AWS Public Sector Blog
Tag: AWS CloudTrail
Continuous monitoring and governance: AWS best practices for keeping your data secure during the holidays
As we look ahead to 2025, it’s crucial to maintain vigilance, especially during the holiday season, when cybersecurity risks tend to escalate. Many organizations use Amazon Web Services (AWS) to enhance their security posture and improve resilience. In this post, we discuss the AWS best practices for securing your data during the holiday season.
Migrating to a multi-account strategy for public sector customers
A multi-account strategy is important for Amazon Web Services (AWS) public sector customers because it is the foundation of cloud governance and compliance. Public sector customers using a shared account model can improve security and operational efficiency by adopting a multi-account strategy. In this post, we explore methods for existing AWS public sector customers to prepare for and migrate to a multi-account environment.
How AWS can help mission-focused organizations comply with the White House National Security Memorandum on AI
On October 24, 2024, the White House released a National Security Memorandum (NSM) on Artificial Intelligence (AI), which focuses on ensuring US leadership in developing advanced AI technologies. Amazon Web Services (AWS) is uniquely positioned to address the critical needs of the defense and national security customers in advancing their AI capabilities. Our comprehensive suite of AI and high performance computing (HPC) capabilities offers flexible and robust solutions to meet the NSM’s goals and empower national security missions.
Simplify firewall deployments using centralized inspection architecture with Gateway Load Balancer
As government organizations transition to Amazon Web Services (AWS), they often seek to maintain operational continuity by using their existing on-premises firewall solutions. Gateway Load Balancer (GWLB) enables seamless integration of these firewall appliances into the AWS architecture, ensuring consistent security policies and minimizing disruptions. This post explores best practices for implementing GWLB to facilitate centralized traffic inspection for both east-west and north-south traffic flows.
DoSomething’s journey with AWS brings efficiency, scalability
DoSomething is a leading nonprofit organization for youth-centered impact and service. When they decided to build a new platform from the ground up, they focused on simplification and scalability. Amazon Web Services emerged as the optimal solution due to robust support for nonprofits and comprehensive suite of services. Read this post to learn more.
Mitigating inadvertent IPv6 prefix advertisement with AWS automation
As federal agencies migrate to the Trusted Internet Connections (TIC) 3.0 framework, they will use Amazon Web Services (AWS) to exit to the internet, bypassing the TIC network. This transition requires agencies to plan and coordinate migration activities to verify seamless IPv6 connectivity. Agencies need to coordinate advertising their IPv6 prefixes with AWS, using mechanisms like Bring your own IP addresses (BYOIP). The migration process could involve changes in routing policies, firewall rules, and security controls to accommodate the IPv6 prefix changes. Read this post to learn more.
Streamlining digital transformation in German healthcare with AWS
Healthcare organizations worldwide are leveraging Amazon Web Services (AWS) and partner solutions to modernize, transform, and innovate their businesses. Ensuring the availability and security of critical applications is paramount. For example, two renowned German medical facilities, Fachklinikum Mainschleife and Max Grundig Klinik, needed to modernize their IT infrastructure to comply with stringent regulatory requirements outlined in the country’s Law for Accelerating the Digitalization of Healthcare (DigiG). Reliable and compliant service offerings from AWS enabled the medical facilities to provide reliable access to essential systems.
How to transfer data to the CISA Cloud Log Aggregation Warehouse (CLAW) using Amazon S3
In this post, we show you how you can push or pull your security telemetry data to the National Cybersecurity Protection System (NCPS) Cloud Log Aggregation Warehouse (CLAW) using Amazon Web Services (AWS) Simple Storage Service (Amazon S3) or third-party solutions.
Building compliant healthcare solutions using Landing Zone Accelerator
In this post, we explore the complexities of data privacy and controls on Amazon Web Services (AWS), examine how creating a landing zone within which to contain such data is important, and highlight the differences between creating a landing zone from scratch compared with using the AWS Landing Zone Accelerator (LZA) for Healthcare. To aid explanation, we use a simple healthcare workload as an example. We also explain how LZA for Healthcare codifies HIPAA controls and AWS Security Best Practices to accelerate the creation of an environment to run protective health information workloads in AWS.
What US federal customers need to know about memorandum M-21-31
The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.