AWS · Azure · GCP · OCI

Harden your cloud, control by control.

A hand-written, period-authentic reference for securing workloads across the four major cloud providers. Every page is self-contained static HTML — no build step, no framework, no JavaScript required to read a word of it. Controls are mapped to CIS, NIST SP 800-53 rev5, and ISO 27001/27017 with pinned benchmark versions.

Start with the General Guide Compliance Matrix

37Pages
4Cloud Providers
6Security Domains
3Compliance Frameworks

Choose your provider

Each provider section maps the cross-cutting principles onto concrete services and configuration primitives.

aws AWS IAM · Network · Data · Logging · Workloads · IR Azure Entra ID · NSGs · Key Vault · Defender · Sentinel GCP IAM · VPC SC · CMEK · SCC · Org Policy OCI OCI IAM Policies · NSGs · Vault · Cloud Guard · Audit

Six security domains, per provider

A consistent structure across every provider so you can navigate sideways — find the same control wherever you work.

Identity & Access Root MFA, least privilege, permission boundaries, access review. Network Segmentation, private endpoints, egress control, WAF & DDoS. Data Protection Encryption at rest, KMS key policy, public-access blocks, DLP. Logging & Detection Audit trails, flow logs, threat detection, alerting baselines. Workloads Instance metadata, image scanning, function least privilege, K8s. Incident Response Break-glass, evidence preservation, containment, forensics.

Provider sections also cover GenAI Security and Kubernetes hardening.

Built to be read, audited, and printed

Compliance-mapped

Every control carries a table mapping it to CIS Foundations Benchmarks, NIST SP 800-53 rev5, and ISO 27001/27017 — with pinned versions.

Copy-paste remediation

CLI and infrastructure-as-code fixes for each control, with one-click copy buttons — Terraform, CloudFormation, Bicep, and gcloud.

No JavaScript to read

Pure static HTML and CSS. It loads instantly, prints cleanly, survives in the Wayback Machine, and works with JavaScript switched off.