Overview

Scrut connects to one or more AWS accounts to automatically collect metadata on infrastructure, IAM policies, encryption, logging, and more. This data is stored as immutable, timestamped evidence and mapped to security and compliance controls. Only configuration-level metadata is accessed, as Scrut does not ingest application data or customer workloads.

Why Connect

• Provide auditors with proof of IAM, logging, and encryption without manual exports.
• Surface misconfigurations tied to compliance gaps so teams can remediate before findings.
• Maintain timestamped records to show continuous cloud control operation.

Supported Automated Tests

Scrut provides pre-built automated tests for Amazon Web Services. Here are a few examples of Scrut’s AWS tests:

• Access reviews completed for all in-scope applications
• AWS accounts associated with users
• AWS accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Amazon Web Services. Here are a few examples of Scrut’s AWS-driven evidences that can be collected:

• Acceptable Network Locations
• Automatic Capacity and Performance Monitoring Configuration
• Capacity Monitoring Reports & Management Review
• Firewall Rule Review
• Network traffic restrictions for database (security group)
• Offboarding - Logical Access & Physical Access Revocation
• Password Management - Password Configuration for All In-Scope Applications and Infrastructure
• Reports of User Access Reviews
• Report of Vulnerability Scan and Remediation Status
• User Access Approval list to Application, Infrastructure and Service
• VAPT (Vulnerability Assessment & Penetration Testing) reports