Obok is now a product of Visit InBest website

Cloud Compliance Assessment hero banner

Cloud Compliance Assessment

Continuous evaluation of your cloud infrastructure compliance against the leading global security frameworks on AWS, Azure, and GCP with an AI-assisted remediation roadmap.

Contact us

57

Benchmarks covered across all three clouds

3

Cloud providers: AWS · Azure · GCP

12+

Global regulatory frameworks

4

Obok support phases

What is Obok's Compliance Assessment?

What is Obok's Compliance Assessment?

Obok runs automated assessments of a client's cloud infrastructure, comparing its current configuration against the most relevant security benchmarks in the industry. The result is a compliance status report with prioritized findings, regulatory context, and a concrete action plan, supported by Obok's team of specialists and in-house AI models.

Key differentiator:

Unlike tools that only deliver raw findings, Obok combines multi-cloud coverage of the industry's most demanding benchmarks with human guidance and artificial intelligence to turn results into concrete business actions.

Benchmarks evaluated by provider

Obok covers all security frameworks and benchmarks available across the three major public cloud providers, from global standards to sector-specific and regional regulations.

Amazon Web Services

28

benchmarks available

CIS v1.2–v6.0PCI DSS v3/v4HIPAANIST 800-53NIST CSF v2FedRAMPSOC 2GDPRFFIEC+more
Microsoft Azure

16

benchmarks available

CIS v1.3–v5.0HIPAA HITRUSTFedRAMP HighNIST 800-53NIST CSF v2PCI DSSRBI NBFC+more
Google Cloud Platform

13

benchmarks available

CIS v1.2–v4.0PCI DSS v3.2.1HIPAANIST 800-53NIST CSF v2SOC2 2017Forseti SecurityCFT Scorecard

We cover every major cloud platform

AWS, Azure, and GCP, all evaluated against the same rigorous security standards.

Amazon Web Services · 28 benchmarks
Benchmark
Sector / Applicability
Priority
AWS CIS v6.0.0
Multi-industry
Current
AWS PCI DSS v4.0
Payments
Critical
AWS PCI DSS v3.2.1
Payments
Legacy
AWS HIPAA Final Omnibus 2013
Health (USA)
Critical
AWS HIPAA Security Rule 2003
Health (USA)
High Priority
AWS NIST 800-53 Revision 5
Government / General
Critical
AWS NIST CSF v2.0
Multi-industry
High Priority
AWS NIST 800-171 Revision 2
Defense / CUI
High Priority
AWS NIST 800-172
Defense / Advanced CUI
High Priority
AWS NIST 800-53 Revision 4
Government / General
Legacy
AWS NIST CSF v1.1
Multi-industry
Legacy
AWS FedRAMP Moderate Rev 4
Government USA
High Priority
AWS FedRAMP Low Rev 4
Government USA
Standard
AWS SOC 2
Service providers
High Priority
AWS GDPR
Europe / Global
High Priority
AWS FFIEC
Banking USA
High Priority
AWS NYDFS 23
Finance New York
Regional
AWS CIS Controls v8 IG1
Multi-industry
Standard
AWS Foundational Security Best Practices
AWS native
Standard
AWS Audit Manager Control Tower
AWS multi-account
Standard
AWS CISA Cyber Essentials
SMBs / Baseline
Standard
AWS ACSC Essential Eight
Australia
Regional
AWS GxP 21 CFR Part 11
Pharma USA (FDA)
Sectorial
AWS GxP EU Annex 11
Pharma Europe (EMA)
Sectorial
AWS RBI Cyber Security Framework
Banking India
Regional
AWS RBI ITF-NBFC
NBFC India
Regional
AWS CIS v1.2 · v1.3 · v1.4 · v1.5 · v2.0 · v3.0 · v4.0 · v5.0
Multi-industry (history)
Legacy
Microsoft Azure · 16 benchmarks
Benchmark
Sector / Applicability
Priority
Azure CIS v5.0.0
Multi-industry
Current
Azure CIS v4.0.0
Multi-industry
Standard
Azure CIS v3.0.0
Multi-industry
Standard
Azure FedRAMP High
Government USA (high impact)
Critical
Azure HIPAA HITRUST 9.2
Health (USA)
Critical
Azure NIST SP 800-53 Revision 5
Government / General
High Priority
Azure NIST CSF v2.0
Multi-industry
High Priority
Azure NIST SP 800-171 Revision 2
Defense / CUI
High Priority
Azure PCI DSS 3.2.1
Payments
Legacy
Azure RBI ITF NBFC
NBFC India
Regional
Azure CIS v1.3 · v1.4 · v1.5 · v2.0 · v2.1
Multi-industry (history)
Legacy
Google Cloud Platform · 13 benchmarks
Benchmark
Sector / Applicability
Priority
GCP CIS v4.0.0
Multi-industry
Current
GCP PCI DSS v3.2.1
Payments
High Priority
GCP HIPAA
Health (USA)
Critical
GCP NIST 800-53 Revision 5
Government / General
High Priority
GCP NIST CSF v2.0
Multi-industry
High Priority
GCP NIST CSF v1.0
Multi-industry
Legacy
GCP SOC2 2017
Service providers
Standard
GCP Forseti Security v2.26.0
GCP native
Standard
GCP CFT Scorecard v1
GCP Cloud Foundation
Standard
GCP CIS v1.2 · v1.3 · v2.0 · v3.0
Multi-industry (history)
Legacy

Meet your regulatory requirements

Findings remediation roadmap

Obok doesn't just deliver a report. It accompanies the client through the entire remediation lifecycle, from the initial assessment to continuous compliance validation.

Week 1–2

Discovery & Assessment

Automated assessment executed on the client's cloud infrastructure. Obok connects to provider APIs to evaluate each control against the selected benchmarks. An initial compliance baseline is generated with findings classified by severity and regulatory framework.

Initial findings report Compliance score per cloud Findings classified by severity Map of applicable benchmarks

Week 2–3

Prioritization & Action Plan

Obok's team analyzes findings in the client's context, including industry, applicable regulations, and risk exposure, then generates a prioritized remediation plan. Obok's AI models correlate findings across clouds, identify systemic patterns, and suggest the optimal order of attention considering effort vs. compliance impact.

Prioritized remediation plan Effort vs. impact analysis Cross-cloud findings correlation Obok AI Insights

Weeks 3–8 (variable)

Assisted Remediation

Technical support throughout remediation execution. Obok's team provides implementation guides specific to each finding, with concrete steps via console, CLI, or IaC depending on the client's context. AI models generate corrective configuration templates and validate that remediations don't introduce new risks.

Implementation guides per finding Remediation templates (AI) Obok team technical support Remediation validation Reusable runbooks

Ongoing · Monthly

Continuous Monitoring & Executive Report

Once critical findings are addressed, Obok maintains continuous compliance monitoring. Any new configuration, resource, or infrastructure change is evaluated automatically. Obok's executive dashboard shows real-time compliance scores and generates reports for audits.

Real-time compliance dashboard Regression alerts Monthly executive report Audit-ready evidence

AI models developed by the Obok team

The AI models integrated into Obok power every phase of the assessment, from identifying patterns to generating contextualized remediations for the client's environment.

Cross-cloud findings correlation

Identifies common misconfiguration patterns appearing simultaneously in AWS, Azure, and GCP, often derived from the same root cause, and groups them for unified remediation.

Intelligent risk prioritization

Beyond technical severity, the model weighs the client's context, including industry, applicable regulations, and public resource exposure, to reorder finding remediation priority.

Contextualized remediation generation

For each finding, the model generates remediation guides adapted to the client's tech stack, available in console, AWS CLI, Azure CLI, Terraform, or Pulumi depending on the declared context.

Automatic executive narrative

Translates technical findings into business language. Generates a compliance executive summary ready to present to a CTO, CFO, or Board, without requiring manual technical team intervention.

Is your cloud secure?

Obok's cloud threat review quickly enables you to determine how to protect your cloud environment with a free assessment.