Experienced auditors combined with AWS technical depth
Work with AWS consultants, supported by AWS's technical resources, to help your compliance challenges. AWS services and automation can assist you in managing compliance tasks, providing valuable support throughout the process.
Cybersecurity compliance solutions
Financial Services
Manage your financial data with AWS and receive support for compliance with industry standards
Leverage AWS consultants’ knowledge of frameworks, guidelines, and requirements such as FFIEC, NYDFS, GLBA, and PCI DSS to support your data protection and compliance efforts.
Bolster security and privacy, not just compliance
Support your security and privacy posture with AWS’s guidance while navigating cloud compliance tailored to financial regulations. Increase visibility into security governance and use audit playbooks as effective communication tools with regulators and external audit teams in the financial services sector.
Healthcare & Life Sciences
Healthcare data on AWS and compliance
Protect healthcare data and support your compliance objectives with AWS services. AWS advisors are knowledgeable about cloud-related requirements stemming from regulations and laws like HIPAA and GDPR, as well as standards and best practices such as HITRUST and GxP.
Advancing healthcare security and compliance with automated solutions
Strengthen healthcare-related security and privacy standards within the cloud by leveraging AWS tools and guidance.
Public Sector
Safeguard government systems and data with AWS compliance expertise
Partner with AWS compliance advisors on Public Sector infrastructure and data integrity on AWS covering frameworks like CMMC, NIST, FedRAMP, FISMA, and CJIS.
Supporting Public Sector security and compliance initiatives
Enhance your security and compliance efforts within the Public Sector with AWS's tailored solutions. Streamline select compliance tasks aligned with public sector regulations, and increase transparency in security governance. Leverage custom audit resources for effective communication with regulators and external audit teams, aiding in the audit and reporting processes.
Preparing for your compliance audit with AWS support
In this interview with Jessie Skibbe, a privacy and security assurance leader at AWS, we’re diving into the odds and ends of security compliance. Watch this conversation to learn more about what it takes to pass an audit.
Industry regulations
View some of the supported regulations, laws, frameworks, and standards.
Financial Services
- Basel III, BSA - Bank Secrecy Act
- CFPB - Consumer Financial Protection Bureau regulations
- CFTC - Commodity Futures Trading Commission regulations
- Dodd-Frank Act - Dodd-Frank Wall Street Reform and Consumer Protection Act
- DORA - Digital Operations Resilience Act
- FCRA - Fair Credit Reporting Act
- FFIEC - Federal Financial Institutions Examination Council guidelines
- FINRA - Financial Industry Regulatory Authority rules
- FISMA - Federal Information Security Management Act
- GLBA - Gramm-Leach-Bliley Act
- PCI DSS - Payment Card Industry Data Security Standard
- SEC - Securities and Exchange Commission regulations, Securities Act of 1933, Securities Exchange Act of 1934
Healthcare
- FISMA - Federal Information Security Management Act
- GDPR - General Data Protection Regulation
- HIPAA - Health Insurance Portability and Accountability Act
- HITECH - Health Information Technology for Economic and Clinical Health Act
- HITRUST CSF - Health Information Trust Alliance Common Security Framework
- MDDS - Medical Device Data Systems regulations
- MDSAP - Medical Device Single Audit Program
- NIST - National Institute of Standards and Technology guidelines
- OCR - Office for Civil Rights regulations
- PHI - Protected Health Information
- PTI - Prescription Tracking Initiative regulations
- SAMHSA - Substance Abuse and Mental Health Services Administration guidelines
- UDI - Unique Device Identification system
- Veeva - Veeva Vault compliance standards
Public Sector
- CJIS - Criminal Justice Information Services security policy
- CUI - Controlled Unclassified Information regulations
- DHS - Department of Homeland Security regulations
- FISMA - Federal Information Security Management Act
- FedRAMP - Federal Risk and Authorization Management Program
- FIPS - Federal Information Processing Standards
- FISSEA - Federal Information Systems Security Educators' Association guidelines
- ITAR - International Traffic in Arms Regulations
- NIST - National Institute of Standards and Technology guidelines
- OMB - Office of Management and Budget directives
- PDD - Presidential Decision Directive
- RMF - Risk Management Framework
- TSA - Transportation Security Administration regulations
- USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
- VA - Department of Veterans Affairs regulations
Technology
- CCPA - California Consumer Privacy Act
- COPPA - Children's Online Privacy Protection Act
- CPRA - California Privacy Rights Act
- DMCA - Digital Millennium Copyright Act
- ECPA - Electronic Communications Privacy Act
- FISMA - Federal Information Security Management Act
- GDPR - General Data Protection Regulation
- HIPAA - Health Insurance Portability and Accountability Act
- PCI DSS - Payment Card Industry Data Security Standard
- SOC 2 - Service Organization Control 2
- TCPA - Telephone Consumer Protection Act
- TISAX - Trusted Information Security Assessment Exchange
- TSCP - Trusted Software Control Program
- EFTA - Electronic Fund Transfer Act
- FERPA - Family Educational Rights and Privacy Act
Other
- CIS Controls - Center for Internet Security Controls
- COBIT - Control Objectives for Information and Related Technologies
- CSA CCM - Cloud Security Alliance Cloud Controls Matrix
- CSF - Cybersecurity Framework
- CMMC - Cybersecurity Maturity Model Certification
- ISO/IEC 27001 - International Organization for Standardization/International Electrotechnical Commission
- NIST SP 800-53 - National Institute of Standards and Technology Special Publication 800-53
- OWASP ASVS - Open Web Application Security Project Application Security Verification Standard
- PCIDSS - Payment Card Industry Data Security Standard
- PRISM - Profiles for Risk and Security Management
- SOC 1 - Service Organization Control 1
- SOC 2 - Service Organization Control 2
- SOC 3 - Service Organization Control 3
- SSAE 18 - Statement on Standards for Attestation Engagements No. 18
- Zero Trust Architecture
Customers are solely responsible for identifying, unders