CyberVadis

Overview

Amazon Web Services (AWS) has completed CyberVadis third-party risk assessment.

Customers can now leverage AWS’ CyberVadis report and scorecard to reduce their supplier due-diligence burden. CyberVadis assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to AWS’ assessment each year. CyberVadis assessment provides advanced capabilities by integrating AWS’ responses with analytics and sophisticated risk models, to provide an in-depth view of AWS’s security posture.

Customers can use CyberVadis results to map AWS’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage. 

• How can I access AWS’s CyberVadis report?

  Please contact your account manager to request access to CyberVadis assessment free of cost. Once your request has been approved, you will receive an email invitation with further instructions on how to access the report and scorecard. Additionally, customers with an AWS account can download the CyberVadis Performance Report from AWS Artifact. 

• What outputs will AWS customers receive from CyberVadis?

  Customers will receive full access to AWS’ CyberVadis results.

  The CyberVadis risk assessment methodology focus on 20 topics (such as Data Privacy, Access Management and Infrastructure Security) covering the entire cybersecurity life-cycle in four phases: Identify, Protect, Detect, React. The 20 topics or criteria are based upon international information security standards such as ISO 2700x, NIST Cybersecurity Framework, Cybersecurity for ICS, PCI DSS and GDPR.

  Customers can use CyberVadis to map AWS’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage. 

• How often is AWS’ CyberVadis assessment updated?

  AWS’ CyberVadis assessment and evidence validation are updated annually.