AWS Security Blog
Updated AWS SOC Reports Are Now Available with 19 Additional Services in Scope
Newly updated reports are available for AWS System and Organization Control Report 1 (SOC 1), formerly called AWS Service Organization Control Report 1, and AWS SOC 2: Security, Availability, & Confidentiality Report. You can download both reports for free and on demand in the AWS Management Console through AWS Artifact. The updated AWS SOC 3: […]
Read MoreHow to Query Personally Identifiable Information with Amazon Macie
June 15, 2020: This blog is out of date. Please refer here for the updated info: https://aws.amazon.com/blogs/aws/new-enhanced-amazon-macie-now-available/ In August 2017 at the AWS Summit New York, AWS launched a new security and compliance service called Amazon Macie. Macie uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this blog post, […]
Read MoreAnnouncing the New AWS Customer Compliance Center
AWS has the longest running, most effective, and most customer-obsessed compliance program in the cloud market. We have always centered our program around customers, obtaining the certifications needed to provide our customers with the proper level of validated transparency in order to enable them to certify their own AWS workloads [download .pdf of AWS certifications]. […]
Read MoreIntroducing the Self-Service Business Associate Addendum
Today, we made available a new feature in AWS Artifact (our auditing and compliance portal) that enables you to review, accept, and track the status of your Business Associate Addendum (BAA). With this new feature, you can accept the terms of a BAA online, and instantly designate an AWS account as a “HIPAA Account” for use with […]
Read MoreUpdated AWS SOC Reports Include Three New Regions and Three Additional Services
The updated AWS Service Organization Control (SOC) 1 and SOC 2 Security, Availability, and Confidentiality Reports covering the period of October 1, 2016, through March 31, 2017, are now available. Because we are always looking for ways to improve the customer experience, the current AWS SOC 2 Confidentiality Report has been combined with the […]
Read MoreFour HIPAA Eligible Services Recently Added to the AWS Business Associate Agreement
We are pleased to announce that the following four AWS services have been added in recent weeks to the AWS Business Associate Agreement (BAA): Amazon API Gateway (excluding the use of Amazon API Gateway caching) Amazon SQS AWS Database Migration Service AWS Direct Connect As with all HIPAA Eligible Services covered under the BAA, Protected Health […]
Read MoreMore Than One Dozen AWS Cloud Services Receive Department of Defense Impact Level 4 Provisional Authorizations in the AWS GovCloud (US) Region
Today, I am pleased to announce that the AWS GovCloud (US) Region has received Defense Information Systems Agency Impact Level 4 (IL4) Provisional Authorization (PA) for more than one dozen new services. The IL4 PA enables Department of Defense (DoD) customers to operate their mission-critical and regulated workloads in the AWS GovCloud (US) Region, with data […]
Read MoreAWS Achieves FedRAMP Authorization for New Services in the AWS GovCloud (US) Region
Today, we’re pleased to announce an array of AWS services that are available in the AWS GovCloud (US) Region and have achieved Federal Risk and Authorization Management Program (FedRAMP) High authorizations. The FedRAMP Joint Authorization Board (JAB) has issued Provisional Authority to Operate (P-ATO) approvals, which are effective immediately. If you are a federal or commercial […]
Read MoreNew SOC 2 Report Available: Confidentiality
As with everything at Amazon, the success of our security and compliance program is primarily measured by one thing: our customers’ success. Our customers drive our portfolio of compliance reports, attestations, and certifications that support their efforts in running a secure and compliant cloud environment. As a result of our engagement with key customers across […]
Read MoreEU Compliance Update
AWS made many launch announcements at AWS re:Invent 2016, including the announcement of a new compliance service, AWS Artifact. After so much recent activity, I want to highlight some EU-related news that you might have missed. AWS has completed its assessment against the Cloud Computing Compliance Controls Catalogue (C5) information security and compliance program. Bundesamt für […]
Read More