Category: Security, Identity, & Compliance

This blog post introduces Amazon Web Services (AWS) Trusted Internet Connections (TIC) 3.0 overlay artifacts. TIC is a federal cybersecurity initiative intended to enhance network and data security across the Federal Government.

In 2021, the U.S. Department of Defense (DoD) announced the creation of the Joint Warfighting Cloud Capability (JWCC) contract—a multi-vendor acquisition vehicle designed to make cloud services and capabilities available at all classification levels and across all security domains, from the enterprise to the tactical edge. JWCC will enable the DoD to fully leverage the capabilities of the cloud to meet current and future mission initiatives. Further, JWCC is key to enabling critical warfighter capabilities, such as the Joint All-Domain Command and Control (JADC2), and the DoD Artificial Intelligence and Data Acceleration Initiative (ADA). As the DoD continues to modernize the way it supports the warfighter and defends our national security, AWS is committed to supporting its critical mission.

At AWS, our customers and partners serving government, nonprofit, healthcare, and education are focusing on advancing the way they deliver critical services, improve the customer experience, build resilience into how they operate, and respond to disruptive events. With much progress made to date and with customers expecting the same digital experience and service as in other industries, expectations are only getting higher. So how can public sector organizations approach this new dynamic, and how can AWS support their missions?

An Aadhaar number is a 12-digit unique identification number issued by the Unique Identification Authority of India (UIDAI) to every individual in India. Considering the sensitivity of the Aadhaar number and the potential implication of having one’s Aadhaar number compromised, UIDAI mandated the need for all Aadhaar and Aadhaar-related data to be encrypted and stored separately in a secure, access-controlled data repository known as an Aadhaar Data Vault. This blog post explains how government and private entities that collect, process, and store Aadhaar data for various use cases can use AWS CloudHSM from AWS to create an Aadhaar data storage solution that can meet guidelines provided by UIDAI.

The recent Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy update contains important cloud computing language that aligns with the AWS approach to building CJIS compliant solutions. Learn more about the CJIS Security Policy changes and how AWS supports these new policies.

In September 2022, the State of Arizona Department of Homeland Security (AZDOHS) launched a new program to bolster the cybersecurity of Arizona’s most vulnerable cities, counties, and K12 school districts. The Arizona Statewide Cyber Readiness Grant Program enables local entities to reduce their cyberattack surface by accessing technical assistance and software licenses across five functional areas. The Cyber Grant Task Force selected two software providers from the AWS Marketplace hosted on Amazon Web Services (AWS), Tanium and CrowdStrike to assist cities, counties, and schools with improving their cybersecurity posture.

AWS announced that Amazon Connect, its omnichannel cloud contact center service, has achieved FedRAMP Authorized status at the High Impact Level. FedRAMP is a US government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment, and continuous monitoring for cloud technologies and federal agencies. In this blog post, learn how to deploy a secure Amazon Connect contact center with conversational AI features to route callers and chatters to the agents best able to assist them.

Virtually all federal, state, and local government agencies are subject to various data retention and records management policies, regulations, and laws. AWS Wickr provides federal agencies with an innovative solution that can help them build public trust by protecting sensitive communications, while supporting the capture and management of records.  

State and local government organizations are experiencing an increase in cyber incidents that impact and disrupt citizen services. In 2021, US President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA), which created the State and Local Cybersecurity Grant Program (SLCGP) to provide funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. This blog post guides you through some resources and approaches to consider as organizations strive to meet the SLCGP funding requirements.

The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.