AWS Security Blog

Category: Compliance*

AWS Granted Authority to Operate for Department of Commerce and NOAA

AWS already has a number of federal agencies onboarded to the cloud, including the Department of Energy, The Department of the Interior, and NASA. Today we are pleased to announce the addition of two more ATOs (authority to operate) for the Department of Commerce (DOC) and the National Oceanic and Atmospheric Administration (NOAA). Specifically, the DOC will […]

Read More

Now Available: PCI DSS Quick Start for Deploying PCI DSS In-Scope Workloads

Released today, the PCI DSS Quick Start includes learnings from AWS field teams that have migrated and deployed workloads that are in scope for Payment Card Industry Data Security Standard (PCI DSS) compliance. The AWS CloudFormation templates and scripts included in this Quick Start can help you build a standardized environment that supports compliance with the […]

Read More

Frequently Asked Questions About HIPAA Compliance in the AWS Cloud: Part Two

In a previous blog post, Frequently Asked Questions About HIPAA Compliance in the AWS Cloud, I looked at some of the broad questions you have asked us about running protected health information (PHI) in the AWS cloud. In this blog post, I will take a closer look at the more technical questions we hear from […]

Read More

Spring SOC Report Now Available—Amazon WorkMail Now in Scope

Today, I’m pleased to announce that we have completed our semiannual AWS Service Organization Control (SOC) assessments and the reports are available to NDA customers now. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing AWS services SOC Reports (or their SAS 70 predecessors) regularly since 2009, […]

Read More

In Case You Missed These: AWS Security Blog Posts from March and April

In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists. April April 28, AWS […]

Read More

Frequently Asked Questions About HIPAA Compliance in the AWS Cloud

Today, we continue a series of AWS cloud compliance FAQs by focusing on the Health Insurance Portability and Accountability Act (HIPAA) and protected health information (PHI). AWS’s Healthcare and Life Science customers are doing important things for their customers in the AWS cloud, and we are excited to work with our partners to help tackle […]

Read More

Frequently Asked Questions About Compliance in the AWS Cloud

Every month, AWS Compliance fields thousands of questions about how to achieve and maintain compliance in the cloud. Among other things, customers are eager to take advantage of the cost savings and security at scale that AWS offers while still maintaining robust security and regulatory compliance. Because regulations across industries and geographies can be complex, […]

Read More

Free qwikLABS Online Labs Through the End of March

To celebrate 10 years of AWS, qwikLABS is offering 95 free online labs through the end of March 2016. Here are some of the labs related to security and compliance that you can take for free while the offer is live: Introduction to AWS Identity and Access Management (IAM) Introduction to AWS Key Management Service Performing […]

Read More

Announcing the AWS Config Rules Repository: A New Community-Based Source of Custom Rules for AWS Config

Today, we’re happy to release the AWS Config Rules repository, a community-based source of custom AWS Config Rules. This new repository gives you a streamlined way to automate your assessment and compliance against best practices for security of AWS resources. AWS Config Rules is a service that provides automated, periodic security and compliance checking of […]

Read More

Announcing Industry Best Practices for Securing AWS Resources

Today, we are happy to announce that the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first […]

Read More