AWS Public Sector Blog

Category: Security, Identity, & Compliance

Self-Service Security Assessment with ransomware analysis modules

Assess your security posture to identify and remediate security gaps susceptible to ransomware

As government agencies and public sector organizations modernize their IT and migrate to the AWS Cloud, the ability to gain a full, clear view of the security of their environments is a primary challenge they experience. This lack of visibility leads to blind spots and gaps in their security posture, leaving opportunity for security issues to arise. As a result, AWS developed a new open source Self-Service Security Assessment (with ransomware analysis modules) tool that provides customers with a point-in-time assessment to quickly gain valuable insights into the security posture of their AWS account.

Read More
Security

Top sessions on security for the public sector from AWS re:Inforce 2019

Until we can meet again, we’ve curated a collection of the top AWS re:Inforce 2019 sessions for security and compliance professionals in the public sector. These sessions answer the compliance questions you were afraid to ask, share ways to harness diversity in your security organization, explore how AWS security services can help encrypt data, manage security alerts, and automate compliance.

Read More
FedRAMP workbook automation

Automating creation of a FedRAMP Integrated Inventory Workbook

Did you know AWS can help deliver an automated solution for creating the FedRAMP Integrated Inventory Workbook? This workbook needs to be updated and submitted to the FedRAMP Project Management Office (PMO) monthly for continuous monitoring. Automating this workbook saves manual work hours. Any customer going through the FedRAMP authorization process can leverage this workbook. Understand how to gather an inventory of AWS resources from AWS Config data to create the FedRAMP Integrated Inventory Workbook.

Read More
lock over computer chip

Delegated authentication using OAuth: A case study using Spotify and AWS

Cloud-based technologies allow organizations like governments to build a new application on existing services on the internet that offers open and documented APIs to deliver reliable data. These services have an authentication model so that new users verify their identity before accessing, even if it’s offered at no cost. There are three components in this scenario: a service provider, an end user, and an application that needs to access user data. The key technology here is OAuth. OAuth is a standard that enables access delegation.

Read More
zero trust architecture

How to think about Zero Trust architectures on AWS

Customers with stringent regulatory or risk-averse considerations may look to Zero Trust architectures to refactor legacy applications or deploy new ones. This blog will help you evaluate your application architecture against Zero Trust principles and use AWS to build secure and scalable architectures.

Read More
AWS Public Sector Summit 2019 security presentation screenshot

Security in the public sector: The why and how

Cloud security at AWS is the highest priority. AWS customers benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. We listen closely to our customers to offer both a secure cloud computing environment and innovative security services that satisfy the security and compliance needs of the most risk-sensitive organizations.

Read More
Canada flag outside waving in wind

AWS now able to provide Secure Cloud Services for the Government of Canada

The Government of Canada (GC) signed a framework agreement with AWS to provide Commercially Available Cloud Services for workloads up to the level of Protected B/Medium Integrity/Medium Availability (PBMM). Having a contract vehicle with a Cloud Service Provider (CSP) is a significant step forward in modernizing digital government for Canadians, and will further the Government of Canada’s Cloud and digital strategy. This contract is in addition to the procurement vehicle for unclassified data announced in 2018.

Read More
University in California exterior photo

AWS and CITE showcase commitment to student data privacy through the California AB 1584 Compliance Addendum

This month, Amazon Web Services (AWS) and California IT in Education (CITE, formerly CETPA) announced the new California AB 1584 Compliance Addendum, a contract addendum available to AWS customers in California that are required to affirm compliance with California Assembly Bill 1584 (AB 1584) in California Education Code Section 49073.1.

Read More

A Road to Identity Federation

A key aspect of cloud adoption is determining how identities will be managed. Typically, federal government customers want to use the same identities managed by their Identity Management System (IDMS) to access cloud resources. Federal agencies have their own well-managed, NIST and HSPD-12 compliant IDMS for issuing, revoking, and entitlements management of their identities. These […]

Read More