Category: AWS Artifact

Compliance is essential, but ensuring compliance in the cloud with various regulations and standards can be challenging, especially for public sector organizations. The requirements are highly dynamic, constantly evolving, and they vary across countries. Read this blog post to learn about the Amazon Web Services (AWS) resources that can help customers meet compliance requirements, reduce their time and effort, and focus on core business objectives.

Some US federal agencies and those who collaborate with them must support an automated, secure, and scalable multi-account cloud environment that meets Federal Risk and Authorization Management Program (FedRAMP) and Cybersecurity Maturity Model Certification (CMMC) standards. To support these needs, AWS customers and partners can deploy the Landing Zone Accelerator (LZA) on AWS. Recently, AWS worked with Coalfire, a FedRAMP-approved third-party assessment organization (3PAO) and AWS Partner, to assess and verify the LZA solution.

Since signing a framework agreement with the Government of Canada (GC) in 2019, AWS has developed an open source solution to automate the deployment of security controls for GC customers, which can reduce the time it takes to achieve an Authority to Operate (ATO). Natural Resources Canada (NRCan) used this solution to implement their cloud landing zone controls aligned with the Protected B, Medium Integrity, Medium Availability (PBMM) profile. They worked with AWS Partner Kainos to complete an ATO evidence package in only 60 days—a process that typically takes 18 months.

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

The Government of Canada (GC) signed a framework agreement with AWS to provide Commercially Available Cloud Services for workloads up to the level of Protected B/Medium Integrity/Medium Availability (PBMM). Having a contract vehicle with a Cloud Service Provider (CSP) is a significant step forward in modernizing digital government for Canadians, and will further the Government of Canada’s Cloud and digital strategy. This contract is in addition to the procurement vehicle for unclassified data announced in 2018.