CyberGRX

Overview

AWS has completed CyberGRX assessment which has been independently validated by CyberGRX partners, Deloitte and KPMG. Customers can leverage AWS’ CyberGRX report to reduce their supplier due-diligence burden. CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to AWS’ assessment each year. CyberGRX assessment provide advanced capabilities by integrating AWS’ responses with analytics, threat intelligence, and sophisticated risk models, based on known breach kill chains, to provide an in-depth view of AWS’s security posture.

Customers can use CyberGRX’s Framework Mapper feature which will allow them to map AWS’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.

Please fill out the form to access AWS’s complimentary CyberGRX assessment report.

• How can I access AWS’s CyberGRX report?

  Please fill out the form to request access to AWS’s complimentary CyberGRX assessment report. Once your request has been approved, you will receive an email invitation with further instructions on how to access the report.
  

• What outputs will AWS customers receive from CyberGRX?

  Customers will receive full access to AWS’ CyberGRX Vendor Profile.

  Customers will have access to AWS’ CyberGRX Tier 2 Remote validated assessment. This features five control domains (Strategic, Operations, Core, Management, and Privacy), that include controls and sub-controls based on the following frameworks: FFIEC, ISO 27001, NIST 800-53, NIST 800- 171, NY-DFS, PCI DSS, SOC2.

  Customers can use CyberGRX’s Framework Mapper feature which will allow them to map AWS’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.
  

• How does CyberGRX validate AWS’ controls?

  CyberGRX partners with Deloitte and KPMG to perform evidence validation. CyberGRX validated assessments feature two phases: the self-assessment phase and the validation phase. AWS provided demonstrated evidence for 50 sub controls including all strength, coverage, and timeliness assertions through a detailed assessment spanning 150 questions. Customers can view the sub controls that were fully validated on AWS’ vendor profile page. AWS updates their validated CyberGRX assessment annually.
  

• How often is AWS’ CyberGRX assessment updated?

  AWS’ CyberGRX assessment and evidence validation are updated annually. Once the assessment is updated, all AWS customers with access to AWS CyberGRX report will receive an email notification from the CyberGRX platform that AWS has updated their assessment.