AWS Compliance Programs

The AWS Compliance Program helps customers to understand the robust controls in place at AWS to maintain security and compliance in the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance Enablers build on traditional programs, helping customers to establish and operate in an AWS security control environment.

IT standards we comply with are broken out by Certifications and Attestations; Laws, Regulations and Privacy; and Alignments and Frameworks. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance. AWS customers remain responsible for complying with applicable compliance laws, regulations and privacy programs. Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function.

Global

csa-logo

CSA

Cloud Security Alliance Controls

Iso Logo

ISO 27701

Privacy Information Management 

SOC-SizedLogo

SOC 3

General Controls Report

CyberGRX Logo

CyberGRX

Third Party Risk Management

ISO27018

ISO 27018

Personal Data Protection

ISO9001

ISO 9001

Global Quality Standard

pci

PCI DSS Level 1

Payment Card Standards

ISO27001

ISO 27001

Security Management Controls

SOC-SizedLogo

SOC 1

Audit Controls Report

ISO27017

ISO 27017

Cloud Specific Controls 

SOC-SizedLogo

SOC 2

Security, Availability, & Confidentiality Report

Americas

CS2_FullPg_Icon_Detective

CJIS

Criminal Justice Information Services

FISMASized

FISMA

Federal Information Security Management

MPAAIcon

MPAA

Protected Media Content

defense_featured_2

DoD SRG

Department of Defense
Data Processing

GxPLogoAws

GxP

Quality Guidelines and Regulations



automating-security-best-practices-solution-icon (1)

NIST

National Institute of Standards and Technology

FedRAMPLogoNew

FedRAMP

Government Data Standards

HIPAA-sized

HIPAA

Protected Health Information



compliance-privacy-pipeda-canada

PIPEDA

Canada’s Federal Private Sector Privacy Legislation 

dept_education_sized

FERPA

Educational Privacy Act

HITRUST

HITRUST CSF

Health Information Trust Alliance Common Security Framework

sec_logo

SEC Rule 17a-4(f)

Recordkeeping Rules

FIPS_sized

FIPS

Government Security Standards

itar-sized

ITAR

International Arms Regulations


VPAT

VPAT / Section 508

Accessibility Standards

Asia Pacific

FinTechJPIcon

FinTech

Reference Architecture in Japan

Medical-Information-System-Logo-sized

Medical Information Guidelines

Guidelines in Japan

data-privacy-japan-flag

FISC

Center for Financial Industry Information Systems in Japan

MTCSSingaporeLogo

MTCS Tier 3

Multi-Tier Cloud Security Standard in Singapore

IRAP

IRAP

Security Standards in Australia

nisc_logo

NISC

National Center of Incident Readiness and Strategy for Cybersecurity in Japan

ISMS logo

K-ISMS

Information Security in Korea

compliance-privacy-singapore

OSPAR

Outsourcing Guidelines in Singapore

data-privacy-japan-flag

ISMAP

Government program to assess security of public cloud services in Japan

Europe, Middle East & Africa

HDS

HDS

Personal Health Data Protection in France
 

Swiss flag

FINMA ISAE 3000 Type 2 Report

Attestation for Swiss Financial Market Supervisory Authority Circulars

C5_Sized

C5

Operational Security Attestation in Germany

GovUkCloud

G-Cloud

Government Standards in the UK

CISPEAWS

CISPE

Coalition of Cloud Infrastructure Services Providers in Europe

GSMA

GSMA

GSM Association

cyber-essentials-logo

Cyber Essentials Plus

Cyber Threat Protection in the UK

TISAX_logo

TISAX

Automotive Industry Standard

ENS_Logo_Sized

ENS High

Government Standards in Spain

Certifications / Attestations:

Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.

Laws / Regulations:

AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance.

No formal certification is available to (or distributable by) a cloud service provider within these law and regulatory domains.

Alignments / Frameworks:

Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs.

Requirements under specific alignments and frameworks may not be subject to certification or attestation; however, some alignments and frameworks are covered by other compliance programs.

Privacy

At AWS, customer trust is our top priority. We deliver services to millions of active customers, including enterprises, educational institutions, and government agencies in over 190 countries. Our customers include financial services providers, healthcare providers, and governmental agencies, who trust us with some of their most sensitive information.

compliance-contactus-icon
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »