- AWS›
- Customer Enablement
Streamline your path to compliance with AWS guidance
AWS audit and compliance engineering services across your cloud journey
Experienced auditors combined with AWS technical depth
Cybersecurity compliance solutions
Financial Services
Manage your financial data with AWS and receive support for compliance with industry standards
Leverage AWS consultants’ knowledge of frameworks, guidelines, and requirements such as FFIEC, NYDFS, GLBA, and PCI DSS to support your data protection and compliance efforts.
Bolster security and privacy, not just compliance
Support your security and privacy posture with AWS’s guidance while navigating cloud compliance tailored to financial regulations. Increase visibility into security governance and use audit playbooks as effective communication tools with regulators and external audit teams in the financial services sector.
Healthcare & Life Sciences
Healthcare data on AWS and compliance
Protect healthcare data and support your compliance objectives with AWS services. AWS advisors are knowledgeable about cloud-related requirements stemming from regulations and laws like HIPAA and GDPR, as well as standards and best practices such as HITRUST and GxP.
Advancing healthcare security and compliance with automated solutions
Strengthen healthcare-related security and privacy standards within the cloud by leveraging AWS tools and guidance.
Public Sector
Safeguard government systems and data with AWS compliance expertise
Partner with AWS compliance advisors on Public Sector infrastructure and data integrity on AWS covering frameworks like CMMC, NIST, FedRAMP, FISMA, and CJIS.
Supporting Public Sector security and compliance initiatives
Enhance your security and compliance efforts within the Public Sector with AWS's tailored solutions. Streamline select compliance tasks aligned with public sector regulations, and increase transparency in security governance. Leverage custom audit resources for effective communication with regulators and external audit teams, aiding in the audit and reporting processes.
Preparing for your compliance audit with AWS support
In this interview with Jessie Skibbe, a privacy and security assurance leader at AWS, we’re diving into the odds and ends of security compliance. Watch this conversation to learn more about what it takes to pass an audit.
Industry regulations
View some of the supported regulations, laws, frameworks, and standards.
Financial Services
-
Basel III, BSA - Bank Secrecy Act
-
CFPB - Consumer Financial Protection Bureau regulations
-
CFTC - Commodity Futures Trading Commission regulations
-
Dodd-Frank Act - Dodd-Frank Wall Street Reform and Consumer Protection Act
-
DORA - Digital Operations Resilience Act
-
FCRA - Fair Credit Reporting Act
-
FFIEC - Federal Financial Institutions Examination Council guidelines
-
FINRA - Financial Industry Regulatory Authority rules
-
FISMA - Federal Information Security Management Act
-
GLBA - Gramm-Leach-Bliley Act
-
PCI DSS - Payment Card Industry Data Security Standard
-
SEC - Securities and Exchange Commission regulations, Securities Act of 1933, Securities Exchange Act of 1934
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Healthcare
-
FISMA - Federal Information Security Management Act
-
GDPR - General Data Protection Regulation
-
HIPAA - Health Insurance Portability and Accountability Act
-
HITECH - Health Information Technology for Economic and Clinical Health Act
-
HITRUST CSF - Health Information Trust Alliance Common Security Framework
-
MDDS - Medical Device Data Systems regulations
-
MDSAP - Medical Device Single Audit Program
-
NIST - National Institute of Standards and Technology guidelines
-
OCR - Office for Civil Rights regulations
-
PHI - Protected Health Information
-
PTI - Prescription Tracking Initiative regulations
-
SAMHSA - Substance Abuse and Mental Health Services Administration guidelines
-
UDI - Unique Device Identification system
-
Veeva - Veeva Vault compliance standards
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Public Sector
-
CJIS - Criminal Justice Information Services security policy
-
CUI - Controlled Unclassified Information regulations
-
DHS - Department of Homeland Security regulations
-
FISMA - Federal Information Security Management Act
-
FedRAMP - Federal Risk and Authorization Management Program
-
FIPS - Federal Information Processing Standards
-
FISSEA - Federal Information Systems Security Educators' Association guidelines
-
ITAR - International Traffic in Arms Regulations
-
NIST - National Institute of Standards and Technology guidelines
-
OMB - Office of Management and Budget directives
-
PDD - Presidential Decision Directive
-
RMF - Risk Management Framework
-
TSA - Transportation Security Administration regulations
-
USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
-
VA - Department of Veterans Affairs regulations
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Technology
-
CCPA - California Consumer Privacy Act
-
COPPA - Children's Online Privacy Protection Act
-
CPRA - California Privacy Rights Act
-
DMCA - Digital Millennium Copyright Act
-
ECPA - Electronic Communications Privacy Act
-
FISMA - Federal Information Security Management Act
-
GDPR - General Data Protection Regulation
-
HIPAA - Health Insurance Portability and Accountability Act
-
PCI DSS - Payment Card Industry Data Security Standard
-
SOC 2 - Service Organization Control 2
-
TCPA - Telephone Consumer Protection Act
-
TISAX - Trusted Information Security Assessment Exchange
-
TSCP - Trusted Software Control Program
-
EFTA - Electronic Fund Transfer Act
-
FERPA - Family Educational Rights and Privacy Act
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Other
-
CIS Controls - Center for Internet Security Controls
-
COBIT - Control Objectives for Information and Related Technologies
-
CSA CCM - Cloud Security Alliance Cloud Controls Matrix
-
CSF - Cybersecurity Framework
-
CMMC - Cybersecurity Maturity Model Certification
-
ISO/IEC 27001 - International Organization for Standardization/International Electrotechnical Commission
-
NIST SP 800-53 - National Institute of Standards and Technology Special Publication 800-53
-
OWASP ASVS - Open Web Application Security Project Application Security Verification Standard
-
PCIDSS - Payment Card Industry Data Security Standard
-
PRISM - Profiles for Risk and Security Management
-
SOC 1 - Service Organization Control 1
-
SOC 2 - Service Organization Control 2
-
SOC 3 - Service Organization Control 3
-
SSAE 18 - Statement on Standards for Attestation Engagements No. 18
-
Zero Trust Architecture
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Customer success stories
Browse customer testimonials to help you discover how AWS can help you in your compliance journey.
Booking.com
"Excellent support from the AWS Proserve team in reviewing, documenting our PCI compliance status and drafting recommendations to automate and migrate PCI workloads.”
Harold Tobin, IT Risk and Control Officer for Booking.com
Air Canada
"Air Canada worked with AWS Professional Services and AWS Security Assurance Services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”
Suresh Subasinghe, Director of Digital Platform Architecture, Air Canada
Teads
"AWS’ approach to helping us understand compliance requirements and prepare for our SOC2 assessment is the best I experienced in terms of deliverables' quality, support provided, and expertise.”
Oussama Benzaouia, Chief Information Security Officer, Teads Technology
MasterControl
"MasterControl works with AWS Security Assurance Services and AWS Training to improve security, align with FedRAMP requirements, upskill teams and expand into regulated industries."
Matt Lowe, Chief Strategy Officer
Entersekt
"Through the expertise of AWS SAS and ProServe consultants, we attained PCI DSS and 3DS compliance, broadened our presence to the USA, and established a fortified PCI infrastructure. Their insightful guidance instilled confidence, ensuring smooth compliance oversight. Thanks to AWS SAS's knowledgeable and seasoned consultants, what appeared daunting and unattainable due to our accelerated product release date and tight timeline, transformed into success. Their proficiency ensured our product met PCI standards, priming it for a successful launch in the US market via AWS."
Richard Bailey, EVP Engineering, Entersekt
Artera
"At Artera, we’re enhancing the way healthcare communicates—securely and at scale. Achieving FedRAMP High Authorization and expanding into AWS GovCloud reflects our commitment to innovation, security, and trust. This milestone enables government and healthcare systems to connect seamlessly while meeting the highest compliance standards."
Darin Moore, SVP, Technical Operations
BeyondTrust
"The AWS Passport program, along with their security experts and Professional Services, helped us build compliance directly into our code. This allows us to rapidly expand globally while meeting local security requirements."
Morey Haber Chief Security Advisor, BeyondTrust
Customer testimonials
Connect with an expert
Leverage AWS consultants to enhance your security and compliance efforts. Assess your environment, explore automation options, and streamline processes with our guidance. Contact us today to get started!
