AWS Partner Network (APN) Blog

Introducing AWS Level 1 MSSP Competency Specialization Categories

By Brian Mendenhall, WW Sr. Practice Lead, MSSP – AWS
By Roy Stephen, Global Tech Lead, Security – AWS

By Christin Voytko, APN Launch Manager – AWS

In some organizations, the lack of people, processes, and in-house security expertise can be a challenge to cloud migration and workflow optimization.

In 2021, the AWS Partner Network (APN) launched the AWS Level 1 MSSP Competency to provide a baseline standard when selecting a managed security service provider (MSSP). Partners in this Competency provide turn-key threat detection and remediation solutions to companies looking to secure workloads in the cloud.

The AWS Level 1 MSSP Competency makes it easy for customers to quickly find validated solution providers qualified to deliver solutions that have been uniquely designed for cloud environments. As the threat landscape has evolved, so has the need to differentiate specific capabilities within the Level 1 MSSP Competency.

We are excited to announce specialization categories for the AWS Level 1 MSSP Competency. These categories help customers find the ideal solution provider based on the specific managed security need they are facing.

Partners with one or more AWS Level 1 MSSP specializations work closely with specialized Amazon Web Services (AWS) security experts to develop solutions that operationalize security tools, skill sets, and process leveraging supporting tools. Many solutions add value on native AWS security services such as AWS Security Hub and Amazon GuardDuty; AWS solutions implementations; and third-party software products from AWS Security Competency Partners.


NEW! AWS Level 1 MSSP Competency Specialization Categories

Modern Compute

Managed container workload security event monitoring and response services that includes continuous container image vulnerability scanning for operating system (OS) and programming language vulnerabilities, detection of container threats such as clusters access by known malicious actors or Tor nodes, and patch management.

Identity Behavior Monitoring

Identity behavior monitoring includes the ability to identify and respond to threats and events from identity services running in AWS. This includes anomalous access behavior, multi-factor authentication (MFA), secrets management, adaptive authentication, single sign-on (SSO), AWS-supported identity provider, privilege access management (PAM), identity federation, and identity governance and administration (IGA).

Managed Application Security Testing

Managed application security testing covers the ability of the partner to provide an initial solution and ongoing managed services for detecting and responding to security events in code pipelines and applications. This includes code reviews and application development, runtime application and self-protection (RASP), penetration testing, managed pipeline scanning service, dynamic code analysis, and static code analysis.

Data Privacy Event Management

Data privacy event management covers the ability of partners to provide solutions and ongoing managed services that monitor for security events. This includes events triggered by discovery of sensitive data in unintended locations of the customers’ AWS environment(s), encryption key and certificate management, malware-infected files, and unintended transmission of sensitive data.

Digital Forensics Incident Response

Digital forensics incident response includes the ability of partners to provide timely support to incident responders, leveraging the telemetry and data collected by partners as part of their managed security services delivered to customers in AWS.

Business Continuity and Ransomware Readiness

Business continuity and ransomware readiness covers the ability of partners to provide and/or manage an existing business continuity solution, including documented processes/workflow for AWS environment(s) to recover from an interruption such as a mass encryption event (ransomware).

AWS Level 1 MSSP Competency Specialization Launch Partners

The six new specialization categories build upon the foundational Level 1 MSSP requirements and are: Business Continuity and Ransomware Readiness; Data Privacy Event Management; Digital Forensics Incident Response; Identity Behavior Monitoring; Managed Application Security Testing; and Modern Compute.

We invite you to explore the following Level 1 MSSP Partner offerings recommended by AWS:


Accenture | Secure Cloud Foundation – Central Network

Digital Forensics Incident Response

The Accenture Managed Secure Cloud Foundation (SCF) integrates with AWS Control Tower to incorporate multi-account, AWS-native security, central networking, and guardrail controls into a DevOps pipeline that integrate into an MDR platform.

Arctic Wolf | Arctic Wolf Security Operations Platform

Digital Forensics Incident Response

All Arctic Wolf solutions were developed in collaboration with AWS. The collaboration ensures Arctic Wolf technology, processes, and services fully utilize AWS advanced computing, storage, networking, and more. Together, we deliver a fully managed service designed to protect and monitor your essential AWS resources.

Capgemini | AWS Level 1 MSSP by Capgemini

Modern Compute, Managed Application Security Testing

As an AWS Level 1 MSSP, Capgemini worked with AWS experts to develop the right managed security service specializations. Capgemini can protect and monitor essential AWS resources, delivered to clients as a fully managed service.

Deepwatch | Cloud SecOps Platform

Modern Compute

Deepwatch combines best-of-breed SOC technologies, AWS services, and a high-touch Squad delivery model to address AWS security best practices, resource visibility, infrastructure vulnerability, and 24/7 managed detection and response for AWS customers.

Deloitte | Deloitte Cyber Cloud Managed Services (Cyber CMS) for AWS

Ransomware Readiness, Digital Forensics Incident Response

Deloitte Cyber CMS can help accelerate your journey on the AWS Cloud with a cloud security managed service that provides 24/7 security protection and monitoring of essential resources, enabling you to develop at the speed of your innovation.

DXC Technology | DXC Technology Managed Security Services and Consulting

Identity Behavior Monitoring, Level 1 Managed Security Services

DXC is committed to building and delivering a secure cloud environment to end customers. DXC has built a secure landing zone reference environment with zero trust architecture that includes modern applications using microservices for various industry use cases.

General Dynamics Information Technology (GDIT) | GDIT Cyber Stack

Modern Compute, Managed Application Security Testing, Data Privacy Event Management, Identity Behavior Monitoring, Business Continuity and Ransomware Readiness, Digital Forensics Incident Response

The GDIT Cyber Stack is a comprehensive modular ecosystem of cybersecurity capabilities that map to the secure cloud computing architecture. The ecosystem provides network security, endpoint security, security event analysis, credentials management, incident response ready, security assessment and threat intelligence.

Hitachi Vantara | REAN Cloud

Modern Compute, Data Privacy Event Management, Level 1 Managed Security Services

Hitachi Vantara delivers a comprehensive layered cloud management service that protects the organization from security threats, data loss, and costly downtime. Services include compliance advisory, security engineering, and security operations to secure and accelerate digital transformation.

Ibexlabs | L1 MSSP

Data Privacy Event Management, Identity Behavior Monitoring

Ibexlabs manages operational and security management of both the cloud infrastructure environment and the applications that run on it. Ibexlabs provides security expertise to quickly detect and respond to threats across on-premises and AWS cloud deployments.

IBM | X-Force Incident Response Retainer

Modern Compute, Managed Application Security Testing, Data Privacy Event Management, Identity Behavior Monitoring, Digital Forensics Incident Response

IBM delivers market-leading consulting and systems integration, offensive security, incident response, cloud security, and managed security services aligned to NIST CSF and AWS CAF to help you programmatically optimize enterprise security operations.

Proficio | Managed Detection and Response

Modern Compute

Proficio helps AWS users reduce their risk and meet security and compliance goals by delivering 24/7 security monitoring and incident alerting from global SOCs. Proficio provides both manual and automated response to quickly contain threats.

RedBear IT | Securing Modern Compute on AWS

Modern Compute

RedBear is a cloud cybersecurity company, providing consulting and managed security services. RedBear follows a security-first approach with customers, and its managed security service uses security automation for rapid and continuous response 24/7.

stackArmor | ThreatAlert ATO Acceleration

Modern Compute, Managed Application Security Testing, Data Privacy Event Management, Identity Behavior Monitoring, Business Continuity and Ransomware Readiness, Digital Forensics Incident Response, Level 1 Managed Security Services

stackArmor provides continuous monitoring and compliance with NIST SP 800-53 and CMMC-based requirements with timebound orchestration of management, remediation, and reporting activities. stackArmor’s cloud security and compliance experts operate a 24/7 continuous monitoring and support to help organization’s easily comply with their obligations. The services provided support the full-stack and includes application security through OWASP compliant web scanning, security operations including vulnerability scanning, logging, monitoring, and alerting.

Wipro | Cybersecurity and Risk Services

Modern Compute, Managed Application Security Testing

Wipro is a sought-out partner for cyber professionals and provides work on the leading edge of client business transformation and technology innovation.

Customers: Procure Level 1 Managed Security Services in AWS Marketplace

Customers can find specialized managed security services from AWS Level 1 MSSP Competency Partners on our website or in the AWS Marketplace MSSP solution area. For additional information, please see our brochure.

Partners: Join the AWS Level 1 MSSP Competency

Joining the AWS Level 1 MSSP Competency Program helps your organization differentiate and accelerate your AWS managed security business. Get started by reviewing APN Navigate for AWS Level 1 MSSP Competency.

The AWS Level 1 MSSP Competency Validation Checklist (login required) provides the criteria necessary to achieve this AWS Competency designation. AWS Level 1 MSSP Competency Partners receive added benefits in addition to AWS Competency Benefits.