AWS Public Sector Blog

Category: Security, Identity, & Compliance

blue check mark encircled on dark blue computer background

Using AWS for compliance with Internal Revenue Service (IRS) Publication 1075

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies, agents, and contractors that access Federal Tax Information (FTI), to make sure they use policies, practices, controls, and safeguards to protect FTI confidentiality and integrity of FTI throughout its lifecycle. Safeguarding FTI is critical to agencies that receive, process, store or transmit FTI. AWS and AWS Partner programs enable agencies to protect FTI and the confidential relationship between the taxpayer and the IRS.

Read More
Encryption in transit for public sector

Encryption-in-transit for public sector workloads with AWS Nitro Enclaves and AWS Certificate Manager

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.

Read More
laptop closing

Building your Cybersecurity Maturity Model Certification (CMMC) strategy using cloud technologies

The U.S. Department of Defense (DoD) released an interim rule, the Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041), which includes NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) assessment methodology and requirements. Organizations have been planning for CMMC, and with the release of this interim rule, are now beginning to prepare and build strategy for CMMC compliance. Learn how you can build your CMMC strategy using cloud technologies.

Read More
AWS Compliance Week 2020

Accelerate cloud compliance for sensitive and regulated workloads: Register for AWS Compliance Week

If you are a technology professional looking to understand how cloud security adheres to compliance requirements, attend our AWS Compliance Week webinar series on November 2-6. You will learn how to architect compliant, multi-region cloud environments, establish agile governance for regulated workloads, and use new AWS solutions to help accelerate compliance. Hear government and industry perspectives on achieving high compliance from the General Services Administration’s FedRAMP program management office, and customers Maxar, Salesforce, and Coalfire.

Read More
laptop in dark with code on screen; Photo by Markus Spiske on Unsplash

Remote workforce, web portal, and DevSecOps: Three focus areas for cybersecurity

According to the 2020 Deloitte-NASCIO Cybersecurity Study for state governments, 54 percent of states are not confident in their ability to protect emerging technology. Traditional cybersecurity approaches can result in singularly focused solutions that don’t provide holistic protection. It can also inhibit an organizations’ ability to monitor and respond to security threats in real time. As more organizations shift to cloud-based workloads, security mechanisms and components need to be developed and integrated using a Security by Design (SbD) approach. Our AWS Partners have developed pre-configured security solutions, which allow customers to deploy applications using SbD strategies and also use AWS security solutions to ensure continuous security alignment. 

Read More
IDC whitepaper: How government agencies meet security and compliance requirements with the cloud

New IDC whitepaper released: How government agencies meet security and compliance requirements with the cloud

A new IDC whitepaper, sponsored by AWS, “How Government Agencies Meet Security and Compliance Requirements in the Cloud” examines why federal agencies are moving more systems and information to the cloud as a launching point for agency-wide IT modernization. The paper shares executive, legislative, and other government-wide initiatives influencing agencies to accelerate their cloud adoption plans, risks IT leaders face by delaying cloud migrations, and how secure, compliant cloud environments help agencies achieve compliance and security for their sensitive workloads.

Read More
Stockholm at night

Announcing AWS ClearStart for Swedish public sector to accelerate security and regulatory compliance

To help our public sector customers in Sweden accelerate their journey to the cloud, we are launching the AWS ClearStart program. AWS ClearStart helps organizations meet security and regulatory needs through a set of guides, trainings, technology tools, and cloud computing experts to simplify the process of complying with Swedish and EU regulations, including the Public Access to Information and Secrecy Act (OSL) and General Data Protection Regulation (GDPR), as well as with international information security standards, such as ISO/IEC27001.

Read More
exterior shot of government building with columns, looking up sun behind

Introducing Security Solutions for Government Workloads from AWS Partners

Government agencies and public sector organizations need rapidly deployable and dependable security solutions to support their missions. In response to this need, AWS launched the Security Solutions for Government Workloads initiative under the Authority to Operate (ATO) on AWS Program. This initiative works with AWS Public Sector Partners, members of the AWS Partner Network (APN), to develop security solutions designed to meet the unique security and compliance requirements of public sector workloads.

Read More
Self-Service Security Assessment with ransomware analysis modules

Assess your security posture to identify and remediate security gaps susceptible to ransomware

As government agencies and public sector organizations modernize their IT and migrate to the AWS Cloud, the ability to gain a full, clear view of the security of their environments is a primary challenge they experience. This lack of visibility leads to blind spots and gaps in their security posture, leaving opportunity for security issues to arise. As a result, AWS developed a new open source Self-Service Security Assessment (with ransomware analysis modules) tool that provides customers with a point-in-time assessment to quickly gain valuable insights into the security posture of their AWS account.

Read More
Security

Top sessions on security for the public sector from AWS re:Inforce 2019

Until we can meet again, we’ve curated a collection of the top AWS re:Inforce 2019 sessions for security and compliance professionals in the public sector. These sessions answer the compliance questions you were afraid to ask, share ways to harness diversity in your security organization, explore how AWS security services can help encrypt data, manage security alerts, and automate compliance.

Read More