Open for registration: Cloud Audit Academy for Federal and DoD Workloads in AWS

Today, Amazon Web Services (AWS) announced the launch of the Cloud Audit Academy (CAA) for Federal and DoD Workloads (FDW) in AWS. This is a two-day accelerated training course to educate customers on how to leverage AWS services to assist with US Federal and Department of Defense (DoD) security and compliance requirements. This training course also qualifies for 12 hours of continuing professional education (CPE). Register at no cost by navigating to the CAA for FDW in AWS website and select “Request a Session.”

In this training, registrants can learn:

1. An overview of security, compliance, and auditing in AWS
2. AWS services relevant to the National Institute of Standards and Technology (NIST) control families
3. The audit evidence that AWS can generate for customers and their auditors
4. How to validate the configuration of AWS services to help satisfy compliance requirements

The course is based on NIST Special Publication (SP) 800-171, with mappings to NIST SP 800-53 and the Cybersecurity Maturity Model Certification (CMMC), and is geared towards auditors/assessors, regulators, security, and compliance professionals, and other customers working towards compliance with related US government frameworks.

Addressing cloud compliance and audit-related questions

In the blog post, “Announcing Cloud Audit Academy AWS-specific for audit and compliance teams,” we discussed how auditing security in the cloud has become one of the fastest growing questions among AWS customers. Through our experiences hearing from customers, two overall themes remain consistent:

1. Compliance teams want to effectively audit their cloud environments and take advantage of the available security control options that are built into the cloud. However, legacy audit processes and control frameworks are built for an on-premises environment. The differences between cloud and legacy environments require reconciliation and improvement of compliance programs, audit processes, and auditor training.
2. Engineering teams working in regulated industries want to move compliant workloads to AWS to take advantage of its innovation capabilities, but security and risk teams may be uncertain about how AWS can help them meet their compliance requirements through the audit process.

To help address these challenges for not only AWS customers, but for auditors or compliance teams facing cloud migration in a US government regulated environment, we extended our CAA training series to include this two-day, instructor-led training that is industry- and framework-specific for our US federal and DoD customers.

Five things to know about CAA for FDW in AWS training

Here are five things to know about CAA for FDW in AWS and what it has to offer audit and compliance teams who need to comply with US government requirements:

1. Training will be virtually available at no cost to AWS customers for the first year
AWS customers can take this training for no cost on a first-come, first-serve basis as AWS delivers the course live and virtually online on a quarterly cadence for the first year after release.

2. Content was created in partnership with Deloitte
Deloitte worked with AWS to develop the curriculum, contributing their third-party expertise and rigor in independent risk and control auditing as one of the largest “Big 4” accounting firms in the world.

3. Attendees earn continuing professional education credits
The course offer CPE credits to attendees. Completion of CAA for FDW in AWS will qualify attendees to earn 12 CPE credits with the Information Systems Audit and Control Association (ISACA), International Information System Security Certification Consortium ((ISC)²), and Global Information Assurance Certification (GIAC).

4. Training builds confidence for auditors when auditing the AWS environment
Our customers have proven repeatedly that running sensitive workloads in AWS can be more secure than in on-premises environments. However, a lack of knowledge and updated processes for implementing, monitoring, and proving compliance in the cloud has caused growing complexity and confusion. Through CAA for FDW in AWS, you can obtain training to become more comfortable and confident knowing how to audit the AWS environment with precision and in accordance with US government frameworks such as NIST SP 800-171, NIST SP 800-53, and CMMC.

5. Training builds confidence for AWS customers in security and compliance roles when their AWS environments are audited
This course is designed to help attendees learn how to support security and compliance requirements for their AWS workloads according to the NIST control families and relevant US government requirements. It will also help demonstrate where auditees can navigate within the AWS Management Console to provide evidence and prove compliance for their AWS workloads.

If it sounds like Cloud Audit Academy training would benefit you and your team, you can find more information and register on the CAA for FDW in AWS website, contact our team at aws-caa-fdw@amazon.com, or contact your AWS account manager to learn more.

Read more about AWS for federal and defense customers:

• DoD Cloud Infrastructure as Code for AWS is now available
• How US federal agencies can apply TIC 3.0 to AWS workloads
• AWS selected for U.S. Department of Defense Joint Warfighting Cloud Capability contract
• AWS supports development of U.S. Army’s first enduring tactical cloud environment
• AWS and Project Kuiper to support the US military’s Hybrid Space Architecture project

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.