Overview
The Baseline Informatiebeveiliging Overheid (BIO) Framework is an information security framework that the four layers of the Dutch Public Sector are required to adhere to. This means that it’s mandatory for the Dutch central government, all provinces, municipalities, and regional water authorities (in Dutch: waterschappen) to be compliant with the BIO framework.
The BIO Framework should not be confused with the BIO Thema-uitwerking Clouddiensten. Even though both frameworks have BIO in the title, they are fundamentally different from each other. While the BIO Framework is mandatory for the Dutch Public Sector, the BIO Thema-uitwerking Clouddiensten is voluntary for Cloud Service Providers. Furthermore, the BIO Framework is a comprehensive framework that consists of more controls than the BIO Thema-uitwerking Clouddiensten.
To support AWS customers in demonstrating their compliance with the BIO Framework, AWS developed a Landing Zone for the BIO framework (BIO Landing Zone). The BIO Landing Zone is a pre-configured AWS environment that meets a subset of the technical requirements of the BIO Framework. It’s a helpful tool that provides a starting point from which customers can further build their own AWS environment. Customers can implement the BIO Landing Zone by themselves or collaborate with an AWS Partner to meet the needs of its own organization.
To demonstrate compliance with the BIO Thema-uitwerking Clouddiensten, AWS conducted a self-assessment and requested an independent audit firm (EY CertifyPoint) to review this self-assessment. In its annual review in March 2024, it was determined that AWS successfully demonstrated compliance for the AWS services in scope. The renewed Certificate of Compliance illustrating the compliance status of AWS and the assessment summary report from EY CertifyPoint are available on AWS Artifact. The certificate is available in Dutch and English.
The table below outlines the main differences between the BIO Framework and the BIO Thema-uitwerking Clouddiensten:
BIO Framework vs. BIO Thema-uitwerking Clouddiensten
|
BIO Framework
|
BIO Thema-uitwerking Clouddiensten
|
|---|---|
|
Mandatory for BIO compliance
|
Voluntary and additional to BIO Framework |
|
Aimed at Dutch Public Sector
|
Aimed at Cloud Service Provider |
|
200+ controls
|
34 controls |
|
AWS: Landing Zone
|
AWS: Self-assessment + independent review + certificate |
The AWS BIO Landing Zone
This webpage focuses on the BIO Framework and the technical solution that AWS built to support customers in demonstrating their compliance with the BIO Framework: the AWS BIO Landing Zone. The AWS BIO Landing Zone will not, by itself, automatically make a customer BIO-compliant. It provides foundational infrastructure from which additional complementary solutions should be integrated. In practice, this means that on top of the AWS BIO Landing Zone the customer needs to address certain, other requirements in the BIO Framework.
For example, customers should consider the following situations:
- Some requirements in the BIO Framework require the customer to draft and/or implement information security related policies in its own organization. These requirements fall under the responsibility of the customer.
- Some requirements in the BIO Framework need to be implemented on the workload level and cannot be addressed on the Landing Zone level.
- Some requirements in the BIO Framework require the customer to configure settings in the Landing Zone to tailor them to its own unique organization and IT-architecture. Since every customer situation and business needs are different, specific architectural choices need to be made by the customer.
The AWS BIO Landing Zone is built using the Landing Zone Accelerator on AWS (LZA). The LZA is an AWS service that deploys cloud environments using a Cloud Development Kit (CDK) with reasonable constructs. Since the LZA is a fully open source solution, customers can also see how constructs are built and understand best practices to either extend the AWS BIO Landing Zone or even create their own solutions.
The LZA offers regional configurations and industry configurations. The AWS BIO Landing Zone is an example of a regional configuration, as it aims to address a country-specific compliance framework. The AWS BIO Landing Zone is built with input from customers during the pilot phase. Customer feedback is invaluable in the entire process. Therefore, we welcome your feedback on the AWS BIO Landing Zone. To provide feedback or obtain more information about the AWS BIO Landing Zone, reach out to your local AWS contact or via the Contact Us button below.
Updated: 10 October 2024
FAQs
Refer to the list of resources on the right side of this page. The Digital Flyer is a short document that provides a general overview of the AWS BIO Landing Zone, including a specific practical example.
The AWS Reference Guide is a longer document that goes into more detail about the BIO, BIO Thema-uitwerking Clouddiensten, the BIO Landing Zone and the Landing Zone Accelerator on AWS. The AWS Reference Guide is free to download for all AWS customers via the AWS Artifact portal. Navigate to this portal via the AWS Management Console. Please note that the AWS Reference Guide should be opened with an appropriate PDF reader. The appendices containing the certificates and the AWS Reference Guide itself can be accessed via the ‘paperclip’ icon in the PDF reader.
In the list of resources, you can also find a recording of a previous held webinar about the AWS BIO Landing Zone. Of course, you can also reach out to AWS with your questions via the Contact Us button below.