Continuous, read-only AWS security scanning aligned with CIS, with SOC 2 & PCI-DSS control mappings and drift alerts.
