Posted On: Sep 18, 2020
AWS Secrets Manager has been assessed for Outsourced Service Provider Audit Report (OSPAR). This assessment demonstrates that AWS Secrets Manager has a system of controls in place that meet the Association of Banks in Singapore’s (ABS) Guidelines on Control Objectives and Procedures for Outsourced Service Providers. Secrets Manager’s alignment with the ABS guidelines demonstrates to customers AWS’s commitment to meet the security expectations for cloud service providers set by the financial services industry in Singapore. This support for OSPAR is in addition to compliance with U.S. Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), System and Organizational Controls (SOC), Federal Risk and Authorization Management Program (FedRAMP), International Organization for Standardization (ISO), and Information Security Registered Assessors Program (IRAP) announced by AWS Secrets Manager previously.
Secrets Manager enables you to retrieve and manage secrets such as database credentials and API keys throughout their lifecycle. Secrets Manager also makes it easier to follow the security best practice of using short-term secrets by rotating secrets safely on a schedule that you determine. For example, you can configure Secrets Manager to rotate a database credential daily, turning a typical, long-term secret in to a short-term secret that is rotated automatically. To learn more about Secrets Manager, visit the documentation or read our blogs on how to Store, Distribute, and Rotate Credentials Securely and Rotate Amazon RDS database credentials automatically with Secrets Manager. To get started, visit the Secrets Manager home page.
Security and compliance, including OSPAR, is a shared responsibility between AWS and you. For example, it is your responsibility to configure and manage secrets stored in Secrets Manager to meet ABS Guidelines. To learn more about the actions you may need to take to meet ABS Guidelines, read the AWS Cloud Compliance and OSPAR compliance webpages. For a comprehensive list of access-controlled documents relevant to compliance and security in the AWS Cloud, see AWS Artifact.