AWS Security Blog

Category: Announcements

PCI Council

Fall 2021 PCI DSS report now available with 7 services added to compliance scope

We’re continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that seven new services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. These new services provide our customers with more options to process and store their […]

Read More

2021 AWS security-focused workshops

Every year, Amazon Web Services (AWS) looks to help our customers gain more experience and knowledge of our services through hands-on workshops. In 2021, we unfortunately couldn’t connect with you in person as much as we would have liked, so we wanted to create and share new ways to learn and build on AWS. We […]

Read More

New IRAP full assessment report is now available on AWS Artifact for Australian customers

We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact, after a successful full assessment completed in December 2021 by an independent ASD (Australian Signals Directorate) certified IRAP assessor. The new IRAP report includes reassessment of the existing 111 services which are already in […]

Read More

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the risk of the vulnerability, how you can try to identify if you are susceptible to the issue, and then what you can do to update your […]

Read More

Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

We are pleased to announce a new Amazon Web Services (AWS) workbook designed to help India Primary (UCBs) customers align with the Reserve Bank of India (RBI) guidance in Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach. In addition to RBI’s basic cyber security framework for Primary (Urban) Cooperative […]

Read More
Finland Flag

AWS publishes PiTuKri ISAE3000 Type II Attestation Report for Finnish customers

Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ industry security requirements drive the scope and portfolio of compliance reports, attestations, and certifications we pursue. AWS is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) ISAE 3000 Type 2 […]

Read More

Open source hotpatch for Apache Log4j vulnerability

December 14, 2021:The version 2.15 Log4j was updated to the new version out today. At Amazon Web Services (AWS), security remains our top priority. As we addressed the Apache Log4j vulnerability this weekend, I’m pleased to note that our team created and released a hotpatch as an interim mitigation step. This tool may help you […]

Read More

How to customize behavior of AWS Managed Rules for AWS WAF

AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]

Read More

AWS attained MTCS Level 3 certification under the new SS584:2020 standard

We’re excited to announce the completion of the Multi-Tier Cloud Security (MTCS) Level 3 certification under the new SS584:2020 standard in November 2021 for three Amazon Web Services (AWS) Regions: Singapore, Korea, and United States, excluding AWS GovCloud (US) Regions. The new standard, released in October 2020, includes more stringent controls for greater assurance as […]

Read More