AWS Public Sector Blog
Category: Security, Identity, & Compliance
Addressing federal record retention in mobile device messaging
Virtually all federal, state, and local government agencies are subject to various data retention and records management policies, regulations, and laws. AWS Wickr provides federal agencies with an innovative solution that can help them build public trust by protecting sensitive communications, while supporting the capture and management of records.
5 things to consider while applying to the State and Local Cybersecurity Grant Program (SLCGP)
State and local government organizations are experiencing an increase in cyber incidents that impact and disrupt citizen services. In 2021, US President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA), which created the State and Local Cybersecurity Grant Program (SLCGP) to provide funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. This blog post guides you through some resources and approaches to consider as organizations strive to meet the SLCGP funding requirements.
What US federal customers need to know about memorandum M-21-31
The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.
How governments can transform services securely in the cloud
Public sector organizations around the world share a common concern: how can they make sure their digital transformation maintains data security? The question comes up often when I meet with government leaders around the world in my role as a government transformation digital advisor at AWS. During my time in the UK Government’s Digital Service (GDS), and now in my work with government leaders, I’ve learned important lessons about transforming services securely in the cloud. Read on for some key takeaways.
How to create a cybersecurity analytics platform with AWS analytics and machine learning
Cybersecurity analytics is a systematic methodology designed to collect, ingest, process, aggregate, and analyze security events. This methodology empowers organizations to proactively perform security investigations, powered by advanced analytics and machine learning (ML), which help mitigate cyber issues more effectively and efficiently at scale. Learn about the core components of a cybersecurity analytics framework and how organizations can use AWS to design a cybersecurity analytics platform with analytics and ML services.
Developing the US cybersecurity workforce with CISA
At Amazon, we believe cybersecurity skills training and workforce development are essential to addressing cybersecurity challenges. Leading into Cybersecurity Awareness Month, Amazon hosted Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), for a roundtable with leaders across higher education, state and local government, and private industry to discuss ways to develop the cybersecurity workforce through skills training, partnerships between government and industry, and creating pathways to cybersecurity careers. Learn more about how Amazon supports cybersecurity training.
AWS announces low-to-no cost security services for federal political campaigns and committees
It is essential for election campaigns and committees to have access to the latest security services so they can mitigate risks against security threats at minimal cost. To support this, AWS is collaborating with Defending Digital Campaigns (DDC) to offer more than 20 cybersecurity-related AWS services for low-to-no cost to all active and registered national party committees and federal candidate committees for the US House and US Senate midterm elections that are eligible in accordance with DDC and Federal Election Commission (FEC) criteria.
Enabling secure mission success with Wickr RAM in Department of Defense Cloud One
AWS announced the availability of Wickr RAM (Recall, Alert and Messaging) to the U.S. Department of Defense (DOD) through Cloud One, which is a cloud hosting infrastructure and service. Wickr RAM is an end-to-end encrypted full suite collaboration application built for the warfighter. It is available on AWS GovCloud (US) and can support workloads up to Impact Level 5.
Navigating ISM and Essential Eight compliance with AWS Config for Australian government agencies
To help our Australian customers, AWS provides pre-built conformance packs for the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model and the ACSC Information Security Manual (ISM). The ACSC’s Essential Eight was first published in 2017 and is a set of prioritised security mitigation strategies designed to help protect organisations against various security threats. In this blog post, I walk you through how to set up a conformance pack in AWS Config that is designed to help you implement and track the ASCS Essential Eight model.
How to implement CNAP for federal and defense customers in AWS
In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.