Auditing Cloud with CIS Benchmarks When to Use - When performing initial security audits of cloud environments against industry-standard benchmarks - When preparing for SOC 2, ISO 27001, or regulatory audits that reference CIS controls - When establishing a measurable security baseline for new cloud accounts or subscriptions - When tracking compliance improvement over time with periodic reassessment - When evaluating the security posture of acquired or inherited cloud environments Do not use for runtime threat detection (see detecting-cloud-threats-with-guardduty), for application-level secur…