you to enforce critical security and compliance baselines across your cloud infrastructure in minutes, not months.
More Than Just Detection: The Complete Governance Lifecycle
Traditional security tools are reactive, scanning for problems after resources have been deployed. With Pulumi, these new compliance packs are the engine for an end-to-end governance lifecycle that integrates directly into your cloud operations.
- Audit for Full Coverage: Run these packs in audit mode to scan your entire cloud estate, including resources managed by Pulumi and those created through other means. This gives you an instant, comprehensive view of your current compliance posture.
- Triage and Remediate: When a pack finds a violation, the finding appears in the new Policy Findings hub. From there, your team can triage, assign, and track the issue through its entire lifecycle. And with our new AI-powered capabilities, you can assign the issue to Pulumi Neo to automatically generate a pull request with the fix.
- Prevent Non-Compliance: Once your environment is clean, you use these same packs as preventative guardrails. By running them during
pulumi up, you block non-compliant resources before they are ever created, ensuring you “Stay Clean.”
This tri-modal capability—Audit, Remediate, and Prevent—is uniquely powerful, allowing you to fix existing issues while stopping new ones from being introduced.
New and Expanded Compliance Packs
Our new policy packs provide extensive, out-of-the-box coverage for some of the most widely adopted security frameworks. They are authored and maintained by Pulumi experts and join our existing library to provide a comprehensive toolkit for cloud governance.
| Framework | AWS | Azure | Google Cloud |
|---|---|---|---|
| CIS Controls v8.1 | ✅ | ✅ | ✅ |
| NIST SP 800-53 Rev. 5 | ✅ | ||
| PCI DSS v4.0 | ✅ | ||
| HITRUST CSF v11.5 | ✅ | ✅ | ✅ |
| Pulumi Best Practices | ✅ | ✅ | ✅ |
Benefits of Pre-Built Packs
- Accelerate Compliance: Implement comprehensive governance controls in minutes without authoring hundreds of policies from scratch.
- Leverage Expert Knowledge: Packs are authored and maintained by Pulumi, incorporating deep expertise in cloud and the nuances of each framework.
- Codify Controls for Audits: Demonstrate to auditors that specific compliance controls are consistently enforced through code, providing a clear evidence trail.
- Reduce Risk Proactively: Catch common security risks and compliance violations before deployment, drastically reducing your organization’s exposure.
Get Started Today
These policy packs are available now and are the perfect way to begin your governance journey with Pulumi.
To get started, head to the Policies page in your Pulumi Cloud organization and click on the All tab to find these new packs. Add them to an Audit Policy Group and run a scan. Within minutes, you’ll see a complete picture of your compliance posture in the Policy Findings hub, ready for triage and remediation.
Need a compliance pack for a standard that isn’t listed here? Please let us know by raising a request on our github repository.
