Compliance is a derivative of overall security. A compliant environment is generally a secure one, because it adheres to best practices governing the use, maintenance, and operation of a given dataset or environment. In order to achieve compliance, administrators need to provide documentation, audit trails, and demonstrate operational controls to third-party auditing parties that certify compliance. In a cloud environment, the segregation of duties between the cloud provider and the cloud consumer for security mean that the two organizations need to work together to achieve compliance. Cloud providers do this by providing automated tools to access and generate compliance reports for the cloud providers' portion of the security model. AWS's Artifact tool, Microsoft Trust Center, and Google's Cloud Compliance page provide easy-to-access portals for viewing and downloading copies of different compliance attestations. These include a large and growing list of compliance reports, such as ISO 27001 Security Management Standard, ISO 27017 Cloud Specific Controls, PCI DSS Payment Card Industry Data Security Standard, SOC 1 Audit Controls Report, SOC 2 Compliance Controls Report, SOC 3 General Controls Report, ITAR International Traffic in Arms Regulation, various country-specific Personal Privacy Acts, FFIEC Federal Financial Institutions Examinations Council, CSA Cloud Security Alliance controls, CJIS Criminal Justice Information Services, and many others.