AWS Security Blog

Category: Security, Identity, & Compliance

New PCI DSS report now available, 31 services added to scope

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In just the last 6 months, we’ve increased the number of Payment Card Industry Data Security Standard (PCI DSS) certified services by 50%. We were evaluated by third-party auditors from Coalfire and the latest report is now available on AWS […]

Read More

Scaling a governance, risk, and compliance program for the cloud, emerging technologies, and innovation

Governance, risk, and compliance (GRC) programs are sometimes looked upon as the bureaucracy getting in the way of exciting cybersecurity work. But a good GRC program establishes the foundation for meeting security and compliance objectives. It is the proactive approach to cybersecurity that, if done well, minimizes reactive incident response. Of the three components of […]

Read More

Are KMS custom key stores right for you?

October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can use the AWS Key Management Service (KMS) custom key store feature to gain […]

Read More

Announcing the First AWS Security Conference: AWS re:Inforce 2019

Update: re:Inforce 2019 tickets are now available for purchase. You can learn more about the event here, and re:Inforce registration is now officially open! On the eve of re:Invent 2018, I’m pleased to announce that AWS is launching our first conference dedicated to cloud security: AWS re:Inforce. The event will offer a deep dive into the […]

Read More
Amazon Spheres and author info

AWS Security Profiles: Quint Van Deman, Principal Business Development Manager

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]

Read More

AWS Security Profiles: Henrik Johansson, Principal, Office of the CISO

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]

Read More
Amazon Spheres and author info

AWS Security Profiles: Alana Lan, Software Development Engineer; Shane Xu, Technical Program Manager

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]

Read More
Amazon Spheres and author info

AWS Security Profiles: Matt Bretan, Principal Manager, AWS Professional Services

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]

Read More

How federal agencies can leverage AWS to extend CDM programs and CIO Metric Reporting

Continuous Diagnostics and Mitigation (CDM), a U.S. Department of Homeland Security cybersecurity program, is gaining new visibility as part of the federal government’s overall focus on securing its information and networks. How an agency performs against CDM will soon be regularly reported in the updated Federal Information Technology Acquisition Reform Act (FITARA) scorecard. That’s in […]

Read More