cloud security compliance

Amazon Web Service Logo

The AWS Compliance Program helps customers to understand the robust controls in place at AWS to maintain security and compliance in the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance Enablers build on traditional programs, helping customers to establish and operate in an AWS security control environment.

IT standards we comply with are broken out by Certifications and Attestations; Laws, Regulations and Privacy; and Alignments and Frameworks. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance. AWS customers remain responsible for complying with applicable compliance laws, regulations and privacy programs. Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function.

Cloud Security Alliance Controls

CSA

Cloud Security Alliance Controls

International Organization for Standardization: 9001

ISO 9001

Global Quality
Standard

International Organization for Standardization: 27001

ISO 27001

Security
Management
Controls

International Organization for Standardization: 27017

ISO 27017

Cloud Specific
Controls

International Organization for Standardization: 27018

ISO 27018

Personal Data
Protection

PCI Security Standards Council

pci dss level 1

payment card
standard

SOC 1

soc 1

audit controls
report

SOC 2

soc 2

security, availability,
& confidentiality report

SOC 3

soc 3

general controls
report

Criminal Justice Information Systems

cjis

criminal justice
information services

Department of Defense

DoD SRG

department of
defense data processing

fedRAMP

FedRAMP

government data
standards

Department of Education

ferpa

educational privacy
act

FIPS Cryptography

fips

government
security standards

FISMA

fisma

federal information
security management

GxP

GxP

quality guidelines
and regulations

HIPAA

hipaa

protected health
information

Health Information Trust Alliance Common Security Framework

hitrust csf

Health Information
Trust Alliance
Common Security
Framework

Internation Arms Regulations

ITAR

Internation Arms
Regulations

Protected Media Content

MPAA

Protected Media
Content

National Institute of Standards and Technology

NIST

National Institute of
Standards and
Technology

Canada's Federal Private Sector Privacy Legislation

pipeda

Canada’s Federal
Private Sector
Privacy Legislation

SEC Rule 17a-4(f)

SEC Rule 17a-
4(f)

Financial Data
Standards

VPAT/Section 508

VPAT / Section
508

Accessibility
Standards

Refer A Friend
COVID-19 Update
COVID-19