Category: Compliance

A growing number of healthcare providers, payers, and IT professionals are using AWS’s secure, flexible, and scalable utility-based cloud services to process and store data including personal data. AWS provides a number of industry-leading tools to support customers address local regulatory and legislative requirements, including the German Digital Supply Act (DVG) and associated Digital Health Applications Ordinance (DiGAV), as they move healthcare workloads to the cloud.

To offer security conscious enterprises and government agencies the ability to implement important governance and security controls, AWS acquired Wickr in June of 2021. Wickr helps organizations protect their collaboration with a secure and compliant solution. Built with a security-first mindset, Wickr delivers advanced security features not available with traditional communications services.

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

Learn how you can build a foundation of security objectives practices, including a business continuity and disaster recovery plan, that can be adapted to meet a dynamic policy environment and support the missions of national computer security incident response teams (CSIRT), operators of essential services (OES), digital service providers (DSP), and other identified sector organizations.

After a multi-year journey working with the mission critical application technology providers and Criminal Justice Information Services (CJIS) officials across the US, Amazon Web Services (AWS) implemented a simple and technically robust approach to CJIS compliance. Now, agencies and organizations in all 50 states in the US can host criminal justice information (CJI) on AWS.

The AWS Compliant Framework is an automated solution designed to help customers reduce the time to setup an environment for running secure and scalable workloads while implementing an initial security baseline that meets US federal government standards. The solution was designed to address the requirements for deploying DoD CMMC and DoD Cloud Computing Security Requirements Guide compliant environments.

To protect citizens and save lives, justice and public safety agencies rely on timely access to critical information, such as criminal histories, arrest warrants, stolen vehicles, and 911 call data. Providing this mission critical criminal justice information with five nines (99.999%) availability and protecting it according to the rigorous security requirements prescribed in the Criminal Justice Information Services Security Policy are top priorities for criminal justice agencies (CJA). AWS’s innovative features and security controls can help customers achieve CJIS compliance in a simplified way.

AWS Training and Certification is now offering a new foundational training course on AWS GovCloud (US) as part of their no-cost training webinar series. Introduction to Governance and Compliance in AWS GovCloud (US) Regions is a training workshop for those looking for a solution to host sensitive data and regulated workloads, or IT professionals just looking to learn more about AWS GovCloud (US). This new live training webinar dives into the basics of how AWS and AWS GovCloud (US) Regions address these stringent security, compliance, and governance requirements.

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies, agents, and contractors that access Federal Tax Information (FTI), to make sure they use policies, practices, controls, and safeguards to protect FTI confidentiality and integrity of FTI throughout its lifecycle. Safeguarding FTI is critical to agencies that receive, process, store or transmit FTI. AWS and AWS Partner programs enable agencies to protect FTI and the confidential relationship between the taxpayer and the IRS.

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.