AWS Security Blog

Chad Woolf

Author: Chad Woolf

Frequently Asked Questions About Compliance in the AWS Cloud

May 22, 2019 update: We’ve removed a reference to the IT-Grundschutz Certification Workbook. AWS now recommends that customers refer to the Cloud Computing Compliance Controls Catalog (C5) instead. Learn more about C5 here: https://aws.amazon.com/compliance/bsi-c5/ Every month, AWS Compliance fields thousands of questions about how to achieve and maintain compliance in the cloud. Among other things, […]

Announcing the AWS Config Rules Repository: A New Community-Based Source of Custom Rules for AWS Config

Today, we’re happy to release the AWS Config Rules repository, a community-based source of custom AWS Config Rules. This new repository gives you a streamlined way to automate your assessment and compliance against best practices for security of AWS resources. AWS Config Rules is a service that provides automated, periodic security and compliance checking of […]

Announcing Industry Best Practices for Securing AWS Resources

Today, we are happy to announce that the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first […]

AWS FedRAMP-Trusted Internet Connection (TIC) Overlay Pilot Program

I’m pleased to announce a newly created resource for usage of the Federal Cloud—after successfully completing the testing phase of the FedRAMP-Trusted Internet Connection (TIC) Overlay pilot program, we’ve developed Guidance for TIC Readiness on AWS. This new way of architecting cloud solutions that address TIC capabilities (in a FedRAMP moderate baseline) comes as the […]

Introducing GxP Compliance on AWS

We’re happy to announce that customers now are enabled to bring the next generation of medical, health, and wellness solutions to their GxP systems by using AWS for their processing and storage needs. Compliance with healthcare and life sciences requirements is a key priority for us, and we are pleased to announce the availability of […]

AWS ISO 27001 Certification Increases Total In-Scope Services to 33

AWS has just completed our annual audit of ISO 27001, a certification we achieved back in 2010. 10 new services are now in scope under ISO 27001: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key […]

AWS Certification Update – ISO 9001 Has 10 New Services in Scope

Today we’re happy to announce we’ve added 10 new services to our ISO 9001 certification: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key Management Service (KMS) AWS WAF – Web Application Firewall This increases the […]

AWS Certification Update – ISO 27017

I am happy to announce that AWS has achieved ISO 27017 certification. This new criterion builds upon the ISO 27002 standard, with additional controls specifically applicable to cloud service providers. AWS is the first cloud provider to obtain this certification, which is available now for download on our AWS Cloud Compliance site. Additionally, we’ve posted an FAQ […]

AWS Announces Successful SOC Assessment with 3 New Services in Scope

Today, I’m happy to announce the completion of another successful Service Organization Controls (SOC) assessment. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing SOC Reports (or their SAS 70 predecessors) regularly since 2009, and we have, over the years, gradually built in more controls and added […]

AWS Obtains ISO 27018 Privacy Certification

I am pleased to announce that AWS has successfully completed a new assessment, ISO/IEC 27018:2014, a code of practice regarding the protection of personally identifiable information (PII) in the cloud and our adherence to the commitments we make to our customers with regard to their content. This privacy code of practice is now an integral […]