Category: Security

The recent Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy update contains important cloud computing language that aligns with the AWS approach to building CJIS compliant solutions. Learn more about the CJIS Security Policy changes and how AWS supports these new policies.

In September 2022, the State of Arizona Department of Homeland Security (AZDOHS) launched a new program to bolster the cybersecurity of Arizona’s most vulnerable cities, counties, and K12 school districts. The Arizona Statewide Cyber Readiness Grant Program enables local entities to reduce their cyberattack surface by accessing technical assistance and software licenses across five functional areas. The Cyber Grant Task Force selected two software providers from the AWS Marketplace hosted on Amazon Web Services (AWS), Tanium and CrowdStrike to assist cities, counties, and schools with improving their cybersecurity posture.

State and local government organizations are experiencing an increase in cyber incidents that impact and disrupt citizen services. In 2021, US President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA), which created the State and Local Cybersecurity Grant Program (SLCGP) to provide funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. This blog post guides you through some resources and approaches to consider as organizations strive to meet the SLCGP funding requirements.

Public sector organizations around the world share a common concern: how can they make sure their digital transformation maintains data security? The question comes up often when I meet with government leaders around the world in my role as a government transformation digital advisor at AWS. During my time in the UK Government’s Digital Service (GDS), and now in my work with government leaders, I’ve learned important lessons about transforming services securely in the cloud. Read on for some key takeaways.

Cybersecurity analytics is a systematic methodology designed to collect, ingest, process, aggregate, and analyze security events. This methodology empowers organizations to proactively perform security investigations, powered by advanced analytics and machine learning (ML), which help mitigate cyber issues more effectively and efficiently at scale. Learn about the core components of a cybersecurity analytics framework and how organizations can use AWS to design a cybersecurity analytics platform with analytics and ML services.

At Amazon, we believe cybersecurity skills training and workforce development are essential to addressing cybersecurity challenges. Leading into Cybersecurity Awareness Month, Amazon hosted Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), for a roundtable with leaders across higher education, state and local government, and private industry to discuss ways to develop the cybersecurity workforce through skills training, partnerships between government and industry, and creating pathways to cybersecurity careers. Learn more about how Amazon supports cybersecurity training.

In this blog post, we explain how government agencies can accelerate their development workflows while maintaining strict application and operational security using the principles of continuous integration and continuous delivery (CI/CD) and DevSecOps. We provide a solution to walk you through how you can quickly set up your own DevSecOps pipeline that incorporates AWS and third-party security tools to give you a fast, flexible, and secure software delivery process.

State and local government (SLG) organizations need to reflect and refocus on cyber hygiene and continuous improvement of their security posture. Here are some best practices for SLG chief information security officers (CISOs) and IT professionals to consider in their cloud journey.

AWS Top Secret-West is accredited to operate workloads at the Top Secret U.S. security classification level. The new Region adds multiple Availability Zones geographically separated from AWS Top Secret-East. With two Top Secret Regions, customers in the U.S. defense, intelligence, and national security communities can deploy multi-Region architectures to achieve the highest levels of resiliency and availability essential to their most critical national security missions.

The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.