Tag: AWS Shared Responsibility Model

On March 28, Amazon Web Services (AWS) will release a new version of the AWS Ground Station Agent (agent), which is not compatible with past agent releases. In order to maintain operational continuity of Ground Station environments, agent users must follow the instructions provided in this blog post before upgrading to the March 28 version of the agent.

In this blog post, learn how Amazon Web Services (AWS) helps Government of Canada (GC) customers move workloads into production in the AWS Canadian Regions. This requires putting their workloads through the Security Assessment & Authorization (SA&A) process and can pose headwinds for GC customers developing applications to support digital modernization efforts.

As the amount of health data increases, different healthcare, life sciences, population health, and public health organizations are working to modernize their data infrastructure, unify their data, and innovate faster with technologies like artificial intelligence and machine learning (AI/ML). In this blog post, we dive deep on architecture guidance that enables healthcare providers to improve patient care.

Some US federal agencies and those who collaborate with them must support an automated, secure, and scalable multi-account cloud environment that meets Federal Risk and Authorization Management Program (FedRAMP) and Cybersecurity Maturity Model Certification (CMMC) standards. To support these needs, AWS customers and partners can deploy the Landing Zone Accelerator (LZA) on AWS. Recently, AWS worked with Coalfire, a FedRAMP-approved third-party assessment organization (3PAO) and AWS Partner, to assess and verify the LZA solution.

Many organizations may not fully recognize or calculate the true costs of workload resiliency decisions. These true costs include the full spectrum of costing considerations that make up a decision, from readily-determinable accounting costs to less-recognizable intangible costs. As public sector organizations often have limited resources and complex missions, it’s important to understand the true costs and economic impact involved in a resiliency decision; this can help these organizations to both prepare and plan with their available resources.

State and local government (SLG) organizations need to reflect and refocus on cyber hygiene and continuous improvement of their security posture. Here are some best practices for SLG chief information security officers (CISOs) and IT professionals to consider in their cloud journey.

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

A growing number of healthcare providers, payers, and IT professionals are using AWS’s secure, flexible, and scalable utility-based cloud services to process and store data including personal data. AWS provides a number of industry-leading tools to support customers address local regulatory and legislative requirements, including the German Digital Supply Act (DVG) and associated Digital Health Applications Ordinance (DiGAV), as they move healthcare workloads to the cloud.

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

Accreditation programs and the organizational models that support them are priority considerations for public sector managers who are modernizing their IT. But managers often consider risk and compliance issues too late in the planning stage. Here are some key principles that can prevent accreditation-related issues from becoming a roadblock to cloud adoption.