Posted On: Feb 14, 2022

Today, Amazon Web Services (AWS) announced that AWS Single Sign-On (AWS SSO) has increased its alignment with customer compliance requirements for security and privacy. AWS SSO achieved Payment Card Industry – Data Security Standard (PCI DSS) compliance and is Information Security Registered Assessors Program (IRAP) assessed at the PROTECTED level. These are in addition to existing AWS SSO support for customer compliance with International Organization for Standardization (ISO), System and Organization Controls (SOC) 1, 2, and 3, Esquema Nacional de Seguridad (ENS) High, the Financial Market Supervisory Authority (FINMA) International Standard on Assurance Engagements (ISAE) 3000 Type 2 Report requirements, and Multi-Tier Cloud Security (MTCS). As a result, customers have more opportunities to simplify multi-account access management and application authentication for environments that are subject to compliance standards.

AWS SSO is where customers create, or connect, workforce identities and manage their access centrally across AWS accounts and applications. The new validations mean that customers can now consider AWS SSO for sign-in and access management to AWS workloads and applications that store, process, or transmit cardholder data (CHD), sensitive authentication data (SAD), or Australian Government PROTECTED data.

To learn more about AWS SSO, visit the AWS Single Sign-On web page, the AWS Region Availability pages, and the AWS GovCloud (US) page. To track the evolution of services in scope by compliance program visit AWS Services in Scope by Compliance Program.