AWS Security Assurance Services

Streamline your path to compliance with AWS guidance

AWS audit and compliance engineering services across your cloud journey

Experienced auditors combined with AWS technical depth

Work with AWS consultants, supported by AWS's technical resources, to help your compliance challenges. AWS services and automation can assist you in managing compliance tasks, providing valuable support throughout the process.
Utilizing AWS services for automation can help reduce expenses on compliance-related tasks, enabling businesses to streamline processes and allocate resources more efficiently.
Partnering with AWS audit advisors speeds up certification timelines, transforming compliance into a business enabler that fuels innovation and reduces time to market.
Engage AWS consultants to receive guidance and support as you build and maintain compliance frameworks within your DevSecOps practices. This collaboration helps you establish robust compliance standards from the beginning of your projects, integrating compliance considerations into your development process.
Benefit from compliance playbooks designed specifically for your business needs. These customized resources not only guide your compliance efforts but also serve as effective communication tools, providing clear evidence of your proactive compliance measures to auditors and regulatory bodies.

Cybersecurity compliance solutions

Financial Services

Manage your financial data with AWS and receive support for compliance with industry standards

Leverage AWS consultants’ knowledge of frameworks, guidelines, and requirements such as FFIEC, NYDFS, GLBA, and PCI DSS to support your data protection and compliance efforts.

Bolster security and privacy, not just compliance

Support your security and privacy posture with AWS’s guidance while navigating cloud compliance tailored to financial regulations. Increase visibility into security governance and use audit playbooks as effective communication tools with regulators and external audit teams in the financial services sector.

Financial Services

Healthcare & Life Sciences

Healthcare data on AWS and compliance

Protect healthcare data and support your compliance objectives with AWS services. AWS advisors are knowledgeable about cloud-related requirements stemming from regulations and laws like HIPAA and GDPR, as well as standards and best practices such as HITRUST and GxP.

Advancing healthcare security and compliance with automated solutions

Strengthen healthcare-related security and privacy standards within the cloud by leveraging AWS tools and guidance.

Healthcare

Public Sector

Safeguard government systems and data with AWS compliance expertise

Partner with AWS compliance advisors on Public Sector infrastructure and data integrity on AWS covering frameworks like CMMC, NIST, FedRAMP, FISMA, and CJIS.

Supporting Public Sector security and compliance initiatives

Enhance your security and compliance efforts within the Public Sector with AWS's tailored solutions. Streamline select compliance tasks aligned with public sector regulations, and increase transparency in security governance. Leverage custom audit resources for effective communication with regulators and external audit teams, aiding in the audit and reporting processes.

test

Preparing for your compliance audit with AWS support

In this interview with Jessie Skibbe, a privacy and security assurance leader at AWS, we’re diving into the odds and ends of security compliance. Watch this conversation to learn more about what it takes to pass an audit.

Industry regulations

View some of the supported regulations, laws, frameworks, and standards.

Financial Services

  • Basel III, BSA - Bank Secrecy Act
  • CFPB - Consumer Financial Protection Bureau regulations 
  • CFTC - Commodity Futures Trading Commission regulations
  • Dodd-Frank Act - Dodd-Frank Wall Street Reform and Consumer Protection Act
  • DORA - Digital Operations Resilience Act
  • FCRA - Fair Credit Reporting Act
  • FFIEC - Federal Financial Institutions Examination Council guidelines
  • FINRA - Financial Industry Regulatory Authority rules
  • FISMA - Federal Information Security Management Act
  • GLBA - Gramm-Leach-Bliley Act
  • PCI DSS - Payment Card Industry Data Security Standard
  • SEC - Securities and Exchange Commission regulations, Securities Act of 1933, Securities Exchange Act of 1934
photo of financial transaction

Healthcare

  • FISMA - Federal Information Security Management Act 
  • GDPR - General Data Protection Regulation
  • HIPAA - Health Insurance Portability and Accountability Act
  • HITECH - Health Information Technology for Economic and Clinical Health Act
  • HITRUST CSF - Health Information Trust Alliance Common Security Framework
  • MDDS - Medical Device Data Systems regulations
  • MDSAP - Medical Device Single Audit Program
  • NIST - National Institute of Standards and Technology guidelines
  • OCR - Office for Civil Rights regulations
  • PHI - Protected Health Information
  • PTI - Prescription Tracking Initiative regulations
  • SAMHSA - Substance Abuse and Mental Health Services Administration guidelines
  • UDI - Unique Device Identification system
  • Veeva - Veeva Vault compliance standards
science-related still life

Public Sector

  • CJIS - Criminal Justice Information Services security policy
  • CUI - Controlled Unclassified Information regulations
  • DHS - Department of Homeland Security regulations
  • FISMA - Federal Information Security Management Act
  • FedRAMP - Federal Risk and Authorization Management Program
  • FIPS - Federal Information Processing Standards
  • FISSEA - Federal Information Systems Security Educators' Association guidelines
  • ITAR - International Traffic in Arms Regulations
  • NIST - National Institute of Standards and Technology guidelines
  • OMB - Office of Management and Budget directives
  • PDD - Presidential Decision Directive
  • RMF - Risk Management Framework
  • TSA - Transportation Security Administration regulations
  • USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
  • VA - Department of Veterans Affairs regulations
photo of woman working on computer

Technology

  • CCPA - California Consumer Privacy Act
  • COPPA - Children's Online Privacy Protection Act
  • CPRA - California Privacy Rights Act
  • DMCA - Digital Millennium Copyright Act
  • ECPA - Electronic Communications Privacy Act
  • FISMA - Federal Information Security Management Act
  • GDPR - General Data Protection Regulation
  • HIPAA - Health Insurance Portability and Accountability Act
  • PCI DSS - Payment Card Industry Data Security Standard
  • SOC 2 - Service Organization Control 2
  • TCPA - Telephone Consumer Protection Act
  • TISAX - Trusted Information Security Assessment Exchange
  • TSCP - Trusted Software Control Program
  • EFTA - Electronic Fund Transfer Act
  • FERPA - Family Educational Rights and Privacy Act
photo of technology

Other

  • CIS Controls - Center for Internet Security Controls
  • COBIT - Control Objectives for Information and Related Technologies
  • CSA CCM - Cloud Security Alliance Cloud Controls Matrix
  • CSF - Cybersecurity Framework
  • CMMC - Cybersecurity Maturity Model Certification
  • ISO/IEC 27001 - International Organization for Standardization/International Electrotechnical Commission
  • NIST SP 800-53 - National Institute of Standards and Technology Special Publication 800-53
  • OWASP ASVS - Open Web Application Security Project Application Security Verification Standard
  • PCIDSS - Payment Card Industry Data Security Standard
  • PRISM - Profiles for Risk and Security Management
  • SOC 1 - Service Organization Control 1
  • SOC 2 - Service Organization Control 2
  • SOC 3 - Service Organization Control 3
  • SSAE 18 - Statement on Standards for Attestation Engagements No. 18
  • Zero Trust Architecture
Photo of lawyer or judge

Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.

Customer success stories

Browse customer testimonials to help you discover how AWS can help you in your compliance journey.