Category: Security

In this blog post, we explain how government agencies can accelerate their development workflows while maintaining strict application and operational security using the principles of continuous integration and continuous delivery (CI/CD) and DevSecOps. We provide a solution to walk you through how you can quickly set up your own DevSecOps pipeline that incorporates AWS and third-party security tools to give you a fast, flexible, and secure software delivery process.

State and local government (SLG) organizations need to reflect and refocus on cyber hygiene and continuous improvement of their security posture. Here are some best practices for SLG chief information security officers (CISOs) and IT professionals to consider in their cloud journey.

AWS Top Secret-West is accredited to operate workloads at the Top Secret U.S. security classification level. The new Region adds multiple Availability Zones geographically separated from AWS Top Secret-East. With two Top Secret Regions, customers in the U.S. defense, intelligence, and national security communities can deploy multi-Region architectures to achieve the highest levels of resiliency and availability essential to their most critical national security missions.

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

The Japan Digital Agency (DA) has selected Amazon Web Services (AWS) as one of the cloud service providers that support Government Cloud, which delivers common cloud infrastructure that central government agencies, local governments, and other government organisations can use. As a cloud services provider directly contracted with the DA, AWS will help the Japanese government modernize IT by directly offering advanced technologies and global best practices to help customers innovate securely at pace.

To offer security conscious enterprises and government agencies the ability to implement important governance and security controls, AWS acquired Wickr in June of 2021. Wickr helps organizations protect their collaboration with a secure and compliant solution. Built with a security-first mindset, Wickr delivers advanced security features not available with traditional communications services.

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

President Biden’s executive order emphasizes the need to elevate information security as a core tenet of national security, and calls on federal agencies and public sector organizations to work with the private sector to prioritize the data security and privacy of the American people and government. AWS and AWS Partners can help government agencies align with the initiatives in this executive order.

After Rockdale County, Georgia was the victim of two cyber attacks, the jurisdiction turned to the cloud to strengthen the county’s security position. They worked with AWS Partner Tyler Technologies, Inc. to help with their migration, which not only enhanced data security and continuity of operations, but also reduced network downtime by 99 percent, while streamlining budgeting and reducing the IT staff’s burden.

Accreditation programs and the organizational models that support them are priority considerations for public sector managers who are modernizing their IT. But managers often consider risk and compliance issues too late in the planning stage. Here are some key principles that can prevent accreditation-related issues from becoming a roadblock to cloud adoption.