Category: Security, Identity, & Compliance

Learn how you can build a foundation of security objectives practices, including a business continuity and disaster recovery plan, that can be adapted to meet a dynamic policy environment and support the missions of national computer security incident response teams (CSIRT), operators of essential services (OES), digital service providers (DSP), and other identified sector organizations.

After a multi-year journey working with the mission critical application technology providers and Criminal Justice Information Services (CJIS) officials across the US, Amazon Web Services (AWS) implemented a simple and technically robust approach to CJIS compliance. Now, agencies and organizations in all 50 states in the US can host criminal justice information (CJI) on AWS.

Healthcare organization Dr. B launched to get as many COVID-19 vaccines into as many arms as possible. To achieve its mission to make access to care—specifically the COVID-19 vaccine—more efficient and equitable, the company created a serverless solution built on Amazon Web Services (AWS).   

AWS Application Migration Service (MGN) is a highly automated lift-and-shift solution, which works by replicating your on-premises (physical or virtual) and/or cloud servers into your AWS account. When you’re ready, AWS MGN automatically converts and launches your servers on AWS so you can quickly benefit from the cost savings, productivity, resilience, and agility of the cloud. This guide teaches you how to migrate a content management system platform (CMS), based on an example with WordPress, running on a simulated on-premises environment to AWS Cloud, using MGN.

The AWS Compliant Framework is an automated solution designed to help customers reduce the time to setup an environment for running secure and scalable workloads while implementing an initial security baseline that meets US federal government standards. The solution was designed to address the requirements for deploying DoD CMMC and DoD Cloud Computing Security Requirements Guide compliant environments.

To protect citizens and save lives, justice and public safety agencies rely on timely access to critical information, such as criminal histories, arrest warrants, stolen vehicles, and 911 call data. Providing this mission critical criminal justice information with five nines (99.999%) availability and protecting it according to the rigorous security requirements prescribed in the Criminal Justice Information Services Security Policy are top priorities for criminal justice agencies (CJA). AWS’s innovative features and security controls can help customers achieve CJIS compliance in a simplified way.

AWS Training and Certification is now offering a new foundational training course on AWS GovCloud (US) as part of their no-cost training webinar series. Introduction to Governance and Compliance in AWS GovCloud (US) Regions is a training workshop for those looking for a solution to host sensitive data and regulated workloads, or IT professionals just looking to learn more about AWS GovCloud (US). This new live training webinar dives into the basics of how AWS and AWS GovCloud (US) Regions address these stringent security, compliance, and governance requirements.

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies, agents, and contractors that access Federal Tax Information (FTI), to make sure they use policies, practices, controls, and safeguards to protect FTI confidentiality and integrity of FTI throughout its lifecycle. Safeguarding FTI is critical to agencies that receive, process, store or transmit FTI. AWS and AWS Partner programs enable agencies to protect FTI and the confidential relationship between the taxpayer and the IRS.

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.

AWS IAM Identity Center helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using IAM Identity Center as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. IAM Identity Center does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. IAM Identity Center is also not currently available in AWS GovCloud (US). As a result, IAM Identity Center cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in IAM Identity Center.