AWS Security Blog
New IRAP full assessment report is now available on AWS Artifact for Australian customers
We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact, after a successful full assessment completed in December 2021 by an independent ASD (Australian Signals Directorate) certified IRAP assessor.
The new IRAP report includes reassessment of the existing 111 services which are already in scope for IRAP, as well as the 14 additional services listed below, and the new Melbourne region. For the full list of in-scope services, see the AWS Services in Scope page on the IRAP tab. All services in scope are available in the Asia Pacific (Sydney) Region.
- Amazon AppFlow
- Amazon Augmented AI (A2I)
- Amazon DocumentDB
- Amazon EC2 Image Builder
- Amazon Kinesis Data Analytics
- Amazon Managed Streaming for Apache Kafka
- Amazon Neptune
- Amazon Quantum Ledger Database (QLDB)
- AWS Amplify
- AWS Network Firewall
- AWS Resource Access Manager (RAM)
- AWS RoboMaker
- AWS Single Sign-On (SSO)
- FreeRTOS
- Gateway Load Balancer (feature of Elastic Load Balancer)
The IRAP assessment report is developed in accordance with the Australian Cyber Security Centre (ACSC) Cloud Security Guidance and their Anatomy of a Cloud Assessment and Authorisation framework, which addresses guidance within the Australian Government Information Security Manual (ISM), the Attorney-General’s Department Protective Security Policy Framework (PSPF), and the Digital Transformation Agency (DTA) Secure Cloud Strategy.
We have created the IRAP documentation pack on AWS Artifact, which includes the AWS Consumer Guide and the whitepaper Reference Architectures for ISM PROTECTED Workloads in the AWS Cloud, which was created to help Australian government agencies and their partners plan, architect, and risk assess workloads based on AWS Cloud services.
Please reach out to your AWS representatives to let us know which additional services you would like to see in scope for coming IRAP assessments. We strive to bring more services into the scope of the IRAP PROTECTED level, based on your requirements.
If you have feedback about this post, submit comments in the Comments section below.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.