Compliance
General Resources¶
| Link | Notes |
|---|---|
| Compliance Center | Central location to research cloud-related regulatory requirements and how they impact your industry |
| AWS Compliance Programs | All certifications and compliance programs that AWS supports |
| Cloud Audit Academy |
|
| How Banks Can Use AWS to Meet Compliance | Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives |
Articles¶
| Link | Notes |
|---|---|
| Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected | Use the NIST CSF as a framework to establish your security objectives, assess your organization's current capabilities, and develop a plan to improve and maintain your desired security posture |
| How to use tokenization to improve data security and reduce audit scope | Post providing guidance to determine your requirements for tokenization, with an emphasis on the compliance lens |
| Meeting the FedRAMP FIPS 140–2 requirement on AWS | Some ideas for implementing encryption that uses FIPS modules on AWS |
| Transforming transactions: Streamlining PCI compliance using AWS serverless architecture | Post examining the benefits of using AWS serverless services and highlighting how you can use them to help align with your PCI DSS compliance responsibilities |
AWS Whitepapers¶
| Link | Notes |
|---|---|
| Logical Separation on AWS Whitepaper: Moving Beyond Physical Isolation in the Era of Cloud Computing | Approach to build logical security mechanisms that meet and exceed the security results of physical separation and other on-premises security approaches |
| PCI DSS v4.0 on AWS Compliance Guide | Overview of concepts and principles for building PCI DSS compliant applications |
| Accreditation Models for Secure Cloud Adoption | Best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing |
| Data Residency: AWS Policy Perspectives | How to meet security requirements, regardless of where data is stored |