Tag: compliance

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.

The cloud can help researchers process complex workloads, store and analyze enormous amounts of data, collaborate globally, and accelerate research and innovation. For research IT, Amazon Web Services (AWS) can help build scalable, cost-effective, and flexible environments while still maintaining the governance and guardrails for security and compliance. Following best practices, AWS allows for centralized management of resources, improved security and compliance of research workloads, and can save costs and accelerate innovation. What are some common questions from research IT customers?

At AWS, we are mission focused. A mission is a purpose—supported by but not driven by IT. How can the AWS Partner Network (APN) help public sector partners and their customers meet their missions? No matter where you are in your journey to cloud adoption and IT modernization—from getting started, to easing the adoption of technology, to planning to take the solution to market, to growing beyond storage and compute, to renewing and scale—APN and its programs and initiatives can help. During my leadership session at AWS re:Invent 2020, I shared new and noteworthy AWS Public Sector Partner programs available to help partners keep their focus on their mission-critical work while also keeping it simple—and I shared some partner successes along the way.

The U.S. Department of Defense (DoD) released an interim rule, the Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041), which includes NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) assessment methodology and requirements. Organizations have been planning for CMMC, and with the release of this interim rule, are now beginning to prepare and build strategy for CMMC compliance. Learn how you can build your CMMC strategy using cloud technologies.

If you are a technology professional looking to understand how cloud security adheres to compliance requirements, attend our AWS Compliance Week webinar series on November 2-6. You will learn how to architect compliant, multi-region cloud environments, establish agile governance for regulated workloads, and use new AWS solutions to help accelerate compliance. Hear government and industry perspectives on achieving high compliance from the General Services Administration’s FedRAMP program management office, and customers Maxar, Salesforce, and Coalfire.

A new IDC whitepaper, sponsored by AWS, “How Government Agencies Meet Security and Compliance Requirements in the Cloud” examines why federal agencies are moving more systems and information to the cloud as a launching point for agency-wide IT modernization. The paper shares executive, legislative, and other government-wide initiatives influencing agencies to accelerate their cloud adoption plans, risks IT leaders face by delaying cloud migrations, and how secure, compliant cloud environments help agencies achieve compliance and security for their sensitive workloads.

To help our public sector customers in Sweden accelerate their journey to the cloud, we are launching the AWS ClearStart program. AWS ClearStart helps organizations meet security and regulatory needs through a set of guides, trainings, technology tools, and cloud computing experts to simplify the process of complying with Swedish and EU regulations, including the Public Access to Information and Secrecy Act (OSL) and General Data Protection Regulation (GDPR), as well as with international information security standards, such as ISO/IEC27001.

Governments at all levels rapidly addressed the rising challenges of the COVID-19 pandemic. Canadian governments  met citizens’ needs quickly by building secure, compliant solutions on AWS to deliver critical information and services. Working with partners and AWS, Canadian governments and agencies released multiple solutions for providing a modern, digital-first experience for all to interact with the government and receive the information and services they need.

Customer managed encryption keys are a common architecture requirement within highly regulated workloads. This post demonstrates how to satisfy this requirement within Amazon Simple Storage Service (Amazon S3), including Amazon S3 Glacier. We also clarify some common points of confusion and demonstrate how objects can be uploaded directly to Amazon S3 Glacier via Amazon S3, which can help meet regulatory requirements as well as potentially save budget.

Later this year, the Cybersecurity Maturity Model Certification (CMMC) accreditation framework will take effect, impacting U.S. DoD contractors, supply chain, solution providers, and systems integrators. The DoD estimates that more than 300,000 organizations will require certification. In addition, other U.S. federal agencies and international organizations may adopt a similar framework to protect their intellectual property (IP). No matter the size of your organization, cloud-based services can help you meet the requirements of CMMC.