Shujinko and JupiterOne have some nice free tools. Vanta and Tugboat also not sure if free. Hyperproof is great too!
Some have example policy templates but if not you can typically find them online free (try comply-dm I think is open source) or very cheap for a bunch of templates.
However - the problem isn't the one time effort of putting all the documentation together, the problem is actually LIVING by the rules you define. That's a lot of work if you don't automate. Automate everything or die :)
check out for instance Cloud Custodian - open source/free.
AWS and Azure both have tools to automate security checks and configuration - AWS Config and Audit Manager both have SOC2 templates (but note those are only looking at the controls in the shared responsibility that are cloud specific - SOC2 needs more than that (HR, BCP/DRP, risk assessment, incident response, etc etc)
Lots of kubernetes tools that configure and check controls.
Have fun! Compliance is a lifestyle not a project!
------------------------------
Robert Ficcaglia
CTO
SunStone Secure, LLC
------------------------------
Original Message:
Sent: Jul 16, 2021 09:40:12 AM
From: Saravanan Rajan
Subject: SOC 2 Compliance framework
Is there a SOC 2 control list available that I can use to validate against our cloud setup. I'm looking to map specific AWS config rules against the SOC 2 controls to automate the compliance.
Thanks
Saran
------------------------------
Saravanan Rajan
CTO
COSI Consulting
------------------------------