AWS Public Sector Blog
Accelerate CMMC compliance with the AWS CMMC Customer Responsibility Matrix
Amazon Web Services (AWS) is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS. The CMMC CRM identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).
The CRM provides customers with narrative descriptions that can be used across their CMMC security documentation, like the systems security plan (SSP), and directs them to AWS sources for practice inheritance evidence. The U.S. Department of Defense (DoD) CMMC Assessment Guide v1.02 defines the conditions for practice inheritance as:
“A contractor can inherit practice or process objectives. A practice or process objective that is inherited is met because adequate evidence is provided that the enterprise or another entity, such as an External Service Provider (ESP), performs the practice or process objective. Evidence from the enterprise or the entity from which the objectives are inherited should show they are applicable to in-scope assets and that the assessment objectives are met.”
The AWS CMMC CRM provides a single source document utilized across the customer CMMC compliance journey to help:
- Reduce the time and effort to understand the benefits of the AWS Cloud to address the scope of your CMMC strategy;
- Understand how to leverage AWS CMMC solutions as you plan, architect, and implement your CMMC environment; and,
- Reduce the time to populate the CMMC SSP narrative and gather evidence and supporting artifacts to demonstrate compliance with CMMC practices.
The AWS CMMC CRM is included in the AWS CMMC Customer Package, which is available for customer download using AWS Artifact in the AWS Standard and AWS GovCloud (US) regions.
Visit the CMMC page for more resources or help with CMMC, or contact us at cmmconaws@amazon.com.
Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.
The AWS Public Sector Blog needs your help. Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.