AWS Security Blog

Category: Announcements

AWS Verified, episode 4: How Lockheed Martin embeds security

Last year Amazon Web Services (AWS) launched a new video series, AWS Verified, where we talk to global cybersecurity leaders about important issues, such as how the pandemic is impacting cloud security, how to create a culture of security, and emerging security trends. Today I’m happy to share the latest episode of AWS Verified, an […]

Read More

C5 Type 2 attestation report now available with one new Region and 123 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the 2020 Cloud Computing Compliance Controls Catalogue (C5) Type 2 attestation report. We added one new AWS Region (Europe-Milan) and 21 additional services and service features to the scope of the 2020 report. Germany’s national cybersecurity authority, Bundesamt für Sicherheit in der Informationstechnik (BSI), […]

Read More

TLS 1.2 will be required for all AWS FIPS endpoints beginning March 31, 2021

To help you meet your compliance needs, we’re updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2. We have already updated over 40 services to require TLS 1.2, removing support for TLS 1.0 and TLS 1.1. Beginning March 31, 2021, if your client application cannot support […]

Read More

Fall 2020 PCI DSS report now available with eight additional services in scope

We continue to expand the scope of our assurance programs and are pleased to announce that eight additional services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. This gives our customers more options to process and store their payment card data and architect their cardholder data […]

Read More

Updated whitepaper available: Encrypting File Data with Amazon Elastic File System

We’re sharing an update to the Encrypting File Data with Amazon Elastic File System whitepaper to provide customers with guidance on enforcing encryption of data at rest and in transit in Amazon Elastic File System (Amazon EFS). Amazon EFS provides simple, scalable, highly available, and highly durable shared file systems in the cloud. The file […]

Read More

AWS and EU data transfers: strengthened commitments to protect customer data

Last year we published a blog post describing how our customers can transfer personal data in compliance with both GDPR and the new “Schrems II” ruling. In that post, we set out some of the robust and comprehensive measures that AWS takes to protect customers’ personal data. Today, we are announcing strengthened contractual commitments that […]

Read More

Top 10 blog posts of 2020

The AWS Security Blog endeavors to provide our readers with a reliable place to find the most up-to-date information on using AWS services to secure systems and tools, as well as thought leadership, and effective ways to solve security issues. In turn, our readers have shown us what’s most important for securing their businesses. To […]

Read More

New IRAP report is now available on AWS Artifact for Australian customers

We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact. The new IRAP documentation pack brings new services in scope, and includes a Cloud Security Control Matrix (CSCM) for specific information to help customers assess each applicable control that is required by the Australian […]

Read More

Over 70 services require TLS 1.2 minimum for AWS FIPS endpoints

March 18, 2021: This post was originally published in February 2021. Since then, the number of services that require a TLS minimum of 1.2 has grown from over 40 to over 70. We’ve updated this post accordingly. In a March 2020 blog post, we told you about work Amazon Web Services (AWS) was undertaking to […]

Read More

AWS Verified episode 3: In conversation with Noopur Davis from Comcast

2020 emphasized the value of staying connected with our customers. On that front, I’m proud to bring you the third episode of our new video series, AWS Verified. The series showcases conversations with security leaders discussing trends and lessons learned in cybersecurity, privacy, and the cloud. In episode three, I’m talking to Noopur Davis, Executive […]

Read More