AWS Security Blog

Tag: Compliance

How to confirm your automated Amazon EBS snapshots are still created after the TLS 1.2 uplift on AWS FIPS endpoints

We are happy to announce that all AWS Federal Information Processing Standard (FIPS) endpoints have been updated to only accept a minimum of Transport Layer Security (TLS) 1.2 connections. This ensures that our customers who run regulated workloads can meet FedRAMP compliance requirements that mandate a minimum of TLS 1.2 encryption for data in transit. Attempts […]

Read More

Fall 2020 PCI DSS report now available with eight additional services in scope

We continue to expand the scope of our assurance programs and are pleased to announce that eight additional services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. This gives our customers more options to process and store their payment card data and architect their cardholder data […]

Read More

re:Invent – New security sessions launching soon

Where did the last month go? Were you able to catch all of the sessions in the Security, Identity, and Compliance track you hoped to see at AWS re:Invent? If you missed any, don’t worry—you can stream all the sessions released in 2020 via the AWS re:Invent website. Additionally, we’re starting 2021 with all new […]

Read More

Deploy an automated ChatOps solution for remediating Amazon Macie findings

The amount of data being collected, stored, and processed by Amazon Web Services (AWS) customers is growing at an exponential rate. In order to keep pace with this growth, customers are turning to scalable cloud storage services like Amazon Simple Storage Service (Amazon S3) to build data lakes at the petabyte scale. Customers are looking […]

Read More

Three common cloud encryption questions and their answers on AWS

At Amazon Web Services (AWS), we encourage our customers to take advantage of encryption to help secure their data. Encryption is a core component of a good data protection strategy, but people sometimes have questions about how to manage encryption in the cloud to meet the growth pace and complexity of today’s enterprises. Encryption can […]

Read More

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources

When you build applications on Amazon Web Services (AWS), it’s a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]

Read More

Use AWS Firewall Manager to deploy protection at scale in AWS Organizations

Security teams that are responsible for securing workloads in hundreds of Amazon Web Services (AWS) accounts in different organizational units aim for a consistent approach across AWS Organizations. Key goals include enforcing preventative measures to mitigate known security issues, having a central approach for notifying the SecOps team about potential distributed denial of service (DDoS) […]

Read More

AWS Firewall Manager helps automate security group management: 3 scenarios

In this post, we walk you through scenarios that use AWS Firewall Manager to centrally manage security groups across your AWS Organizations implementation. Firewall Manager is a security management tool that helps you centralize, configure, and maintain AWS WAF rules, AWS Shield Advanced protections, and Amazon Virtual Private Cloud (Amazon VPC) security groups across AWS […]

Read More

Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature

The AWS Security team has made it easier for you to find information and guidance on best practices for your cloud architecture. We’re pleased to share the Best Practices for Security, Identity, & Compliance webpage of the new AWS Architecture Center. Here you’ll find top recommendations for security design principles, workshops, and educational materials, and […]

Read More

New third-party test compares Amazon GuardDuty to network intrusion detection systems

A new whitepaper is available that summarizes the results of tests by Foregenix comparing Amazon GuardDuty with network intrusion detection systems (IDS) on threat detection of network layer attacks. GuardDuty is a cloud-centric IDS service that uses Amazon Web Services (AWS) data sources to detect a broad range of threat behaviors. Security engineers need to […]

Read More