In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with customer mandates, security best practices, provides appropriate security features in those services, and documents how to use those features.
The AWS cloud infrastructure has been designed and managed in alignment with regulations, standards, and best-practices including:
For information regarding the Department of Defense Cloud Security Model, see the frequently asked questions.
Read more about AWS Compliance & Assurance Programs. Customers can immediately request access to the "Amazon Web Services - AWS GovCloud (US) Region" FedRAMP package by submitting a request on the Compliance Contact Us Request Form or by submitting a request through the FedRAMP Program Management Office.
Delivering a secure cloud computing platform involves implementing numerous best practices for on-premise infrastructure as well as a host of additional considerations unique to a hosted infrastructure environment. The Amazon Web Services: Overview of Security Processes whitepaper will provide background information and an overview of the AWS philosophy in offering a secure cloud computing platform.
Amazon Web Services strives to provide a robust and trustworthy platform for our customers. We take security very seriously and continually monitor our services for suspected attack. We also understand that security is a partnership between us and our customers. A critical phase of any secure application deployment involves testing applications for potential vulnerabilities.
Our Acceptable Use Policy describes permitted and prohibited behavior on AWS and includes descriptions of prohibited security violations and network abuse. However, because penetration testing frequently is indistinguishable from these activities, we have established a policy for customers to request permission to conduct penetration tests.
The Penetration Testing page will guide you through the penetration testing request form. You will need to login using your AWS standard root level account in order to fill out the request form.