Compliance
General Resources¶
| Link | Notes |
|---|---|
| AWS Compliance Programs | All certifications and compliance programs that AWS supports |
| Cloud Audit Academy |
|
| How Banks Can Use AWS to Meet Compliance | Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives |
Articles¶
| Link | Notes |
|---|---|
| Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected | Use the NIST CSF as a framework to establish your security objectives, assess your organization's current capabilities, and develop a plan to improve and maintain your desired security posture |
| How to use tokenization to improve data security and reduce audit scope | Post providing guidance to determine your requirements for tokenization, with an emphasis on the compliance lens |
| Meeting the FedRAMP FIPS 140–2 requirement on AWS | Some ideas for implementing encryption that uses FIPS modules on AWS |
AWS Whitepapers¶
| Link | Notes |
|---|---|
| AWS Risk And Compliance Whitepaper | Outlines the mechanisms that AWS has implemented to manage risk on the AWS side of the Shared Responsibility Model |
| Accreditation Models for Secure Cloud Adoption | Best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing |
| Logical Separation on AWS Whitepaper: Moving Beyond Physical Isolation in the Era of Cloud Computing | Approach to build logical security mechanisms that meet and exceed the security results of physical separation and other on-premises security approaches |
| Data Residency: AWS Policy Perspectives | How to meet security requirements, regardless of where data is stored |
| NIST Cybersecurity Framework in the AWS cloud | Evaluates NIST CSF and the many AWS Cloud offerings public and commercial sector customers can use to align to NIST CSF |
| Architecting for HIPAA Security and Compliance on Amazon Web Services | Outlines how customers can AWS to run sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA) |
PCI DSS¶
| Link | Notes |
|---|---|
| PCI DSS v4.0 on AWS Compliance Guide | Overview of concepts and principles for building PCI DSS compliant applications |
| Transforming transactions: Streamlining PCI compliance using AWS serverless architecture | Post examining the benefits of using AWS serverless services and highlighting how you can use them to help align with your PCI DSS compliance responsibilities |
| Architecting for PCI DSS Scoping and Segmentation on AWS | Identify and Minimize Your PCI DSS Scope Using Appropriate Segmentation Controls |
| Architecting SWIFT Connectivity on AWS | Architecture principles for a migration approach from a Full Stack on-premises SWIFT infrastructure to AWS |
| AWS PCI 3DS Whitepaper | AWS engaged Coalfire to conduct an assessment of their PCI 3-D Secure (3DS) environment (3DE) |