AWS Public Sector Blog

Tag: compliance

gavel on keyboard

Customers in all 50 states in US can now host criminal justice information on AWS

After a multi-year journey working with the mission critical application technology providers and Criminal Justice Information Services (CJIS) officials across the US, Amazon Web Services (AWS) implemented a simple and technically robust approach to CJIS compliance. Now, agencies and organizations in all 50 states in the US can host criminal justice information (CJI) on AWS.

How to accelerate CMMC compliance with the new AWS Compliant Framework

The AWS Compliant Framework is an automated solution designed to help customers reduce the time to setup an environment for running secure and scalable workloads while implementing an initial security baseline that meets US federal government standards. The solution was designed to address the requirements for deploying DoD CMMC and DoD Cloud Computing Security Requirements Guide compliant environments.

man sitting at a desk on his laptop

Now available: AWS Training course on compliance in AWS GovCloud (US) Regions

AWS Training and Certification is now offering a new foundational training course on AWS GovCloud (US) as part of their no-cost training webinar series. Introduction to Governance and Compliance in AWS GovCloud (US) Regions is a training workshop for those looking for a solution to host sensitive data and regulated workloads, or IT professionals just looking to learn more about AWS GovCloud (US). This new live training webinar dives into the basics of how AWS and AWS GovCloud (US) Regions address these stringent security, compliance, and governance requirements.

blue check mark encircled on dark blue computer background

Using AWS for compliance with Internal Revenue Service (IRS) Publication 1075

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies, agents, and contractors that access Federal Tax Information (FTI), to make sure they use policies, practices, controls, and safeguards to protect FTI confidentiality and integrity of FTI throughout its lifecycle. Safeguarding FTI is critical to agencies that receive, process, store or transmit FTI. AWS and AWS Partner programs enable agencies to protect FTI and the confidential relationship between the taxpayer and the IRS.

Encryption in transit for public sector

Encryption-in-transit for public sector workloads with AWS Nitro Enclaves and AWS Certificate Manager

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.

woman researcher at computer in lab

An introduction to AWS for research IT: Getting started in the cloud

The cloud can help researchers process complex workloads, store and analyze enormous amounts of data, collaborate globally, and accelerate research and innovation. For research IT, Amazon Web Services (AWS) can help build scalable, cost-effective, and flexible environments while still maintaining the governance and guardrails for security and compliance. Following best practices, AWS allows for centralized management of resources, improved security and compliance of research workloads, and can save costs and accelerate innovation. What are some common questions from research IT customers?

Sandy Carter reInvent 2020 leadership session

Keeping “mission critical” critical but simple: 5 public sector partners announcements at AWS re:Invent 2020

At AWS, we are mission focused. A mission is a purpose—supported by but not driven by IT. How can the AWS Partner Network (APN) help public sector partners and their customers meet their missions? No matter where you are in your journey to cloud adoption and IT modernization—from getting started, to easing the adoption of technology, to planning to take the solution to market, to growing beyond storage and compute, to renewing and scale—APN and its programs and initiatives can help. During my leadership session at AWS re:Invent 2020, I shared new and noteworthy AWS Public Sector Partner programs available to help partners keep their focus on their mission-critical work while also keeping it simple—and I shared some partner successes along the way.

laptop closing

Building your Cybersecurity Maturity Model Certification (CMMC) strategy using cloud technologies

The U.S. Department of Defense (DoD) released an interim rule, the Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041), which includes NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) assessment methodology and requirements. Organizations have been planning for CMMC, and with the release of this interim rule, are now beginning to prepare and build strategy for CMMC compliance. Learn how you can build your CMMC strategy using cloud technologies.

AWS Compliance Week 2020

Accelerate cloud compliance for sensitive and regulated workloads: Register for AWS Compliance Week

If you are a technology professional looking to understand how cloud security adheres to compliance requirements, attend our AWS Compliance Week webinar series on November 2-6. You will learn how to architect compliant, multi-region cloud environments, establish agile governance for regulated workloads, and use new AWS solutions to help accelerate compliance. Hear government and industry perspectives on achieving high compliance from the General Services Administration’s FedRAMP program management office, and customers Maxar, Salesforce, and Coalfire.

IDC whitepaper: How government agencies meet security and compliance requirements with the cloud

New IDC whitepaper released: How government agencies meet security and compliance requirements with the cloud

A new IDC whitepaper, sponsored by AWS, “How Government Agencies Meet Security and Compliance Requirements in the Cloud” examines why federal agencies are moving more systems and information to the cloud as a launching point for agency-wide IT modernization. The paper shares executive, legislative, and other government-wide initiatives influencing agencies to accelerate their cloud adoption plans, risks IT leaders face by delaying cloud migrations, and how secure, compliant cloud environments help agencies achieve compliance and security for their sensitive workloads.