ARCO Governance Docs

AWS readiness documentation

Back to docs
Scanning
7 min read3 sections

What ARCO scans

Understand the signals ARCO reads from AWS and how those signals become findings, framework gaps, and readiness states.

01

AWS posture checks

Scans inspect configuration signals across supported AWS services and surface findings related to logging, encryption, identity, network exposure, and monitoring.

IAM and access signals.
CloudTrail and logging coverage.
Encryption posture.
Public exposure and network risk checks.
02

Framework mapping

Checks are mapped into SOC 2, HIPAA, and PCI DSS readiness views so teams can explain why a finding matters.

SOC 2 readiness support.
HIPAA security readiness support.
PCI DSS cloud posture support.
03

Readiness states

No AWS account or no scan means awaiting first scan. ARCO Governance avoids fake readiness claims when there is no source signal.

Awaiting first scan.
Not evaluated.
Needs attention.
Evidence connected.

Related guides

AWS onboarding

Connect AWS with CloudFormation, Terraform, or a manual IAM role setup.

Read guide

Reports and readiness

Understand readiness views, report types, exports, and plan limits.

Read guide

Pricing and plans

Compare Starter, Growth, Scale, scan limits, export limits, and evidence ZIP availability.

Read guide