Skip to content


General Resources

Link Notes
Compliance Center Central location to research cloud-related regulatory requirements and how they impact your industry
AWS Compliance Programs All certifications and compliance programs that AWS supports
Cloud Audit Academy
  • Training program for auditing AWS Cloud implementations, designed for auditors, regulators, or anyone working within a control framework
  • You can find a summary in the Audit Considerations page
How Banks Can Use AWS to Meet Compliance Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives


Link Notes
Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected Use the NIST CSF as a framework to establish your security objectives, assess your organization's current capabilities, and develop a plan to improve and maintain your desired security posture
How to use tokenization to improve data security and reduce audit scope Post providing guidance to determine your requirements for tokenization, with an emphasis on the compliance lens
Meeting the FedRAMP FIPS 140–2 requirement on AWS Some ideas for implementing encryption that uses FIPS modules on AWS
Transforming transactions: Streamlining PCI compliance using AWS serverless architecture Post examining the benefits of using AWS serverless services and highlighting how you can use them to help align with your PCI DSS compliance responsibilities

AWS Whitepapers

Link Notes
Logical Separation on AWS Whitepaper: Moving Beyond Physical Isolation in the Era of Cloud Computing Approach to build logical security mechanisms that meet and exceed the security results of physical separation and other on-premises security approaches
PCI DSS v4.0 on AWS Compliance Guide Overview of concepts and principles for building PCI DSS compliant applications
Accreditation Models for Secure Cloud Adoption Best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing
Data Residency: AWS Policy Perspectives How to meet security requirements, regardless of where data is stored