How It Works

Problem framing, evidence flow, supported control coverage, and current limitations

Deterministic evidence mapping active
Checking workspace

THE PROBLEM

Cloud misconfigurations are now responsible for 23% of all cloud security incidents, with 82% of those caused by human error, not software flaws. Infrastructure-as-Code templates contain misconfigurations in over 60% of reviewed deployments, meaning the problem starts before anything is even deployed. In Saudi Arabia specifically, exploitation of weak cloud security and admin access controls led to major data exposures throughout 2025, with critical sectors including government, finance, and healthcare repeatedly targeted. NCA ECC and CCC frameworks exist to address this. Most organizations struggle to prove they actually meet them.

HOW IT WORKS

Artifacts are uploaded directly — Terraform files, IAM policies, Kubernetes manifests. The parser extracts structured AWS resource configurations. The normalizer builds a correlated inventory across all uploaded files. The control engine evaluates each resource against NCA ECC-aligned controls, checking evidence sufficiency and contradictions explicitly. A weighted readiness score reflects the current evidence state. A prioritized remediation queue surfaces the gaps that matter most. The final report exports as audit-ready HTML or JSON.

CrowINT Evidence pipeline

WHAT IT CATCHES

1- ECC-EN-01 AWS S3 storage encryption at rest CCC | Public exposure

2- CCC-PEX-01 AWS S3 public access restriction evidence ECC | Backup evidence

3- ECC-BKP-01 AWS S3 recoverability and versioning evidence ECC | IAM / access control

4- ECC-IAM-01 AWS IAM least-privilege and scoped permission evidence ECC | IAM / access control

5- ECC-IAM-02 AWS IAM wildcard and administrative permission prevention ECC | IAM / access control

6- ECC-IAM-03 AWS IAM trust relationship restriction evidence ECC | IAM / access control

7- ECC-IAM-04 AWS IAM condition-based restriction evidence ECC | IAM / access control

8- ECC-IAM-05 AWS IAM access policy attachment granularity evidence ECC | Logging / monitoring

9- ECC-LOG-01 AWS audit logging enabled evidence ECC | Logging / monitoring

10- ECC-LOG-02 AWS log retention and monitoring-support evidence

LIMITATIONS

CrowINT-Evidence is an artifact-based evidence engine, not a live cloud scanner. It evaluates what you upload — Terraform, IAM policies, Kubernetes manifests — against a focused NCA ECC-aligned control corpus. It does not query live AWS environments, simulate effective permissions, or cover the full ECC/CCC framework. Control coverage is intentionally scoped to storage protection, IAM hardening, audit logging, and public exposure for this version. Absence of evidence in CrowINT-Evidence never means compliant.