AWS Blog

New AWS Enterprise Accelerator – Standardized Architecture for NIST 800-53 on the AWS Cloud

by Jeff Barr | on | in Quick Start, Security | | Comments

In the early days of AWS, customers were happy to simply learn about the cloud and its benefits. As they started to learn more, the conversation shifted. It went from “what is the cloud” to “what kinds of security does the cloud offer” to “”how can I use the cloud” over the course of just 6 or 7 years. As the industry begins to mature, enterprise and government customers are now interested in putting the cloud to use in a form that complies with applicable standards and recommendations.

For example, National Institute of Standards and Technology (NIST) Special Publication 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) defines a set of information and security controls that are designed to make systems more resilient to many different types of threats. This document is accompanied by a set of certifications, accreditations, and compliance processes.

New Compliance Offerings
In order to simplify the task of building a system that is in accord with compliance standards of this type, we will be publishing a series of AWS Enterprise Accelerator – Compliance Quick Starts. These documents and CloudFormation templates are designed to help Managed Service Organizations, cloud provisioning teams, developers, integrators, and information system security officers.

The new AWS Enterprise Accelerator – Compliance: Standardized Architecture for NIST 800-53 on the AWS Cloud is our first offering in this series!

The accelerator contains a set of nested CloudFormation templates. Deploying the top-level template takes about 30 minutes and creates all of the necessary AWS resources. The resources include three Virtual Private Clouds (VPCs)—Management, Development, and Production—suitable for running a multi-tier Linux-based application.

The template also creates the necessary IAM roles and custom policies, VPC security groups, and the like. It launches EC2 instances and sets up an encrypted, Multi-AZ MySQL database (using Amazon Relational Database Service (RDS)) in the Development and Production VPCs.

The architecture defined by this template makes use AWS best practices for security and availability including the use of a Multi-AZ architecture, isolation of instances between public and private subnets, monitoring & logging, database backup, and encryption.

You also have direct access to the templates. You can download them, customize them, and extract interesting elements for use in other projects.

You can also add the templates for this Quick Start to the AWS Service Catalog as portfolios or as products. This will allow you to institute a centrally managed model, and will help you to support consistent governance, security, and compliance.