AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016
-
Upload
amazon-web-services -
Category
Technology
-
view
460 -
download
1
Transcript of AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016
![Page 1: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris Gile, Senior Manager, AWS Security Assurance
June 20, 2016
AWS GovCloud (US) for Highly Regulated Workloads
![Page 2: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/2.jpg)
Security assurance programs overview
AWS GovCloud (US)
FedRAMP-Mod SRG Level 4
FIPS 140-2US Persons
ITAR/Export Controlled
NIST 800-171DISA SRG L2/4
CJISFISMA
Connectivity (API, VPN, DX)
CJIS
Amazon EC2, Amazon S3, Amazon EBS, Amazon VPC, AWS Identity & Access Management (IAM), Amazon Redshift
![Page 3: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/3.jpg)
Secure the cloud, with the cloud
AWS securityprotection and
certification
Security features in the customer environment
Customer security and compliance
• Advanced security protection
• Enhanced auditability• FedRAMP• FISMA• DoD RMF• Financial reporting• Healthcare/life
sciences• Local requirements
Amazon Inspector AWS WAF AWS Config
Rules
Identity management
Access control
Usage auditing
Key storage
Monitoring and logs
![Page 4: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/4.jpg)
Security assurance programs: FedRAMP
AWS GovCloud (US)
FedRAMP-Mod
FIPS 140-2US Persons
EC2 | S3 | EBS | VPC | IAM | Amazon Redshift
Inherited:MAMPPA
FedRAMP continuous monitoring
3 AWS FedRAMP packages
AWS FedRAMP SSP template
Agency authorization requirements
https://aws.amazon.com/solutions/case-studies/finra/ https://aws.amazon.com/compliance/fedramp/
![Page 5: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/5.jpg)
Security assurance programs: DoD SRG
AWS GovCloud (US)
SRG Level 4
FIPS 140-2US Persons
FedRAMP continuous monitoring
AWS FedRAMP package
AWS FedRAMP SSP template
DFARS
Inherited:MAMPPAEC2 | S3 | EBS | VPC | IAM
Agency authorization requirements
https://aws.amazon.com/government-education/defense/ https://aws.amazon.com/compliance/dod/
![Page 6: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/6.jpg)
Security assurance programs: CJIS
AWS GovCloud (US)
FIPS 140-2US Persons
CJIS Security Policy v5.5
CJIS Security Policy Workbook
FedRAMP Assessments
Inherited:MAMPPAEC2 | S3 | EBS | VPC | IAM | Amazon Redshift
Agency Authorization Requirements
https://aws.amazon.com/blogs/publicsector/cjis/
CJIS
https://aws.amazon.com/compliance/cjis
![Page 7: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/7.jpg)
NIST 800-171
• Confidentiality of CUI• 14 control families, 109 requirements• Maps to 131 NIST 800-53r4 controls
https://blogs.aws.amazon.com/security/post/Tx115XWF9J5G4MM/Need-NIST-Compliance-in-the-AWS-Cloud-AWS-Compliance-Has-You-Covered-NIST-800-171
![Page 8: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/8.jpg)
IRS Pub 1075
Mandatory FTI Req’t for Cloud ResponsibilityNotification of use Customer
Data isolation AWS/Customer
SLA Customer
Encryption in transit AWS/Customer
Encryption at rest AWS/Customer
Data deletion AWS/Customer
Risk assessment AWS/Customer
Security controls AWS/Customer
http://aws.amazon.com/compliance/irs-1075/
![Page 9: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/9.jpg)
Security Assurance Links
https://aws.amazon.com/compliancehttps://aws.amazon.com/securityhttps://aws.amazon.com/compliance/fedramphttps://aws.amazon.com/compliance/dodhttps://aws.amazon.com/compliance/resources https://aws.amazon.com/govcloud-ushttps://aws.amazon.com/documentation
[email protected]://aws.amazon.com/compliancehttps://aws.amazon.com/professional-services/enterprise-accelerators/compliance-jumpstart/
![Page 10: AWS GovCloud (US) for Highly Regulated Workloads | AWS Public Sector Summit 2016](https://reader030.fdocuments.net/reader030/viewer/2022020410/58d186341a28ab29318b4f79/html5/thumbnails/10.jpg)
Thank you!