Tag: compliance

Since signing a framework agreement with the Government of Canada (GC) in 2019, AWS has developed an open source solution to automate the deployment of security controls for GC customers, which can reduce the time it takes to achieve an Authority to Operate (ATO). Natural Resources Canada (NRCan) used this solution to implement their cloud landing zone controls aligned with the Protected B, Medium Integrity, Medium Availability (PBMM) profile. They worked with AWS Partner Kainos to complete an ATO evidence package in only 60 days—a process that typically takes 18 months.

AWS is committed to supporting the mission of our Department of Defense (DoD) customers by providing innovative, efficient, and effective solutions. In support of this commitment, we are announcing the availability of DoD Cloud Infrastructure as Code (IaC) for AWS – a baseline that uses a collection of templates to enable defense mission owners to quickly build out secure, scalable cloud environments. DoD Cloud IaC for AWS is designed to help DoD organizations accelerate cloud adoption and support the rapid delivery of capabilities to the warfighter.

The AWS Secure Environment Accelerator (ASEA) landing zone helps customers deploy and operate a secure multi-account, multi-Region AWS environment. Governments in Canada and others around the world currently use the ASEA, with over 30 deployments to date. Some of these same customers also use VMware Cloud on AWS to integrate on-premises vSphere environments, allowing them to move existing workloads to the cloud more quickly. Integrating your VMware workload with natively managed AWS services can help you reduce your operational overhead and optimize your total cost of ownership (TCO). In this blog post, we review the technical considerations related to integrating your ASEA landing zone with your VMware Cloud on the AWS environment.

In this blog post, the Georgia Department of Community Health (DCH) chief information officer, Venu Gurram, describes his experience transforming their Medicaid Management Information System (MMIS) from legacy on-premises infrastructure to a collection of services in the cloud. Learn how the DCH joined forces with another state entity, the Georgia Tech Research Institute (GTRI), to use the Amazon Web Services (AWS) Cloud to deliver the next generation of Medicaid technology: a Medicaid Enterprise System (MES).

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

Since its launch in June of 2019, the Authority to Operate on AWS (ATO on AWS) program has supported more than 300 US-based customers to meet their regulatory, security, and compliance requirements on AWS. To extend that support globally, Amazon Web Services (AWS) launched the Global Security and Compliance Acceleration (GSCA) initiative. The GSCA is now available to support customers in the United Kingdom (UK) and the European Union (EU).

A growing number of healthcare providers, payers, and IT professionals are using AWS’s secure, flexible, and scalable utility-based cloud services to process and store data including personal data. AWS provides a number of industry-leading tools to support customers address local regulatory and legislative requirements, including the German Digital Supply Act (DVG) and associated Digital Health Applications Ordinance (DiGAV), as they move healthcare workloads to the cloud.

Ten years ago, the federal government was only just beginning to adopt cloud computing services. In the early days, there were concerns about how much cloud services would cost and whether they’d be secure enough for sensitive government data. In listening to our government customers, we heard their concerns about cost and security. They also needed to innovate ahead of demand, and required a highly secure and compliant infrastructure to do it. That’s why we launched AWS GovCloud (US) in 2011.

To offer security conscious enterprises and government agencies the ability to implement important governance and security controls, AWS acquired Wickr in June of 2021. Wickr helps organizations protect their collaboration with a secure and compliant solution. Built with a security-first mindset, Wickr delivers advanced security features not available with traditional communications services.

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).