Which compliance frameworks require ensure organizations has scps enforcing regional restrictions?

This security check is required by the following compliance frameworks: GDPR, Data Residency, Compliance.

MEDIUM

Ensure Organizations has SCPs enforcing regional restrictions

SCPs can restrict AWS service usage to approved regions, helping meet data residency requirements and reducing attack surface.

Security Impact

Without regional restrictions, resources can be created in unapproved regions, violating data residency compliance.

How to Remediate

Create SCPs that deny actions in non-approved regions using aws:RequestedRegion condition. Allow global services (IAM, CloudFront, Route53).

Affected Resources

AWS::Organizations::Policy

Compliance Frameworks

GDPRData ResidencyCompliance

How TigerGate Helps

TigerGate continuously monitors your AWS environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

Continuous Scanning
Automatically scans all AWS Organizations resources across your AWS accounts every hour
Instant Alerts
Get notified via Slack, email, or webhooks when this misconfiguration is detected
One-Click Remediation
Fix this issue directly from the TigerGate dashboard with our guided remediation
Compliance Evidence
Automatically collect audit evidence for GDPR, Data Residency, Compliance compliance
Drift Detection
Get alerted if this configuration drifts back to an insecure state after remediation