Category: Compliance

Global leaders are convening in Germany this week at the annual Munich Security Conference (MSC) to discuss key foreign policy and security challenges. Amid these discussions, one thing is clear: global leadership increasingly hinges on technological progress. In particular, the rapid progress of artificial intelligence (AI) presents an extraordinary opportunity for transformative innovation. For the U.S. government, this moment marks a crucial inflection point: embrace bold modernization of digital infrastructure and AI investment or risk being outpaced by global competitors.

Data Review & Transfer Component (DRTC) on Amazon Web Services (AWS) provides a seamless solution to review, approve, and automate sensitive data transfer requests into and out of secure enclaves. In this post, we take you through the benefits of using DRTC to review data and other research artifacts for sensitivity prior to transfer into and out of these secure environments, in particular Trusted Research Environments (TREs).

National security and defense depend upon close collaboration between international allies. To protect sensitive data and promote robust cybersecurity frameworks, organizations must consider one another’s compliance requirements. One such requirement is the United States International Traffic in Arms Regulations (ITAR), which restricts and controls the export of defense and military-related technologies in order to safeguard US national security. Here, we set out how an innovation called Trusted Secure Enclaves (TSE) on Amazon Web Services (AWS) allows non-US national organizations who want to use the most modern and innovative technology to deliver defense and security missions using the cloud can do this and be compliant.

EDUCAUSE and the Shared Assessments working group collaborated with Internet2 and REN-ISAC, to create the Higher Education Community Vendor Assessment Toolkit (HECVAT). EDUCAUSE is a non-profit association committed to advancing the use of technology and data in higher education. The HECVAT is a third-party, vendor questionnaire framework designed for higher education institutions to evaluate the security and privacy posture of cloud and technology providers. It is intended to centralize vendor security and compliance information for ease of use. Amazon Web Services (AWS) now offers both the HECVAT Lite version and Full version to customers on-demand.

In this post, we explore how generative artificial intelligence (AI), powered by services such as Amazon Bedrock and Amazon SageMaker, can be harnessed to meet the unique challenges of AWS GovCloud (US). We highlight use cases that demonstrate the potential of generative AI to enhance efficiency, automate workflows, and extract insights—all within a secure, compliant framework.

The National Institutes of Health (NIH) has long maintained guidelines governing the responsible management of controlled access human genomic and phenotypic data maintained in NIH-designated data repositories. Recently, the NIH updated these guidelines to align with the NIST SP 800-171 security standard, which defines a comprehensive framework for securing Controlled Unclassified Information (CUI). In this blog post, we will explore the specifics of the updated NIH guidance and outline how Amazon Web Services (AWS) can help customers build a compliant environment to meet these requirements.

CMMC compliance will soon be a must-have for federal contractors, so they need to plan now for how to achieve it. The path towards compliance differs according to the level needed and the assessments involved. Fortunately, there is no shortage of resources available to help—including from Amazon Web Services (AWS) and its partners.

The use of consumer-grade messaging applications poses significant security and sovereignty risks for Australian Government agencies, making it difficult to meet governmental information management obligations. Official guidance from the National Archives of Australia (NAA) unambiguously states that “instant messaging posts … created or received as part of Australian Government business are Commonwealth records.” Amazon Web Services (AWS) Wickr is an end-to-end encrypted messaging and collaboration service that provides the advanced security, administrative controls, and data retention capabilities government agencies need to protect sensitive information and meet legislative requirements. Read this post to learn more.

The Amazon Web Services (AWS) commitment to safe, transparent, and responsible artificial intelligence (AI)—including generative AI—is reflected in our endorsement of the White House Voluntary AI Commitments, our participation in the UK AI Safety Summit, and our dedication to providing customers with features that address specific challenges in this space. In this post, we explore how AWS can help agencies address the governance requirements outlined in the Office of Management and Budget (OMB) memo M-2410 as public sector entities look to build internal capacity for AI.

K12 leaders need tangible solutions and tactics for improving their school’s or district’s cyber-resilience in the coming school year, and Amazon Web Services (AWS) is committed to supporting schools and districts as they enhance the cybersecurity of their networks. Recently, AWS joined the White House, the Department of Homeland Security, and the Department of Education—among other leaders in the government and education community—to commit to improving the cybersecurity resilience of K12 education. As part of this commitment, AWS created the K12 Cyber Grant Program, offering up to $20 million in AWS Promotional Credits to both new and existing K12 customers.