AWS Cloud Operations Blog

Compliance and Auditing Sessions at AWS re:Inforce 2022

Today we’re going to highlight just some of the sessions planned for AWS re:Inforce 2022, which will take place in Boston, MA, on July 26-27. AWS re:Inforce is a learning conference focused on security, compliance, identity, and privacy. The event features access to hundreds of technical and business sessions, an AWS Partner expo hall, a keynote featuring AWS Security leadership, and more.

One of the content tracks at re:Inforce 2022 will cover Governance, Risk, and Compliance (GRC). In this post, I will highlight compliance and auditing sessions suitable for business users as well as builders and technical professionals. For the full catalog of all tracks, register or login if you’ve already registered.

High-Level Sessions

These sessions focus on some of the challenges and solutions customers often experience while building their compliance and auditing strategy.

GRC203 | Panel Discussion: Continuous compliance and auditing on AWS

In this session, AWS VP Nandini Ramani sits down with JPMorgan Chase & Co. CIO James (J.R.) Reid, John Deere BISO – Intelligent Solutions Group Carl Kubalsky, and Fannie Mae VP Information Security – Technology Management Nick Mistry to discuss their paths to success with compliance and auditing on AWS. Join this session to hear how they have used AWS Cloud Operations to make compliance and auditing easier and more efficient, and improved business outcomes.

GRC271 | Executive Security Simulation

The Executive Security Simulation takes senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like simulation, use an industry case study to make strategic security, risk, and compliance decisions and investments. Experience the impact of these investments and decisions on the critical aspects of your secure cloud adoption. Learn about the major success factors that impact security, risk, and compliance in the cloud and applicable decision and investment approaches to specific secure cloud adoption journeys.

GRC301 | We want the same things: Uniting compliance and engineering

Operating securely in the cloud depends on a variety of teams that must learn to work together. These teams include audit, compliance, engineering, and cloud enablement—teams that may not be aligned or may have competing priorities. In this session, learn common wants for these teams, ways to encourage cross-team collaboration, and, ultimately, how to move toward the same goal of operating securely.

GRC232 | Using AWS & partners to meet your HIPAA requirements

Healthcare organizations need to meet regulatory requirements quickly, especially after experiencing the impacts of COVID-19. In this session, learn how AWS is working with AWS Consulting Partners to achieve HIPAA compliance requirements with the help of services such as AWS Config and AWS Audit Manager. Learn how your partners are using these services to provide a seamless way to audit, detect and remediate workloads and build compliance-as-code solutions.

GRC334 | Shared Responsibility deep dive at the service level

Auditors and regulators often need assistance understanding which configuration settings and security responsibilities are in the company’s control. Depending on the service, the AWS shared responsibility model can vary, which can affect the process for meeting compliance goals. Join AWS subject-matter experts in this chalk talk for an in-depth discussion on the next wave of compliance activation for AWS customers. Explore the configurable security decisions that users have for each service and how you can map to AWS best practices and security controls.

GRC235 | Closing the cyber gaps in compliance frameworks with AWS

Many customers struggle with choosing between mitigating cyber risks and implementing technical controls. However, it is possible to do both. In this session, join AWS security experts to discuss the most topical industry standards (ISO 27001, NIST CSF), regulatory requirements and compliance obligations (including incident response and regulatory examinations). See how you can measure the impact of failing technical controls on your risk landscape, and understand how to bridge the gap between your organization and the first line of defense with AWS services.

GRC331 | Scaling the Possible: Digitizing the audit experience

Do you want to increase the speed and scale of your audits? As companies expand to new industries and markets, so too does the scale of regulatory compliance. AWS undergoes hundreds of audits in a year. In this session, hear from AWS experts as they digitize and automate the regulator/auditor experience. Walk through pre-audit educational training, self-service of control evidence and walk-through information, live chatting with an audit control owner, and virtual data center tours. This session discusses how innovation and digitization allows companies to build trust with regulators and auditors while reducing the level of effort for internal audit teams and compliance executives.

Deep Dive Sessions

These sessions are better for builders who are focused on the architecture, systems, and processes to meet compliance and auditing requirements.

GRC303 | Simplify compliance with AWS Cloud Operations

Maintaining and reporting compliance can be a complex, labor-intensive endeavor even in the simplest of environments. Add resources on premises and hybrid and that complexity is multiplied. In this session, learn how AWS Cloud Operations can help you simplify compliance across your IT landscape through automation of compliance rules, ITSM operations processes, data collection, and reporting.

GRC305 | Deliver multi-country migrations with compliance and data residency

Is it time for your IT solution to scale and go global? It is very likely to have compliance implications, such as new regulations, restrictions, or country requirements, that need to be considered before you make the move. In this session, learn about migration considerations and how to configure migrations with AWS Control Tower, invoking compliance guardrails in general and data residency controls in particular. Learn about the best practices of experts in newly emerging markets.

GRC402 | Deep dive into compliance and auditing at scale

This session dives deep with examples of how to deploy and manage large-scale compliance for some of the most common regulatory frameworks. Learn how to design automated controls and implement automation to simplify a compliance overview. Dive deep with examples of how to automate evidence collection for audits.

GRC351 | Implementing compliance as code on AWS

To manage compliance at the speed and scale the cloud requires, organizations need to implement automation and have an effective mechanism to manage it. In this builders’ session, learn how to implement compliance as code (CaC). CaC shares many of the same benefits as infrastructure as code: speed, automation, peer review, and audibility. Learn about defining controls with AWS Config rules, customizing those controls, using remediation actions, packaging and deploying with AWS Config conformance packs, and validating using a CI/CD pipeline.

GRC354 | Building remediation workflows to simplify compliance

Automation and simplification are key to manage compliance at scale. Remediation is one of the key elements of simplifying and managing risk. In this builders’ session, we will walk through creating a remediation workflow using AWS Config and Systems Manager Automation. Then, explore how the workflow can be deployed at scale and monitored with AWS Security Hub to oversee your entire organization.

GRC304 | Automating Security & Compliance with OSCAL

Security assessment documentation exports can be very time-consuming. In this session, learn how the National Institute of Science and Technology Open Security Controls Assessment Language (OSCAL) provides standardized, machine-readable representation in XML, JSON, and YAML formats for interoperable security automation documentation. Learn how AWS is working to implement OSCAL for our security documentation exports so that you can save time, increase accuracy, and build traceability when creating and maintaining ATO packages.

GRC371 | Automate your compliance and evidence collection with AWS

Automation and simplification are key to manage compliance at scale. Remediation is one of the key elements of simplifying and managing risk. In this workshop, we will walk through building a remediation workflow using AWS Config, AWS Audit Manager, and AWS Systems Manager and show how the workflow can be deployed at scale and then monitored with AWS Security Hub across the entire organization. Learn how you can set up a continuous collection process that not only establishes controls to enforce compliance but also automates the process of collecting evidence to avoid time-consuming, manual effort when preparing for audits.

If any of these sessions looks interesting to you, consider joining us in Boston by registering for AWS re:Inforce 2022. We look forward to seeing you there!

Author:

Valeria Lopez

Valeria is a Product Marketing Manager for AWS Cloud Operations, focused on Configuration, Compliance, and Auditing. Her experience also includes event and digital marketing. In her spare time, Valeria loves listening to good music, trying new foods, and visiting different cities.