AWS Public Sector Blog

Category: Compliance

StateRAMP on AWS

StateRAMP on AWS

What do AWS public sector customers need to know about the State Risk and Authorization Management Program (StateRAMP) and how can you use AWS to help meeting StateRAMP requirements? In this blog post, learn a quick recap on what StateRAMP is and how it differs from the similar Federal Risk and Authorization Management Program (FedRAMP). 

Support FedRAMP and CMMC compliance with the Landing Zone Accelerator on AWS

Support FedRAMP and CMMC compliance with the Landing Zone Accelerator on AWS

Some US federal agencies and those who collaborate with them must support an automated, secure, and scalable multi-account cloud environment that meets Federal Risk and Authorization Management Program (FedRAMP) and Cybersecurity Maturity Model Certification (CMMC) standards. To support these needs, AWS customers and partners can deploy the Landing Zone Accelerator (LZA) on AWS. Recently, AWS worked with Coalfire, a FedRAMP-approved third-party assessment organization (3PAO) and AWS Partner, to assess and verify the LZA solution.

Amazon Connect achieves FedRAMP High authorization

AWS announced that Amazon Connect, its omnichannel cloud contact center service, has achieved FedRAMP Authorized status at the High Impact Level. FedRAMP is a US government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment, and continuous monitoring for cloud technologies and federal agencies. In this blog post, learn how to deploy a secure Amazon Connect contact center with conversational AI features to route callers and chatters to the agents best able to assist them.

Navigating ISM and Essential Eight compliance with AWS Config for Australian government agencies

To help our Australian customers, AWS provides pre-built conformance packs for the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model and the ACSC Information Security Manual (ISM). The ACSC’s Essential Eight was first published in 2017 and is a set of prioritised security mitigation strategies designed to help protect organisations against various security threats. In this blog post, I walk you through how to set up a conformance pack in AWS Config that is designed to help you implement and track the ASCS Essential Eight model.

Canadian Centre for Cyber Security adds additional AWS services to its assessment of the AWS Canada (Central) Region

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

AWS Global Security and Compliance Acceleration initiative now supporting UK customers

Since its launch in June of 2019, the Authority to Operate on AWS (ATO on AWS) program has supported more than 300 US-based customers to meet their regulatory, security, and compliance requirements on AWS. To extend that support globally, Amazon Web Services (AWS) launched the Global Security and Compliance Acceleration (GSCA) initiative. The GSCA is now available to support customers in the United Kingdom (UK) and the European Union (EU).

aerial view of hands on laptop with illustrations of compliance

Supporting customers in the context of DiGAV compliance

A growing number of healthcare providers, payers, and IT professionals are using AWS’s secure, flexible, and scalable utility-based cloud services to process and store data including personal data. AWS provides a number of industry-leading tools to support customers address local regulatory and legislative requirements, including the German Digital Supply Act (DVG) and associated Digital Health Applications Ordinance (DiGAV), as they move healthcare workloads to the cloud.

Wickr, an AWS company, offers a secure and compliant solution to protect organizational communications

To offer security conscious enterprises and government agencies the ability to implement important governance and security controls, AWS acquired Wickr in June of 2021. Wickr helps organizations protect their collaboration with a secure and compliant solution. Built with a security-first mindset, Wickr delivers advanced security features not available with traditional communications services.

Accelerate CMMC compliance with the AWS CMMC Customer Responsibility Matrix

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

Elevating cloud security to address regulatory requirements for security and disaster recovery

Learn how you can build a foundation of security objectives practices, including a business continuity and disaster recovery plan, that can be adapted to meet a dynamic policy environment and support the missions of national computer security incident response teams (CSIRT), operators of essential services (OES), digital service providers (DSP), and other identified sector organizations.