Skip to content
Pablo Rodriguez

Ensuring Compliance

Working to Ensure Compliance

Section titled “Working to Ensure Compliance”

  • AWS compliance programs

    • Customers subject to many different security and compliance regulations
    • AWS engages with certifying bodies and independent auditors
    • Provides detailed information about policies, processes, and controls
    • Compliance programs categorized as:
      • Certifications and attestations
        • Assessed by third-party, independent auditor
        • Examples: ISO 27001, 27017, 27018, and ISO/IEC 9001
      • Laws, regulations, and privacy
        • AWS provides security features and legal agreements to support compliance
        • Examples: EU General Data Protection Regulation (GDPR), HIPAA
      • Alignments and frameworks
        • Industry or function-specific security/compliance requirements
        • Examples: Center for Internet Security (CIS), EU-US Privacy Shield

  • AWS Config

    • Assess, audit, and evaluate configurations of AWS resources
    • Use for continuous monitoring of configurations
    • Automatically evaluate recorded configurations versus desired configurations
    • Review configuration changes
    • View detailed configuration histories
    • Simplify compliance auditing and security analysis
    • Regional service
      • To track resources across Regions, enable in every Region used
      • Offers aggregator feature for multi-Region and multi-account view

  • AWS Artifact

    • Resource for compliance-related information
    • Provides access to security/compliance reports and select online agreements
    • Example downloads:
      • AWS ISO certifications
      • Payment Card Industry (PCI) reports
      • Service Organization Control (SOC) reports
    • Access directly from AWS Management Console
      • Under Security, Identity & Compliance, click Artifact
    • Can also review, accept, track status of AWS agreements
      • Example: Business Associate Agreement (BAA) for HIPAA compliance
    • Can accept agreements on behalf of multiple accounts using AWS Organizations

AWS offers robust compliance tools and programs to help customers meet regulatory requirements. Config provides continuous configuration assessment, while Artifact offers access to compliance documentation, together enabling organizations to maintain and demonstrate adherence to various global standards.