Skip to content

Compliance

General Resources

Link Notes
AWS Compliance Programs All certifications and compliance programs that AWS supports
Cloud Audit Academy
  • Training program for auditing AWS Cloud implementations, designed for auditors, regulators, or anyone working within a control framework
  • You can find a summary in the Audit Considerations page
How Banks Can Use AWS to Meet Compliance Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives

Articles

Link Notes
Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected Use the NIST CSF as a framework to establish your security objectives, assess your organization's current capabilities, and develop a plan to improve and maintain your desired security posture
How to use tokenization to improve data security and reduce audit scope Post providing guidance to determine your requirements for tokenization, with an emphasis on the compliance lens
Meeting the FedRAMP FIPS 140–2 requirement on AWS Some ideas for implementing encryption that uses FIPS modules on AWS

AWS Whitepapers

Link Notes
AWS Risk And Compliance Whitepaper Outlines the mechanisms that AWS has implemented to manage risk on the AWS side of the Shared Responsibility Model
Accreditation Models for Secure Cloud Adoption Best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing
Logical Separation on AWS Whitepaper: Moving Beyond Physical Isolation in the Era of Cloud Computing Approach to build logical security mechanisms that meet and exceed the security results of physical separation and other on-premises security approaches
Data Residency: AWS Policy Perspectives How to meet security requirements, regardless of where data is stored
NIST Cybersecurity Framework in the AWS cloud Evaluates NIST CSF and the many AWS Cloud offerings public and commercial sector customers can use to align to NIST CSF
Architecting for HIPAA Security and Compliance on Amazon Web Services Outlines how customers can AWS to run sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA)

PCI DSS

Link Notes
PCI DSS v4.0 on AWS Compliance Guide Overview of concepts and principles for building PCI DSS compliant applications
Transforming transactions: Streamlining PCI compliance using AWS serverless architecture Post examining the benefits of using AWS serverless services and highlighting how you can use them to help align with your PCI DSS compliance responsibilities
Architecting for PCI DSS Scoping and Segmentation on AWS Identify and Minimize Your PCI DSS Scope Using Appropriate Segmentation Controls
Architecting SWIFT Connectivity on AWS Architecture principles for a migration approach from a Full Stack on-premises SWIFT infrastructure to AWS
AWS PCI 3DS Whitepaper AWS engaged Coalfire to conduct an assessment of their PCI 3-D Secure (3DS) environment (3DE)