AWS Security Blog

Category: Compliance

How to Use AWS Service Catalog for Code Deployments: Part 2 of the Automating HIPAA Compliance Series

In my previous blog post, I discussed the idea of using the cloud to protect the cloud and improving healthcare IT by applying DevSecOps methods. In Part 2 today, I will show an architecture composed of AWS services that gives healthcare security administrators necessary controls, allows healthcare developers to interact with the system using familiar […]

Read More

How to Automate HIPAA Compliance (Part 1): Use the Cloud to Protect the Cloud

The United States healthcare ecosystem is highly complex. It is composed of review boards, regulating bodies, government agencies, pharmaceutical companies, insurance payers, and a mix of public and private provider entities, all of which intersect and overlap. Underlying this system lays highly sensitive patient data, which is governed by the U.S. Health Insurance Portability and […]

Read More

AWS FedRAMP-Trusted Internet Connection (TIC) Overlay Pilot Program

I’m pleased to announce a newly created resource for usage of the Federal Cloud—after successfully completing the testing phase of the FedRAMP-Trusted Internet Connection (TIC) Overlay pilot program, we’ve developed Guidance for TIC Readiness on AWS. This new way of architecting cloud solutions that address TIC capabilities (in a FedRAMP moderate baseline) comes as the […]

Read More

Introducing GxP Compliance on AWS

We’re happy to announce that customers now are enabled to bring the next generation of medical, health, and wellness solutions to their GxP systems by using AWS for their processing and storage needs. Compliance with healthcare and life sciences requirements is a key priority for us, and we are pleased to announce the availability of […]

Read More

AWS ISO 27001 Certification Increases Total In-Scope Services to 33

AWS has just completed our annual audit of ISO 27001, a certification we achieved back in 2010. 10 new services are now in scope under ISO 27001: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key […]

Read More

AWS Certification Update – ISO 9001 Has 10 New Services in Scope

Today we’re happy to announce we’ve added 10 new services to our ISO 9001 certification: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key Management Service (KMS) AWS WAF – Web Application Firewall This increases the […]

Read More

AWS Certification Update – ISO 27017

I am happy to announce that AWS has achieved ISO 27017 certification. This new criterion builds upon the ISO 27002 standard, with additional controls specifically applicable to cloud service providers. AWS is the first cloud provider to obtain this certification, which is available now for download on our AWS Cloud Compliance site. Additionally, we’ve posted an FAQ […]

Read More

AWS Announces Successful SOC Assessment with 3 New Services in Scope

Today, I’m happy to announce the completion of another successful Service Organization Controls (SOC) assessment. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing SOC Reports (or their SAS 70 predecessors) regularly since 2009, and we have, over the years, gradually built in more controls and added […]

Read More

Register to Attend an AWS Security Roadshow

Register to attend an AWS Security Roadshow, a free technical event where you can learn how to use AWS services—including those recently launched—to help improve the agility and maturity of your security and compliance programs. AWS Security Roadshow topics will include: AWS Security Overview What’s New Network Security and Access Control Within AWS Protecting Your Data in AWS Putting It […]

Read More

AWS Obtains ISO 27018 Privacy Certification

I am pleased to announce that AWS has successfully completed a new assessment, ISO/IEC 27018:2014, a code of practice regarding the protection of personally identifiable information (PII) in the cloud and our adherence to the commitments we make to our customers with regard to their content. This privacy code of practice is now an integral […]

Read More