AWS Security Blog

Category: Security, Identity, & Compliance

Accesses to decoy resources automatically create custom Security Hub findings

How to detect suspicious activity in your AWS account by using private decoy resources

As customers mature their security posture on Amazon Web Services (AWS), they are adopting multiple ways to detect suspicious behavior and notify response teams or workflows to take action. One example is using Amazon GuardDuty to monitor AWS accounts and workloads for malicious activity and deliver detailed security findings for visibility and remediation. Another tactic […]

CyberVadis

AWS CyberVadis report now available for due diligence on third-party suppliers

At Amazon Web Services (AWS), we’re continuously expanding our compliance programs to provide you with more tools and resources to perform effective due diligence on AWS. We’re excited to announce the availability of the AWS CyberVadis report to help you reduce the burden of performing due diligence on your third-party suppliers. With the increase in […]

How to use customer managed policies in AWS IAM Identity Center for advanced use cases

September 23, 2022: This post had been updated to reflect main benefits on using CMPs with permission sets. Are you looking for a simpler way to manage permissions across all your AWS accounts? Perhaps you federate your identity provider (IdP) to each account and divide permissions and authorization between cloud and identity teams, but want […]

AWS launches AWS Wickr ATAK Plugin

AWS is excited to announce the launch of the AWS Wickr ATAK Plugin, which makes it easier for ATAK users to maintain secure communications. The Android Team Awareness Kit (ATAK)—also known as Android Tactical Assault Kit for military use—is a smartphone geospatial infrastructure and situational awareness application. It provides mapping, messaging, and geofencing capabilities to […]

How to incorporate ACM PCA into your existing Windows Active Directory Certificate Services

Using certificates to authenticate and encrypt data is vital to any enterprise security. For example, companies rely on certificates to provide TLS encryption for web applications so that client data is protected. However, not all certificates need to be issued from a publicly trusted certificate authority (CA). A privately trusted CA can be leveraged to […]

Open Cybersecurity Schema Framework Project Logo

AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project

In today’s fast-changing security environment, security professionals must continuously monitor, detect, respond to, and mitigate new and existing security issues. To do so, security teams must be able to analyze security-relevant telemetry and log data by using multiple tools, technologies, and vendors. The complex and heterogeneous nature of this task drives up costs and may […]

PCI Security Standards Council logo

Spring 2022 PCI DSS report available with seven services added to compliance scope

We’re continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that seven new services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. This provides our customers with more options to process and store their payment card […]

PCI Security Standards Council logo

Spring 2022 PCI 3DS report now available

We are excited to announce that Amazon Web Services (AWS) has released the latest 2022 Payment Card Industry 3-D Secure (PCI 3DS) attestation to support our customers in the financial services sector. Although AWS doesn’t perform 3DS functions directly, the AWS PCI 3DS attestation of compliance can help customers to attain their own PCI 3DS […]

Update of AWS Security Reference Architecture is now available

We’re happy to announce that an updated version of the AWS Security Reference Architecture (AWS SRA) is now available. The AWS SRA is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. You can use it to help your organization to design, implement, and manage AWS […]

Figure 1: The Customer/AWS Shared Responsibility Model

Welcoming the AWS Customer Incident Response Team

Well, hello there! Thanks for reading our inaugural blog post. Who are we, you ask? We are the AWS Customer Incident Response Team (CIRT). The AWS CIRT is a specialized 24/7 global Amazon Web Services (AWS) team that provides support to customers during active security events on the customer side of the AWS Shared Responsibility […]