Category: Compliance

On May 21, AWS launched encryption for EBS volumes, a frequently requested feature, which can help you meet stricter security and encryption compliance requirements. You can now create an encrypted EBS volume and attach it to an EC2 instance. Data on the volume, disk I/O, and snapshots created from the volume are all encrypted. The […]

AWS is excited to announce that Amazon Redshift has successfully completed the FedRAMP assessment and authorization process and has been added to our list of services covered under our US East/West FedRAMP Agency Authority to Operate (ATO) granted by the U.S. Department of Health and Human Services (HHS). This is the first new service we’ve […]

I’m very excited to share that AWS has received a DISA Provisional Authorization under the DoD Cloud Security Model’s impact levels 1-2 for all four of AWS’s Infrastructure Regions in the U.S., including AWS GovCloud (US). With this distinction, AWS has shown it can meet the DoD’s stringent security and compliance requirements; and as a […]

The newly released Security at Scale: Logging in AWS whitepaper is designed to illustrate how AWS CloudTrail can help you meet compliance and security requirements through the logging of API calls. The API call history can be used to track changes to resources, perform security analysis, operational troubleshooting and as an aid in meeting compliance […]

Auditing by using logs is an important capability of any cloud platform.  There are several third party solution providers that provide auditing and analysis using AWS logs.  Last November AWS announced its own logging and analysis service, called AWS CloudTrail.  While logging is important, understanding how to interpret logs and alerts is crucial.  In this blog […]

September 3, 2021: This blog post was updated to clarify that the S3 bucket name DOC-EXAMPLE-BUCKET is a placeholder name that readers should replace with their own S3 bucket name. An important objective of analyzing OS-generated data is to detect, correlate, and report on potential security events. Several partner solutions available in AWS Marketplace provide this functionality, […]

November 3, 2020: This blog is out of date. Please refer to this post for updated info: Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar […]

We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help […]

July 15, 2020: The whitepaper Operational Checklists for AWS that’s described in this post has been replaced by a Cloud Audit Academy course. August 28, 2019: The whitepaper Operational Checklists for AWS that’s described in this post has been deprecated due to outdated content. View our current compliance resources here: https://aws.amazon.com/compliance/resources/ View our current security […]

I’m very excited to share that AWS is now a FedRAMP-compliant cloud service provider. See the Amazon press release. This is game-changing news for our U.S. government customers and systems integrators and other companies that provide products and services to the U.S. government because: It provides agencies a standardized approach to security assessment, authorization, and […]